x-kom hosting

Zamulony komputer przez wirusy

pepisvx
utworzono
utworzono

Witam

Borykam sie z problemem na moim kompie

Win xp sp3
log z hj:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:16, on 2009-12-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E43FBE7-3F21-4A72-8D0A-D84CC7406778}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8721 bytes






Bardzo proszę o analizę i ew pomoc jak walczyć z tym. Avast wykrywa mi ciagle jakies wirusy (wiem, że nie jest to najlepszy program ale zwyczajmnie ie stać mnie na inny a nie znam lepszego darmowego)


w tej chwili zabieram sie za skan kasperkim online


z gory dziekuje za pomoc

Gość
komentarz
komentarz

[quote]
Avast wykrywa mi ciagle jakies wirusy
[/quote]
Lokalizacja?

[quote]
(wiem, że nie jest to najlepszy program ale zwyczajmnie ie stać mnie na inny a nie znam lepszego darmowego)
[/quote]
Avira? ;)

Log czysty.

Daj log z OTL'a: http://www.forumpc.pl/index.php?showtopic=104338

pepisvx
komentarz
komentarz

Witam

Uruchomiłem skanowanie Avastem te przed uruchomieniem Windy i usunołem mase plików .exe z poziomu: documents and settings
C:\Documents and Settings\Właściciel\Dane aplikacji\erpogs.exe <---- to jest przykładowy a jest ich mase

w/g Avasta jest to:

win32: malware-gen


jestem w trakcie usuwania avasta i instalki aviry

Gość
komentarz
komentarz

Gdzie log z OTL'a?

pepisvx
komentarz
komentarz

[log] OTL logfile created on: 2009-12-03 11:37:29 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

447,36 Mb Total Physical Memory | 70,77 Mb Available Physical Memory | 15,82% Memory free
1,03 Gb Paging File | 0,58 Gb Available in Paging File | 56,20% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 14,19 Gb Free Space | 58,10% Space Free | Partition Type: NTFS
Drive D: | 50,11 Gb Total Space | 44,33 Gb Free Space | 88,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GLOWNY
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-09-10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-26 09:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 18:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 18:21:48 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 18:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 18:21:42 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 18:21:38 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 18:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:21:12 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dumprep.exe
PRC - [2008-04-14 18:21:10 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 18:21:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 18:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007-01-15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005-10-24 07:45:16 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-11-02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
MOD - [2009-08-29 08:58:22 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-08-29 08:58:21 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2009-08-29 08:58:16 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-01-07 17:20:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 21:50:48 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 18:21:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 18:20:57 | 00,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll
MOD - [2008-04-14 18:20:57 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 18:20:57 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 18:20:56 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 18:20:56 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 18:20:56 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 18:20:47 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 18:20:45 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 18:20:44 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 18:20:44 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 18:20:44 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 18:20:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 18:20:41 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 18:20:39 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 18:20:38 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2008-04-14 18:20:36 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 18:20:32 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-14 18:20:32 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 18:12:58 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\riqmjqch.sys -- (riqmjqch)
DRV - [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008-04-13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-08 05:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007-03-08 05:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007-03-08 05:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006-11-02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-10-26 09:08:26 | 03,786,944 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-10-17 03:31:00 | 03,530,880 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-08-12 07:31:12 | 00,098,432 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-07-29 10:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-07-29 10:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-03-09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\S-1-5-21-861567501-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"


