pepisvx utworzono 1 grudnia 2009 utworzono 1 grudnia 2009 Witam Borykam sie z problemem na moim kompie Win xp sp3 log z hj: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:32:16, on 2009-12-01 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashAvast.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E43FBE7-3F21-4A72-8D0A-D84CC7406778}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8721 bytes Bardzo proszę o analizę i ew pomoc jak walczyć z tym. Avast wykrywa mi ciagle jakies wirusy (wiem, że nie jest to najlepszy program ale zwyczajmnie ie stać mnie na inny a nie znam lepszego darmowego) w tej chwili zabieram sie za skan kasperkim online z gory dziekuje za pomoc
Gość komentarz 1 grudnia 2009 komentarz 1 grudnia 2009 [quote] Avast wykrywa mi ciagle jakies wirusy [/quote] Lokalizacja? [quote] (wiem, że nie jest to najlepszy program ale zwyczajmnie ie stać mnie na inny a nie znam lepszego darmowego) [/quote] Avira? Log czysty. Daj log z OTL'a: http://www.forumpc.pl/index.php?showtopic=104338
pepisvx komentarz 3 grudnia 2009 Autor komentarz 3 grudnia 2009 Witam Uruchomiłem skanowanie Avastem te przed uruchomieniem Windy i usunołem mase plików .exe z poziomu: documents and settings C:\Documents and Settings\Właściciel\Dane aplikacji\erpogs.exe <---- to jest przykładowy a jest ich mase w/g Avasta jest to: win32: malware-gen jestem w trakcie usuwania avasta i instalki aviry
pepisvx komentarz 3 grudnia 2009 Autor komentarz 3 grudnia 2009 [log] OTL logfile created on: 2009-12-03 11:37:29 - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Właściciel\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,36 Mb Total Physical Memory | 70,77 Mb Available Physical Memory | 15,82% Memory free 1,03 Gb Paging File | 0,58 Gb Available in Paging File | 56,20% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 14,19 Gb Free Space | 58,10% Space Free | Partition Type: NTFS Drive D: | 50,11 Gb Total Space | 44,33 Gb Free Space | 88,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GLOWNY Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-09-10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-02-26 09:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 18:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 18:21:48 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 18:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 18:21:42 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 18:21:38 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 18:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 18:21:12 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dumprep.exe PRC - [2008-04-14 18:21:10 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 18:21:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 18:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007-01-15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe PRC - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-10-24 07:45:16 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2004-11-02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe MOD - [2009-08-29 08:58:22 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-08-29 08:58:21 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2009-08-29 08:58:16 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-01-07 17:20:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 18:21:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 18:20:57 | 00,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2008-04-14 18:20:57 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 18:20:57 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 18:20:56 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 18:20:56 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 18:20:56 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 18:20:47 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 18:20:45 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 18:20:44 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 18:20:44 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 18:20:44 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 18:20:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 18:20:41 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 18:20:39 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 18:20:38 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2008-04-14 18:20:36 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 18:20:32 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 18:20:32 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 18:12:58 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\riqmjqch.sys -- (riqmjqch) DRV - [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2008-04-13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007-03-08 05:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2007-03-08 05:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2007-03-08 05:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006-11-02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2005-10-26 09:08:26 | 03,786,944 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-10-17 03:31:00 | 03,530,880 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-08-12 07:31:12 | 00,098,432 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005-07-29 10:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005-07-29 10:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005-03-09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\S-1-5-21-861567501-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" [2007-08-29 11:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\90m3yl7l.default\extensions [2007-08-30 15:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007-08-29 11:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-02-20 15:15:00 | 02,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-861567501-57989841-839522115-1003\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe () O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe () O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\erpogs.exe) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\oynnuf.exe) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - ("C:\Documents and Settings\Właściciel\jfjqdjl.exe") - C:\Documents and Settings\Właściciel\jfjqdjl.