x-kom hosting

Kosmetyczne sprawdzenie loga

HQ19
utworzono
utworzono

Log z OTL
[log]OTL logfile created on: 2010-02-11 21:00:40 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Moje\Downloads\Internet Download Manager\Programs
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 25,40 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Drive D: | 80,00 Gb Total Space | 50,03 Gb Free Space | 62,54% Space Free | Partition Type: NTFS
Drive E: | 50,01 Gb Total Space | 44,65 Gb Free Space | 89,29% Space Free | Partition Type: NTFS
Drive F: | 60,00 Gb Total Space | 9,40 Gb Free Space | 15,66% Space Free | Partition Type: NTFS
Drive G: | 58,07 Gb Total Space | 40,40 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PREZES
Current User Name: Marcin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-02-11 21:00:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Moje\Downloads\Internet Download Manager\Programs\OTL.exe
PRC - [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010-01-25 21:33:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-12 21:30:04 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-12-08 14:18:48 | 007,336,448 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2009-11-30 20:03:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-08-17 03:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-05-27 19:58:39 | 002,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-02-06 11:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 18:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 18:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 18:21:32 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-11-14 11:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-09-14 07:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC UP\TOTALCMD.EXE
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2006-11-21 18:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005-08-30 20:04:30 | 000,405,504 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe
PRC - [2003-10-08 16:35:42 | 000,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2003-09-17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2000-06-26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [1999-12-13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-02-11 21:00:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Moje\Downloads\Internet Download Manager\Programs\OTL.exe
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-26 16:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 18:20:56 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x- ww_35d4ce83\comctl32.dll
MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-01-20 20:48:51 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2009-12-12 21:30:04 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-11-30 20:03:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-08-17 03:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007-03-12 13:49:46 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-01-15 17:14:38 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000-06-26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999-12-13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010-01-20 20:48:51 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010-01-20 20:48:51 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009-12-17 17:38:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-29 12:43:31 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-07-21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-06-20 12:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008-04-30 17:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008-04-13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 17:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-02-22 18:53:00 | 000,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2007-12-28 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007-06-19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007-06-19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007-06-19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007-06-19 08:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007-06-19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007-06-19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007-06-19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2006-08-25 04:47:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-08-11 14:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006-08-11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006-08-11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006-08-11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006-08-11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006-08-11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006-08-11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006-08-11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006-08-11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006-08-11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006-05-15 14:35:56 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006-05-15 14:35:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006-05-15 14:35:48 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006-05-15 14:35:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006-05-15 14:35:42 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006-05-15 14:35:42 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006-05-15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2005-12-09 17:46:48 | 000,009,312 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88xbar.sys -- (CX88XBAR) AVerMedia, AVerTV Crossbar (88x)
DRV - [2005-12-09 17:46:14 | 000,270,336 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2005-12-09 17:45:52 | 000,032,032 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE) AVerMedia AVerTV Tuner Service (88x)
DRV - [2005-11-10 17:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004-08-04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.Google.com"]http://www.Google.com[/url]
IE - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\S-1-5-21-1993962763-1202660629-725345543- 1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..keyword.enabled: true
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-11 20:44:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 21:33:22 | 000,000,000 | ---D | M]