[2007-08-29 11:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\90m3yl7l.default\extensions
[2007-08-30 15:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-08-29 11:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007-02-20 15:15:00 | 02,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-57989841-839522115-1003\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe ()
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe ()
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\erpogs.exe) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\oynnuf.exe) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - ("C:\Documents and Settings\Właściciel\jfjqdjl.exe") - C:\Documents and Settings\Właściciel\jfjqdjl.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0630c066-23ed-11dd-b610-001617852782}\Shell\verb1\command - "" = UCX.EXE
O33 - MountPoints2\{09501108-7ee5-11dc-b4b4-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{0cb708eb-4477-11de-b78a-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{0cb708eb-4477-11de-b78a-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{1484b050-04dc-11de-b737-001617852782}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{1484b050-04dc-11de-b737-001617852782}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{1cff901a-5fa1-11dc-b45d-001617852782}\Shell\verb1\command - "" = UCX.EXE
O33 - MountPoints2\{317b01f9-3c6f-11de-b77b-001617852782}\Shell\AutoRun\command - "" = F:\d1vmq.exe -- File not found
O33 - MountPoints2\{317b01f9-3c6f-11de-b77b-001617852782}\Shell\open\Command - "" = F:\d1vmq.exe -- File not found
O33 - MountPoints2\{329d5520-fa24-11db-b2dc-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{329d5520-fa24-11db-b2dc-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{4157d4b2-2725-11dd-b614-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{526eb5d6-d8a1-11dc-b579-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\AutoRun\command - "" = F:\2ifetri.cmd -- File not found
O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\explore\Command - "" = F:\2ifetri.cmd -- File not found
O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\open\Command - "" = F:\2ifetri.cmd -- File not found
O33 - MountPoints2\{73189920-d589-11dc-b573-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{82ba3c3e-3e81-11dc-b3c3-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\AutoRun\command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\explore\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\open\Command - "" = 1u0o8bnq.cmd
O33 - MountPoints2\{84d87091-fe13-11db-b2e3-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{87b5825c-28a1-11dc-b353-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{8fd64120-bb85-11dc-b52a-001617852782}\Shell\verb1\command - "" = UCX.EXE
O33 - MountPoints2\{927d298a-36ea-11dd-b628-001617852782}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{9c7bba09-1b5a-11dd-b603-001617852782}\Shell\verb1\command - "" = UCX.EXE
O33 - MountPoints2\{c68529c8-362a-11dd-b626-001617852782}\Shell - "" = AutoRun
O33 - MountPoints2\{ca71670a-e1f6-11dc-b59c-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{ca71670a-e1f6-11dc-b59c-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{febaef4c-46ba-11de-b78d-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{febaef4c-46ba-11de-b78d-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-02-21 15:14:25 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-12-03 10:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes
[2009-12-03 10:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-03 10:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-12-03 10:22:47 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe
[2009-12-03 10:05:50 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2009-12-03 09:38:19 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-12-03 09:38:18 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-12-03 09:38:17 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-12-03 09:38:11 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-12-03 09:38:10 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-12-03 09:38:10 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-12-03 09:38:09 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-12-03 09:38:09 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-12-03 09:37:21 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-12-01 14:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-12-01 14:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\Nowy folder (2)
[2009-12-01 14:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-11-18 14:15:57 | 26,204,720 | ---- | C] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ]
[1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-12-03 10:37:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-03 10:36:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-03 10:36:20 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-03 10:35:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-03 10:34:41 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT
[2009-12-03 10:34:41 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini
[2009-12-03 10:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-12-03 10:23:47 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe
[2009-12-03 10:19:52 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe
[2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2009-12-03 09:38:21 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-12-03 09:38:09 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-12-03 09:29:13 | 41,387,464 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe
[2009-12-02 16:56:31 | 00,000,520 | ---- | M] () -- d:\Moje dokumenty\spider.sav
[2009-12-02 09:19:11 | 00,020,992 | ---- | M] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc
[2009-12-01 14:02:49 | 00,140,800 | ---- | M] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc
[2009-11-30 14:47:37 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc
[2009-11-26 10:01:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-11-25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-11-25 00:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-11-25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-11-24 15:05:11 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2009-11-21 08:16:59 | 00,772,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-21 08:16:59 | 00,359,032 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-21 08:16:59 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-21 08:16:59 | 00,050,952 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-21 08:16:59 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-18 14:25:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-11-18 14:23:15 | 26,204,720 | ---- | M] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe
[2009-11-13 16:36:40 | 00,026,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-12 10:40:14 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys
[2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat
[2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\Documents and Settings\Właściciel\secupdat.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ]
[1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-12-03 10:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-12-03 10:11:02 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe
[2009-12-03 09:38:21 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-12-03 09:37:21 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-12-03 09:18:28 | 41,387,464 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe
[2009-12-02 09:19:11 | 00,020,992 | ---- | C] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc
[2009-12-01 14:02:48 | 00,140,800 | ---- | C] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc
[2009-11-30 13:42:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc
[2009-11-18 14:25:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-11-07 08:22:31 | 00,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys
[2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat
[2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\Documents and Settings\Właściciel\secupdat.dat
[2009-03-14 10:01:42 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-04-01 14:15:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2008-04-01 14:13:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-12-14 15:55:29 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2007-12-06 13:21:03 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI
[2007-10-11 15:00:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007-02-27 17:04:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2007-02-22 14:37:45 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-02-22 14:37:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-02-21 16:04:02 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-21 15:55:09 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007-02-21 15:40:53 | 00,001,987 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007-02-21 15:37:14 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007-02-21 15:37:07 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006-03-02 13:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2005-10-17 03:31:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-10-17 03:31:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-10-17 03:31:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-10-17 03:31:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-10-17 03:31:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-10-17 03:31:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-10-17 03:31:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-01-16 09:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2008-01-02 16:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu
[2007-05-18 11:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Inkscape
[2009-05-29 16:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu
[2009-05-29 13:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
[2009-07-15 09:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera
[2009-07-15 14:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung
[2009-05-28 13:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TeamViewer