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0630c066-23ed-11dd-b610-001617852782}\Shell\verb1\command - "" = UCX.EXE O33 - MountPoints2\{09501108-7ee5-11dc-b4b4-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{0cb708eb-4477-11de-b78a-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{0cb708eb-4477-11de-b78a-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{1484b050-04dc-11de-b737-001617852782}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{1484b050-04dc-11de-b737-001617852782}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{1cff901a-5fa1-11dc-b45d-001617852782}\Shell\verb1\command - "" = UCX.EXE O33 - MountPoints2\{317b01f9-3c6f-11de-b77b-001617852782}\Shell\AutoRun\command - "" = F:\d1vmq.exe -- File not found O33 - MountPoints2\{317b01f9-3c6f-11de-b77b-001617852782}\Shell\open\Command - "" = F:\d1vmq.exe -- File not found O33 - MountPoints2\{329d5520-fa24-11db-b2dc-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{329d5520-fa24-11db-b2dc-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{4157d4b2-2725-11dd-b614-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{526eb5d6-d8a1-11dc-b579-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\AutoRun\command - "" = F:\2ifetri.cmd -- File not found O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\explore\Command - "" = F:\2ifetri.cmd -- File not found O33 - MountPoints2\{62ed6d6a-057f-11de-b738-001617852782}\Shell\open\Command - "" = F:\2ifetri.cmd -- File not found O33 - MountPoints2\{73189920-d589-11dc-b573-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{82ba3c3e-3e81-11dc-b3c3-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\AutoRun\command - "" = 1u0o8bnq.cmd O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\explore\Command - "" = 1u0o8bnq.cmd O33 - MountPoints2\{845aeec9-951d-11dd-b6a2-001617852782}\Shell\open\Command - "" = 1u0o8bnq.cmd O33 - MountPoints2\{84d87091-fe13-11db-b2e3-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{87b5825c-28a1-11dc-b353-001617852782}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{8fd64120-bb85-11dc-b52a-001617852782}\Shell\verb1\command - "" = UCX.EXE O33 - MountPoints2\{927d298a-36ea-11dd-b628-001617852782}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{9c7bba09-1b5a-11dd-b603-001617852782}\Shell\verb1\command - "" = UCX.EXE O33 - MountPoints2\{c68529c8-362a-11dd-b626-001617852782}\Shell - "" = AutoRun O33 - MountPoints2\{ca71670a-e1f6-11dc-b59c-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{ca71670a-e1f6-11dc-b59c-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{febaef4c-46ba-11de-b78d-001617852782}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O33 - MountPoints2\{febaef4c-46ba-11de-b78d-001617852782}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-02-21 15:14:25 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-03 10:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes [2009-12-03 10:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-12-03 10:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-12-03 10:22:47 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe [2009-12-03 10:05:50 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe [2009-12-03 09:38:19 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-12-03 09:38:18 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-12-03 09:38:17 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-12-03 09:38:11 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-12-03 09:38:10 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-12-03 09:38:10 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-12-03 09:38:09 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-12-03 09:38:09 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-12-03 09:37:21 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-12-01 14:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-12-01 14:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\Nowy folder (2) [2009-12-01 14:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-11-18 14:15:57 | 26,204,720 | ---- | C] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ] [1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-03 10:37:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-12-03 10:36:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-12-03 10:36:20 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-12-03 10:35:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-12-03 10:34:41 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT [2009-12-03 10:34:41 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini [2009-12-03 10:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-03 10:23:47 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe [2009-12-03 10:19:52 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe [2009-12-03 09:38:21 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-12-03 09:38:09 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-12-03 09:29:13 | 41,387,464 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe [2009-12-02 16:56:31 | 00,000,520 | ---- | M] () -- d:\Moje dokumenty\spider.sav [2009-12-02 09:19:11 | 00,020,992 | ---- | M] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc [2009-12-01 14:02:49 | 00,140,800 | ---- | M] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc [2009-11-30 14:47:37 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc [2009-11-26 10:01:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-11-25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-11-25 00:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-11-25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-11-24 15:05:11 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-11-21 08:16:59 | 00,772,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-21 08:16:59 | 00,359,032 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-11-21 08:16:59 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-11-21 08:16:59 | 00,050,952 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-11-21 08:16:59 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-11-18 14:25:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-11-18 14:23:15 | 26,204,720 | ---- | M] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe [2009-11-13 16:36:40 | 00,026,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-12 10:40:14 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys [2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat [2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\Documents and Settings\Właściciel\secupdat.dat [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ] [1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-03 10:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-03 10:11:02 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe [2009-12-03 09:38:21 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-12-03 09:37:21 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009-12-03 09:18:28 | 41,387,464 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe [2009-12-02 09:19:11 | 00,020,992 | ---- | C] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc [2009-12-01 14:02:48 | 00,140,800 | ---- | C] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc [2009-11-30 13:42:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc [2009-11-18 14:25:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-11-07 08:22:31 | 00,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys [2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat [2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\Documents and Settings\Właściciel\secupdat.dat [2009-03-14 10:01:42 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008-04-01 14:15:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2008-04-01 14:13:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-12-14 15:55:29 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2007-12-06 13:21:03 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI [2007-10-11 15:00:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007-02-27 17:04:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2007-02-22 14:37:45 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-02-22 14:37:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-02-21 16:04:02 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-02-21 15:55:09 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2007-02-21 15:40:53 | 00,001,987 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2007-02-21 15:37:14 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007-02-21 15:37:07 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2006-03-02 13:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2005-10-17 03:31:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005-10-17 03:31:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005-10-17 03:31:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005-10-17 03:31:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005-10-17 03:31:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005-10-17 03:31:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005-10-17 03:31:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009-01-16 09:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2008-01-02 16:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu [2007-05-18 11:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Inkscape [2009-05-29 16:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu [2009-05-29 13:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM [2009-07-15 09:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera [2009-07-15 14:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung [2009-05-28 13:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TeamViewer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007-02-21 15:09:25 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2006-03-02 13:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-12-13 16:05:17 | 00,434,691 | ---- | M] () -- C:\hpfr5100.log [2007-02-21 15:14:54 | 00,000,000 | RHS- | M] () -- C:\IO.SYS [2007-02-21 15:14:54 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006-03-02 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-10-20 08:33:06 | 00,251,152 | RHS- | M] () -- C:\ntldr [2009-12-03 10:35:50 | 70,464,3072 | -HS- | M] () -- C:\pagefile.sys [2007-11-03 09:52:41 | 00,000,734 | ---- | M] () -- C:\pld-cert.cer [2008-01-10 13:35:49 | 00,000,835 | ---- | M] () -- C:\record.mrc [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 346832 bytes -> C:\WINDOWS\Temp:temp < End of report > [/log] oto log
Gość komentarz 3 grudnia 2009 komentarz 3 grudnia 2009 Uruchom OTL i w oknie [b]Custom Scans/Fixes[/b] wklej to co jest podanej na tej stronce: http://wklej.org/id/223477/ Następnie uruchom OTL ponownie, tym razem wywołaj opcję [b][color=blue]Run Scan[/b][/color]. Pokaż nowy log OTL.txt oraz log z czyszczenia. .