[2010-02-03 19:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions
[2010-02-03 19:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-02-11 18:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions
[2009-11-30 19:56:02 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{44d0a1b4- 9c90-4f86-ac92-8680b5d6549e}
[2010-02-02 15:59:57 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{9f08cb5a- 76b1-4bcf-aff9-90e1a5d60b1e}
[2010-01-18 18:51:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{d10d0bf8- f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-11-30 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\w0fzmmkm.default\extensions
[2010-02-11 19:55:13 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\w0fzmmkm.default\searchplugins\Search. xml
[2010-02-11 19:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-11 19:55:11 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8b3f1d75-635d-035a-f9d9-f7b4366df442}
[2010-01-25 21:33:19 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-25 21:33:19 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-25 21:33:19 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-25 21:33:19 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-25 21:33:19 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-25 21:33:19 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-02-11 20:53:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe (AVerMedia Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\TC UP.lnk = C:\Program Files\TC UP\TC UP.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\Software\Policies\Microsoft\ Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003_Classes\Software\Policies\Microsoft\ Internet Explorer\Control Panel present
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.7.226 217.172.224.92
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-30 16:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-02-05 21:00:24 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-30 16:17:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-11 20:50:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-02-11 20:49:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-02-11 20:49:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-02-11 20:49:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-02-11 20:49:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-02-11 20:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-11 20:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010-02-11 20:00:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent
[2010-02-11 19:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Ringtones
[2010-02-08 22:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010-02-08 21:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero
[2010-02-07 20:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\UserData
[2010-02-05 15:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\OCCT
[2010-02-05 15:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\OCCT
[2010-02-03 19:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Thunderbird
[2010-02-03 19:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Thunderbird
[2010-02-03 19:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\The Bat!
[2010-02-01 21:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10
[2010-02-01 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-02-01 17:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Poprawiny studniówkowe
[2010-01-25 21:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\Pobieranie
[2010-01-25 18:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\CyberLink
[2010-01-24 14:59:36 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010-01-24 14:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2010-01-24 12:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help
[2010-01-24 12:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help
[2010-01-24 11:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\18 WoS Pedal to the Metal
[2010-01-24 10:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-01-21 22:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\codeblocks
[2010-01-21 22:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeBlocks
[2010-01-20 20:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010-01-20 20:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2010-01-20 20:37:40 | 000,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010-01-20 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA
[2010-01-20 15:57:18 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2010-01-20 15:50:32 | 000,053,320 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2010-01-20 15:50:27 | 000,051,784 | ---- | C] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2010-01-20 15:50:17 | 000,027,720 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2010-01-20 15:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2010-01-13 18:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010-01-12 22:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2010-01-12 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Identities
[2009-12-12 21:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2009-12-02 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TeamViewer
[2009-11-30 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-11-30 16:57:40 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009-11-30 16:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-11-30 16:17:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-11-30 16:17:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-11 20:54:07 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-11 20:53:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-11 20:53:48 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20021102}.CDF
[2010-02-11 20:53:38 | 000,005,562 | ---- | M] () -- C:\WINDOWS\AVerTV.ini
[2010-02-11 20:53:37 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-02-11 20:53:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-11 20:53:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-11 20:53:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-11 20:53:25 | 000,332,020 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010-02-11 20:52:48 | 006,659,104 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-02-11 20:52:48 | 000,565,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-02-11 20:52:48 | 000,057,296 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-02-11 20:52:48 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx
[2010-02-11 20:52:48 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx
[2010-02-11 20:52:48 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx
[2010-02-11 20:52:48 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx
[2010-02-11 20:52:48 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx
[2010-02-11 20:52:48 | 000,006,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-02-11 20:52:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010-02-11 20:52:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010-02-11 20:52:46 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT
[2010-02-11 20:52:44 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2010-02-11 20:50:16 | 000,000,425 | RHS- | M] () -- C:\boot.ini
[2010-02-11 20:41:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-11 20:04:09 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\GoldWave.lnk
[2010-02-11 19:55:11 | 000,118,284 | ---- | M] () -- C:\WINDOWS\System32\VlJ6D-5cKcc9_.exe
[2010-02-09 23:06:45 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Music.m3u
[2010-02-08 18:45:35 | 002,110,396 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-08 16:15:58 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-02-07 12:40:30 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-05 15:06:54 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OCCT.lnk
[2010-02-03 18:15:47 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-01-25 21:27:01 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\MyPhoneExplorer.lnk
[2010-01-25 18:19:40 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Easy Duplicate Finder.lnk
[2010-01-25 18:19:34 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Converter.lnk
[2010-01-25 18:12:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\Default.PLS
[2010-01-25 18:11:00 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Player.lnk
[2010-01-25 18:10:42 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\RegCleaner.lnk
[2010-01-25 07:36:18 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\UltraISO.lnk
[2010-01-25 07:36:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\CodeBlocks.lnk
[2010-01-25 07:36:17 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Revo Uninstaller.lnk
[2010-01-24 15:16:44 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys
[2010-01-24 14:54:47 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Quake III Arena.lnk
[2010-01-24 14:54:44 | 000,000,801 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2010-01-23 22:55:45 | 000,000,594 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-01-22 02:33:06 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010-01-20 20:48:51 | 000,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010-01-20 20:48:51 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010-01-20 20:48:51 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010-01-20 20:48:51 | 000,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2010-01-20 16:27:29 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2010-01-20 15:50:32 | 000,053,320 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2010-01-20 15:50:27 | 000,051,784 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2010-01-20 15:50:17 | 000,027,720 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2010-01-13 16:58:14 | 000,064,760 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-01-13 16:58:02 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-02-11 20:50:13 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-02-11 20:49:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-11 20:49:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-02-11 20:49:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-02-11 20:49:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-11 20:49:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-02-11 20:04:09 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\GoldWave.lnk
[2010-02-11 19:55:11 | 000,118,284 | ---- | C] () -- C:\WINDOWS\System32\VlJ6D-5cKcc9_.exe
[2010-02-09 22:51:51 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Music.m3u
[2010-02-05 15:06:54 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OCCT.lnk
[2010-01-25 18:12:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\Default.PLS
[2010-01-24 15:16:44 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys
[2010-01-24 14:54:47 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Quake III Arena.lnk
[2010-01-24 14:45:13 | 000,000,801 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2010-01-22 02:33:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010-01-21 22:14:11 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\CodeBlocks.lnk
[2010-01-20 20:38:38 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010-01-20 20:38:38 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010-01-20 20:38:03 | 006,659,104 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-01-20 20:38:03 | 000,565,280 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-01-20 20:38:03 | 000,057,296 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-01-20 20:38:03 | 000,006,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-01-20 15:50:39 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak
[2010-01-20 15:50:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak
[2010-01-20 15:50:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak
[2010-01-12 22:07:48 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Player.lnk
[2010-01-12 22:07:48 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Converter.lnk
[2010-01-12 17:05:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-06 23:00:38 | 000,735,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-12-12 21:36:07 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-12-12 21:11:18 | 000,000,266 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-12-06 19:16:17 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-01 21:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TeleText.INI
[2009-12-01 21:14:23 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2009-11-30 20:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009-11-30 20:21:05 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-11-30 20:21:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-30 20:21:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-11-30 20:21:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-11-30 20:21:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-11-30 20:21:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-11-30 19:09:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-30 19:04:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009-11-30 17:59:35 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-11-30 17:45:48 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-11-30 17:11:00 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009-11-30 17:11:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009-11-30 17:00:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009-11-30 16:59:57 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009-11-30 16:54:18 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006-08-11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006-05-23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005-09-02 10:37:14 | 000,005,562 | ---- | C] () -- C:\WINDOWS\AVerTV.ini
[2005-06-16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini