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2007-02-21 15:14:54 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-02-21 15:09:25 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2006-03-02 13:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2007-02-21 15:14:54 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-12-13 16:05:17 | 00,434,691 | ---- | M] () -- C:\hpfr5100.log
[2007-02-21 15:14:54 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-02-21 15:14:54 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-20 08:33:06 | 00,251,152 | RHS- | M] () -- C:\ntldr
[2009-12-03 10:35:50 | 70,464,3072 | -HS- | M] () -- C:\pagefile.sys
[2007-11-03 09:52:41 | 00,000,734 | ---- | M] () -- C:\pld-cert.cer
[2008-01-10 13:35:49 | 00,000,835 | ---- | M] () -- C:\record.mrc

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 346832 bytes -> C:\WINDOWS\Temp:temp
< End of report >
[/log]


oto log

Gość
komentarz
komentarz

Uruchom OTL i w oknie [b]Custom Scans/Fixes[/b] wklej to co jest podanej na tej stronce:

http://wklej.org/id/223477/

Następnie uruchom OTL ponownie, tym razem wywołaj opcję [b][color=blue]Run Scan[/b][/color].
Pokaż nowy log OTL.txt oraz log z czyszczenia.


.

pepisvx
komentarz
komentarz

[log] OTL logfile created on: 2009-12-03 13:44:01 - Run 2
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

447,36 Mb Total Physical Memory | 89,78 Mb Available Physical Memory | 20,07% Memory free
1,03 Gb Paging File | 0,58 Gb Available in Paging File | 56,35% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 14,39 Gb Free Space | 58,96% Space Free | Partition Type: NTFS
Drive D: | 50,11 Gb Total Space | 44,33 Gb Free Space | 88,47% Space Free | Partition Type: NTFS
Drive E: | 575,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 476,10 Mb Total Space | 421,47 Mb Free Space | 88,52% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GLOWNY
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-28 10:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-02-26 09:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 18:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 18:21:48 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 18:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT]
PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 18:21:42 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 18:21:38 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 18:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008-04-14 18:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:21:10 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 18:21:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 18:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007-01-15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006-08-22 16:38:32 | 02,600,960 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\U3\0BE0EA607040B90F\Launchpad.exe
PRC - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005-10-24 07:45:16 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-11-02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003-08-06 21:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
MOD - [2009-08-29 08:58:22 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-08-29 08:58:21 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2009-08-29 08:58:16 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-01-07 17:20:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 21:50:48 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 18:21:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 18:20:57 | 00,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll
MOD - [2008-04-14 18:20:57 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 18:20:57 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 18:20:56 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 18:20:56 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 18:20:56 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 18:20:47 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 18:20:45 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 18:20:44 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 18:20:44 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 18:20:44 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 18:20:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 18:20:41 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 18:20:39 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 18:20:38 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2008-04-14 18:20:36 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 18:20:32 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-14 18:20:32 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 18:12:58 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\riqmjqch.sys -- (riqmjqch)
DRV - [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009-07-28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-08 05:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007-03-08 05:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007-03-08 05:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006-11-02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-10-26 09:08:26 | 03,786,944 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-10-17 03:31:00 | 03,530,880 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-08-12 07:31:12 | 00,098,432 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-07-29 10:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-07-29 10:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-03-09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\S-1-5-21-861567501-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"