pepisvx komentarz 3 grudnia 2009 Autor komentarz 3 grudnia 2009 [log] OTL logfile created on: 2009-12-03 13:44:01 - Run 2 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Właściciel\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,36 Mb Total Physical Memory | 89,78 Mb Available Physical Memory | 20,07% Memory free 1,03 Gb Paging File | 0,58 Gb Available in Paging File | 56,35% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 14,39 Gb Free Space | 58,96% Space Free | Partition Type: NTFS Drive D: | 50,11 Gb Total Space | 44,33 Gb Free Space | 88,47% Space Free | Partition Type: NTFS Drive E: | 575,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 476,10 Mb Total Space | 421,47 Mb Free Space | 88,52% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GLOWNY Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-28 10:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-02-26 09:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 18:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 18:21:48 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 18:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 18:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 18:21:42 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 18:21:38 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 18:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 18:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 18:21:10 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 18:21:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 18:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007-01-15 12:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe PRC - [2006-08-22 16:38:32 | 02,600,960 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\U3\0BE0EA607040B90F\Launchpad.exe PRC - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-10-24 07:45:16 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2004-11-02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe PRC - [2003-08-06 21:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe MOD - [2009-08-29 08:58:22 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-08-29 08:58:21 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2009-08-29 08:58:16 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-01-07 17:20:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 18:21:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 18:20:57 | 00,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2008-04-14 18:20:57 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 18:20:57 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 18:20:56 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 18:20:56 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 18:20:56 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 18:20:47 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 18:20:45 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 18:20:44 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 18:20:44 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 18:20:44 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 18:20:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 18:20:41 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 18:20:39 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 18:20:38 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2008-04-14 18:20:36 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 18:20:32 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 18:20:32 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 18:12:58 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005-10-17 03:31:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\riqmjqch.sys -- (riqmjqch) DRV - [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009-07-28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-04-13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007-03-08 05:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2007-03-08 05:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2007-03-08 05:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006-11-02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2005-10-26 09:08:26 | 03,786,944 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-10-17 03:31:00 | 03,530,880 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-08-12 07:31:12 | 00,098,432 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005-07-29 10:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005-07-29 10:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005-03-09 07:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-861567501-57989841-839522115-1003\S-1-5-21-861567501-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" [2007-08-29 11:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\90m3yl7l.default\extensions [2007-08-30 15:07:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007-08-29 11:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-02-20 15:15:00 | 02,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\S-1-5-21-861567501-57989841-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-861567501-57989841-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-861567501-57989841-839522115-1003\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172139106562 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe) - C:\RECYCLER\S-1-5-21-6276358013-7340164801-240058672-9307\windll.exe File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\erpogs.exe) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (C:\Documents) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (and) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (Settings\Właściciel\Dane) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (aplikacji\oynnuf.exe) - File not found O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-861567501-57989841-839522115-1003 Winlogon: Shell - ("C:\Documents and Settings\Właściciel\jfjqdjl.exe") - C:\Documents and Settings\Właściciel\jfjqdjl.