[color="#e56717"]========== LOP Check ==========[/color]

[2009-11-30 18:57:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2009-12-08 20:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJScan
[2010-01-07 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2010-01-20 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2010-01-03 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-02-10 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-02 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TeamViewer
[2009-12-06 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\BESTplayer
[2009-12-08 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Canon
[2010-02-11 20:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DMCache
[2009-11-30 19:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu
[2010-02-01 21:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10
[2009-11-30 17:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\HEXelon
[2009-11-30 19:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\IDM
[2010-01-03 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\ipla
[2009-12-11 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Leadertech
[2009-11-30 19:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mp3tag
[2010-02-10 07:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\MyPhoneExplorer
[2010-01-10 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu
[2009-12-16 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenArena
[2010-01-07 12:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\SpeedSim
[2010-01-09 17:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\TeamViewer
[2010-02-07 19:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\The Bat!
[2010-02-03 19:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Thunderbird
[2010-01-19 22:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\TS3Client
[2010-02-10 23:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent
[2009-11-30 19:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\VSRevoGroup

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2009-11-30 16:17:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-12-06 10:51:57 | 000,000,355 | ---- | M] () -- C:\Boot.bak
[2010-02-11 20:50:16 | 000,000,425 | RHS- | M] () -- C:\boot.ini
[2004-08-04 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009-12-06 10:51:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-02-11 20:56:07 | 000,028,444 | ---- | M] () -- C:\ComboFix.txt
[2009-11-30 16:17:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-11-30 16:17:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-30 16:17:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-11-30 20:38:57 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-11 20:53:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[color="#e56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8FF81EB0
< End of report >
[/log]

Log z ComboFix
[log]
ComboFix 10-02-11.02 - Marcin 2010-02-11 20:50:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1693 [GMT 1:00]
Uruchomiony z: d:\moje\Downloads\Internet Download Manager\Programs\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2517779441-3560812243-1181515526-1000
c:\$recycle.bin\S-1-5-21-35094280-4140891209-2606706195-1000
c:\documents and settings\Marcin\Dane aplikacji\EurekaLog
c:\windows\system32\tmp71.tmp