[2007-08-29 11:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\90m3yl7l.default\extensions
[2007-08-30 15:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-08-29 11:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007-02-20 15:15:00 | 02,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-57989841-839522115-1003\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\erpogs.exe) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\oynnuf.exe) - File not found
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - ("C:\Documents and Settings\Właściciel\jfjqdjl.exe") - C:\Documents and Settings\Właściciel\jfjqdjl.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-03-02 13:00:00 | 00,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006-08-22 14:38:04 | 00,000,194 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bc5103c2-c1bc-11db-b279-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bc5103c2-c1bc-11db-b279-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006-03-02 13:00:00 | 02,584,576 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-12-03 12:01:50 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-12-03 11:52:22 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-12-03 11:52:22 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-12-03 11:52:21 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-12-03 11:52:21 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-12-03 11:52:20 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-12-03 11:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-12-03 11:52:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2009-12-03 10:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes
[2009-12-03 10:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-03 10:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-12-03 10:22:47 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe
[2009-12-03 10:05:50 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2009-12-01 14:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-12-01 14:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\Nowy folder (2)
[2009-12-01 14:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-11-18 14:15:57 | 26,204,720 | ---- | C] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe
[2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ]
[1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-12-03 13:32:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-03 13:31:51 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-03 13:31:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-03 13:31:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-03 13:30:09 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT
[2009-12-03 13:30:09 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini
[2009-12-03 12:05:05 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009-12-03 11:52:43 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-12-03 11:46:39 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-12-03 10:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-12-03 10:23:47 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe
[2009-12-03 10:19:52 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe
[2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2009-12-03 09:29:13 | 41,387,464 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe
[2009-12-02 16:56:31 | 00,000,520 | ---- | M] () -- d:\Moje dokumenty\spider.sav
[2009-12-02 09:19:11 | 00,020,992 | ---- | M] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc
[2009-12-01 14:02:49 | 00,140,800 | ---- | M] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc
[2009-11-30 14:47:37 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc
[2009-11-26 10:01:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-11-24 15:05:11 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2009-11-21 08:16:59 | 00,772,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-21 08:16:59 | 00,359,032 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-21 08:16:59 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-21 08:16:59 | 00,050,952 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-21 08:16:59 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-18 14:25:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-11-18 14:23:15 | 26,204,720 | ---- | M] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe
[2009-11-13 16:36:40 | 00,026,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-12 10:40:14 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys
[2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat
[2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\Documents and Settings\Właściciel\secupdat.dat
[2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ]
[1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-12-03 11:52:43 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-12-03 10:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-12-03 10:11:02 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe
[2009-12-03 09:18:28 | 41,387,464 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe
[2009-12-02 09:19:11 | 00,020,992 | ---- | C] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc
[2009-12-01 14:02:48 | 00,140,800 | ---- | C] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc
[2009-11-30 13:42:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc
[2009-11-18 14:25:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-11-07 08:22:31 | 00,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys
[2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat
[2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\Documents and Settings\Właściciel\secupdat.dat
[2009-03-14 10:01:42 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-04-01 14:15:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2008-04-01 14:13:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-12-14 15:55:29 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2007-12-06 13:21:03 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI
[2007-10-11 15:00:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007-02-27 17:04:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2007-02-22 14:37:45 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-02-22 14:37:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-02-21 16:04:02 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-21 15:55:09 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007-02-21 15:40:53 | 00,001,987 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007-02-21 15:37:14 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007-02-21 15:37:07 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006-03-02 13:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2005-10-17 03:31:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-10-17 03:31:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-10-17 03:31:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-10-17 03:31:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-10-17 03:31:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-10-17 03:31:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-10-17 03:31:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-01-16 09:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2008-01-02 16:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu
[2007-05-18 11:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Inkscape
[2009-12-03 11:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu
[2009-05-29 13:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
[2009-07-15 09:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera
[2009-07-15 14:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung
[2009-05-28 13:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TeamViewer