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-02-21 15:14:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-03-02 13:00:00 | 00,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2006-08-22 14:38:04 | 00,000,194 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{bc5103c2-c1bc-11db-b279-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{bc5103c2-c1bc-11db-b279-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006-03-02 13:00:00 | 02,584,576 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-03 12:01:50 | 00,000,000 | ---D | C] -- C:\_OTL [2009-12-03 11:52:22 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009-12-03 11:52:22 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009-12-03 11:52:21 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-12-03 11:52:21 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009-12-03 11:52:20 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009-12-03 11:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009-12-03 11:52:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2009-12-03 10:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes [2009-12-03 10:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-12-03 10:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-12-03 10:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-12-03 10:22:47 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe [2009-12-03 10:05:50 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe [2009-12-01 14:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-12-01 14:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\Nowy folder (2) [2009-12-01 14:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-11-18 14:15:57 | 26,204,720 | ---- | C] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe [2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ] [1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-03 13:32:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-12-03 13:31:51 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-12-03 13:31:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-12-03 13:31:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-12-03 13:30:09 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT [2009-12-03 13:30:09 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini [2009-12-03 12:05:05 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2009-12-03 11:52:43 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-12-03 11:46:39 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-12-03 10:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-03 10:23:47 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup.exe [2009-12-03 10:19:52 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe [2009-12-03 10:05:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe [2009-12-03 09:29:13 | 41,387,464 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe [2009-12-02 16:56:31 | 00,000,520 | ---- | M] () -- d:\Moje dokumenty\spider.sav [2009-12-02 09:19:11 | 00,020,992 | ---- | M] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc [2009-12-01 14:02:49 | 00,140,800 | ---- | M] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc [2009-11-30 14:47:37 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc [2009-11-26 10:01:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-11-24 15:05:11 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-11-21 08:16:59 | 00,772,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-21 08:16:59 | 00,359,032 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-11-21 08:16:59 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-11-21 08:16:59 | 00,050,952 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-11-21 08:16:59 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-11-18 14:25:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-11-18 14:23:15 | 26,204,720 | ---- | M] ( ) -- C:\Program Files\AdbeRdr920_pl_PL.exe [2009-11-13 16:36:40 | 00,026,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-12 10:40:14 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-11-07 08:22:31 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys [2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat [2009-11-07 08:21:50 | 00,042,496 | -H-- | M] () -- C:\Documents and Settings\Właściciel\secupdat.dat [2 C:\Documents and Settings\Właściciel\Pulpit\*.tmp files -> C:\Documents and Settings\Właściciel\Pulpit\*.tmp -> ] [1 d:\Moje dokumenty\*.tmp files -> d:\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-03 11:52:43 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-12-03 10:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-03 10:11:02 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\avira_antivir_personal_en.exe [2009-12-03 09:18:28 | 41,387,464 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\setuppol.exe [2009-12-02 09:19:11 | 00,020,992 | ---- | C] () -- d:\Moje dokumenty\Informacja Turystyczna zestawienie finansowe.doc [2009-12-01 14:02:48 | 00,140,800 | ---- | C] () -- d:\Moje dokumenty\KARTA EWIDENCJI PRACYgrudzień 2009.doc [2009-11-30 13:42:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Piotr Linek.doc [2009-11-18 14:25:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-11-07 08:22:31 | 00,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\riqmjqch.sys [2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat [2009-11-07 08:21:50 | 00,042,496 | -H-- | C] () -- C:\Documents and Settings\Właściciel\secupdat.dat [2009-03-14 10:01:42 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008-04-01 14:15:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2008-04-01 14:13:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-12-14 15:55:29 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2007-12-06 13:21:03 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI [2007-10-11 15:00:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007-02-27 17:04:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2007-02-22 14:37:45 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-02-22 14:37:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-02-21 16:04:02 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-02-21 15:55:09 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2007-02-21 15:40:53 | 00,001,987 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2007-02-21 15:37:14 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007-02-21 15:37:07 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2006-03-02 13:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2005-10-17 03:31:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005-10-17 03:31:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005-10-17 03:31:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005-10-17 03:31:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005-10-17 03:31:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005-10-17 03:31:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005-10-17 03:31:00 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009-01-16 09:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2008-01-02 16:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu [2007-05-18 11:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Inkscape [2009-12-03 11:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu [2009-05-29 13:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM [2009-07-15 09:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera [2009-07-15 14:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung [2009-05-28 13:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TeamViewer [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] Log z OTL po operacji