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[/log]

Log z OTL po operacji :)

Gość
komentarz
komentarz

Troche sie usuneło.
Daj log z ComboFixa: http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303

pepisvx
komentarz
komentarz

[log] ComboFix 09-12-02.07 - Właściciel 2009-12-03 14:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.447.173 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0065269158-7957739614-721962873-8475
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-5331651423-1512913438-155492587-8253
c:\recycler\S-1-5-21-5570439073-7082473101-414414142-6715
c:\recycler\S-1-5-21-6276358013-7340164801-240058672-9307
c:\windows\system32\AutoRun.inf
c:\windows\system32\secupdat.dat

Zainfekowana kopia c:\windows\system32\DRIVERS\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-03 do 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-03 11:01 . 2009-12-03 11:01 -------- d-----w- C:\_OTL
2009-12-03 10:52 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 10:52 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 10:52 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 10:52 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 10:52 . 2009-12-03 10:52 -------- d-----w- c:\program files\Avira
2009-12-03 10:52 . 2009-12-03 10:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-12-03 09:24 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 09:24 . 2009-12-03 09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 09:24 . 2009-12-03 09:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-12-03 09:24 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 13:31 . 2009-12-01 13:31 -------- d-----w- c:\program files\Trend Micro
2009-11-18 13:15 . 2009-11-18 13:23 26204720 ----a-w- c:\program files\AdbeRdr920_pl_PL.exe
2009-11-07 07:23 . 2009-11-07 07:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-07 07:22 . 2009-11-07 07:22 40128 ----a-w- c:\windows\system32\drivers\riqmjqch.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 07:16 . 2006-03-02 12:00 50952 ----a-w- c:\windows\system32\perfc015.dat
2009-11-21 07:16 . 2006-03-02 12:00 359032 ----a-w- c:\windows\system32\perfh015.dat
2009-11-18 13:25 . 2007-02-21 14:48 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 15:12 . 2009-10-29 14:35 -------- d-----w- c:\program files\IPSPI
2009-10-27 15:30 . 2009-02-05 13:02 -------- d-----w- c:\program files\ALLPlayer
2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2004-10-01 14:00 . 2007-02-21 14:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe sleep" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-17 7307264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-17 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-17 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-24 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Wˆa˜ciciel\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-11 344064]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\explorer.exe"=

R0 riqmjqch;riqmjqch;c:\windows\system32\drivers\riqmjqch.sys [2009-11-07 40128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-03 108289]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - rrqwskwf

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'

2008-01-22 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4E43FBE7-3F21-4A72-8D0A-D84CC7406778} = 194.204.159.1,194.204.152.34
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 14:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB969947]
@DACL=(02 0000)
"DisplayName"="Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB969947$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20091112"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=969947"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Aktualizacje oprogramowania"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB969947"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB973687]
@DACL=(02 0000)
"DisplayName"="Aktualizacja dla systemu Windows XP (KB973687)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB973687$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20091126"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=973687"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Aktualizacje oprogramowania"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB973687"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2]
@DACL=(02 0000)
"DisplayName"="Poprawka dla systemu Windows XP (KB976098-v2)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB976098-v2$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20091126"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=976098"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="2"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Aktualizacje oprogramowania"
"ReleaseType"="Hotfix"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB976098-v2"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-03 14:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-12-03 13:24

Przed: 15 376 896 000 bajtów wolnych
Po: 15 341 551 616 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4BABEF6841E0D9CDFF86F8A4126759FB
[/log]


ComboFix

Gość
komentarz
komentarz

Wklej do [b]Notatnika[/b]:
[code]
KillAll::

File::
c:\windows\system32\drivers\riqmjqch.sys
c:\windows\Tasks\Norton Security Scan.job

Driver::
SetupNTGLM7X
riqmjqch

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch. sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch.sys]

Folder::
C:\_OTL
[/code]
[b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b]
Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color="blue"]-->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Rozpocznie się usuwanie i powstanie log.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.