Gość komentarz 3 grudnia 2009 komentarz 3 grudnia 2009 Troche sie usuneło. Daj log z ComboFixa: http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303
pepisvx komentarz 3 grudnia 2009 Autor komentarz 3 grudnia 2009 [log] ComboFix 09-12-02.07 - Właściciel 2009-12-03 14:10.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.447.173 [GMT 1:00] Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-0065269158-7957739614-721962873-8475 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-5331651423-1512913438-155492587-8253 c:\recycler\S-1-5-21-5570439073-7082473101-414414142-6715 c:\recycler\S-1-5-21-6276358013-7340164801-240058672-9307 c:\windows\system32\AutoRun.inf c:\windows\system32\secupdat.dat Zainfekowana kopia c:\windows\system32\DRIVERS\atapi.sys została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-03 do 2009-12-03 ))))))))))))))))))))))))))))))) . 2009-12-03 11:01 . 2009-12-03 11:01 -------- d-----w- C:\_OTL 2009-12-03 10:52 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-03 10:52 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-12-03 10:52 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-03 10:52 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-12-03 10:52 . 2009-12-03 10:52 -------- d-----w- c:\program files\Avira 2009-12-03 10:52 . 2009-12-03 10:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-12-03 09:24 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 09:24 . 2009-12-03 09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-03 09:24 . 2009-12-03 09:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-12-03 09:24 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-01 13:31 . 2009-12-01 13:31 -------- d-----w- c:\program files\Trend Micro 2009-11-18 13:15 . 2009-11-18 13:23 26204720 ----a-w- c:\program files\AdbeRdr920_pl_PL.exe 2009-11-07 07:23 . 2009-11-07 07:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-07 07:22 . 2009-11-07 07:22 40128 ----a-w- c:\windows\system32\drivers\riqmjqch.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-21 07:16 . 2006-03-02 12:00 50952 ----a-w- c:\windows\system32\perfc015.dat 2009-11-21 07:16 . 2006-03-02 12:00 359032 ----a-w- c:\windows\system32\perfh015.dat 2009-11-18 13:25 . 2007-02-21 14:48 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-29 15:12 . 2009-10-29 14:35 -------- d-----w- c:\program files\IPSPI 2009-10-27 15:30 . 2009-02-05 13:02 -------- d-----w- c:\program files\ALLPlayer 2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2004-10-01 14:00 . 2007-02-21 14:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe sleep" [X] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-17 7307264] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-17 86016] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-10-17 1519616] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-24 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Waciciel\Menu Start\Programy\Autostart\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-11 344064] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\explorer.exe"= R0 riqmjqch;riqmjqch;c:\windows\system32\drivers\riqmjqch.sys [2009-11-07 40128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-03 108289] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - rrqwskwf [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' 2008-01-22 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {4E43FBE7-3F21-4A72-8D0A-D84CC7406778} = 194.204.159.1,194.204.152.34 . - - - - USUNIĘTO PUSTE WPISY - - - - HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-03 14:18 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB969947] @DACL=(02 0000) "DisplayName"="Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)" "UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB969947$\\spuninst\\spuninst.exe\"" "TSAware"=dword:00000001 "NoModify"=dword:00000001 "InstallDate"="20091112" "Publisher"="Microsoft Corporation" "NoRepair"=dword:00000001 "HelpLink"="http://support.microsoft.com?kbid=969947" "URLInfoAbout"="http://support.microsoft.com" "DisplayVersion"="1" "ParentKeyName"="OperatingSystem" "ParentDisplayName"="Windows XP - Aktualizacje oprogramowania" "ReleaseType"="Security Update" "RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB969947" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB973687] @DACL=(02 0000) "DisplayName"="Aktualizacja dla systemu Windows XP (KB973687)" "UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB973687$\\spuninst\\spuninst.exe\"" "TSAware"=dword:00000001 "NoModify"=dword:00000001 "InstallDate"="20091126" "Publisher"="Microsoft Corporation" "NoRepair"=dword:00000001 "HelpLink"="http://support.microsoft.com?kbid=973687" "URLInfoAbout"="http://support.microsoft.com" "DisplayVersion"="1" "ParentKeyName"="OperatingSystem" "ParentDisplayName"="Windows XP - Aktualizacje oprogramowania" "ReleaseType"="Update" "RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB973687" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2] @DACL=(02 0000) "DisplayName"="Poprawka dla systemu Windows XP (KB976098-v2)" "UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB976098-v2$\\spuninst\\spuninst.exe\"" "TSAware"=dword:00000001 "NoModify"=dword:00000001 "InstallDate"="20091126" "Publisher"="Microsoft Corporation" "NoRepair"=dword:00000001 "HelpLink"="http://support.microsoft.com?kbid=976098" "URLInfoAbout"="http://support.microsoft.com" "DisplayVersion"="2" "ParentKeyName"="OperatingSystem" "ParentDisplayName"="Windows XP - Aktualizacje oprogramowania" "ReleaseType"="Hotfix" "RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB976098-v2" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2808) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Skype\Phone\Skype.exe c:\program files\avira\antivir desktop\avcenter.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2009-12-03 14:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-12-03 13:24 Przed: 15 376 896 000 bajtów wolnych Po: 15 341 551 616 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 4BABEF6841E0D9CDFF86F8A4126759FB [/log] ComboFix
Gość komentarz 3 grudnia 2009 komentarz 3 grudnia 2009 Wklej do [b]Notatnika[/b]: [code] KillAll:: File:: c:\windows\system32\drivers\riqmjqch.sys c:\windows\Tasks\Norton Security Scan.job Driver:: SetupNTGLM7X riqmjqch Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch. sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\riqmjqch.sys] Folder:: C:\_OTL [/code] [b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b] Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] [b][color="blue"]-->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img] Rozpocznie się usuwanie i powstanie log.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.