.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-11 do 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-11 19:04 . 2010-02-11 19:12 -------- d-----w- c:\program files\GoldWave
2010-02-11 18:55 . 2010-02-11 18:55 118284 ----a-w- c:\windows\system32\VlJ6D-5cKcc9_.exe
2010-02-08 21:12 . 2010-02-08 21:12 -------- d-----w- c:\program files\Nero
2010-02-08 20:35 . 2010-02-08 21:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-02-07 19:58 . 2010-02-07 19:58 -------- d-sh--w- c:\documents and settings\Marcin\UserData
2010-02-05 14:06 . 2010-02-05 14:06 -------- d-----w- c:\program files\OCCT
2010-02-04 21:14 . 2010-02-04 21:14 5115824 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 18:20 . 2010-02-07 18:24 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Thunderbird
2010-02-03 18:20 . 2010-02-03 18:20 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Thunderbird
2010-02-03 18:16 . 2010-02-07 18:17 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\The Bat!
2010-02-01 20:24 . 2010-02-01 20:25 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10
2010-02-01 20:24 . 2010-02-01 20:25 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-01-25 17:12 . 2010-01-25 17:12 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\CyberLink
2010-01-24 14:16 . 2010-01-24 14:16 139152 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\PnkBstrK.sys
2010-01-24 13:59 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe
2010-01-24 13:54 . 2010-01-24 13:54 -------- d-----w- c:\program files\Mplayer
2010-01-24 13:45 . 1999-10-09 16:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-01-24 11:24 . 2010-01-24 11:24 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-21 21:14 . 2010-01-22 22:53 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\codeblocks
2010-01-21 21:14 . 2010-01-21 21:14 -------- d-----w- c:\program files\CodeBlocks
2010-01-20 19:48 . 2010-01-20 19:48 59920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2010-01-20 19:48 . 2010-01-20 19:48 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2010-01-20 19:48 . 2010-01-20 19:48 33808 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2010-01-20 19:48 . 2010-01-20 19:48 208616 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2010-01-20 19:48 . 2010-01-20 19:48 226832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2010-01-20 19:38 . 2010-01-20 19:48 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-20 19:38 . 2010-01-20 19:48 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-20 19:38 . 2010-02-11 19:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2010-01-20 19:38 . 2010-02-11 19:52 6659104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-20 19:38 . 2010-02-11 19:52 565280 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-20 19:38 . 2010-01-20 19:38 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-20 15:19 . 2010-01-20 19:34 -------- d-----w- c:\program files\Common Files\G DATA
2010-01-20 14:57 . 2010-01-20 15:27 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-01-20 14:50 . 2010-01-20 14:50 53320 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-01-20 14:50 . 2010-01-20 14:50 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2010-01-20 14:50 . 2010-01-20 14:50 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-01-20 14:50 . 2010-01-20 19:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA
2010-01-13 17:35 . 2010-01-13 17:35 -------- d-----w- c:\program files\MSXML 4.0
2010-01-12 21:07 . 2010-01-20 22:41 -------- d-----w- c:\program files\Total Video Converter
2010-01-12 20:12 . 2010-01-12 20:12 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Identities

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 19:52 . 2010-01-20 19:38 6156 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-11 19:52 . 2010-01-20 19:38 57296 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-11 19:42 . 2009-11-30 16:48 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\DMCache
2010-02-10 22:58 . 2010-01-09 21:35 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\uTorrent
2010-02-10 22:11 . 2009-12-16 17:58 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-02-10 06:41 . 2009-12-16 17:58 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\MyPhoneExplorer
2010-02-09 17:01 . 2009-12-20 11:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-08 21:41 . 2009-12-12 19:13 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Xfire
2010-02-08 21:13 . 2009-11-30 17:07 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-08 15:15 . 2009-12-12 20:36 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-08 15:15 . 2009-12-12 20:36 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 19:58 . 2009-12-12 19:13 -------- d-----w- c:\program files\Xfire
2010-02-04 21:17 . 2009-12-01 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 13:12 . 2009-11-30 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 11:24 . 2009-11-30 16:51 -------- d-----w- c:\program files\TC UP
2010-01-24 09:52 . 2009-11-30 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-23 19:48 . 2010-01-04 17:55 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Skype
2010-01-20 19:48 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-01-19 21:19 . 2009-12-20 11:41 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\TS3Client
2010-01-15 14:07 . 2009-11-30 16:43 -------- d-----w- c:\program files\Unlocker
2010-01-13 15:58 . 2009-11-30 15:34 64760 ----a-w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-12 16:25 . 2010-01-12 16:25 -------- d-----w- c:\program files\UltraISO
2010-01-12 16:25 . 2010-01-12 16:25 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-01-10 11:24 . 2010-01-10 11:20 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu
2010-01-09 21:36 . 2010-01-09 21:36 -------- d-----w- c:\program files\uTorrent
2010-01-09 16:01 . 2009-12-02 14:56 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\TeamViewer
2010-01-09 16:01 . 2009-12-02 14:56 -------- d-----w- c:\program files\TeamViewer
2010-01-07 16:54 . 2004-08-04 11:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2010-01-07 16:54 . 2004-08-04 11:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2010-01-07 15:07 . 2009-12-01 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-01 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:08 . 2009-12-04 14:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters
2010-01-07 11:36 . 2010-01-07 11:34 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\SpeedSim
2010-01-06 22:00 . 2010-01-06 22:00 735264 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-01-06 19:20 . 2010-01-06 19:20 -------- d--h--r- c:\documents and settings\Marcin\Dane aplikacji\SecuROM
2010-01-06 19:20 . 2010-01-06 19:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-04 17:55 . 2010-01-04 17:55 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 17:55 . 2010-01-04 17:55 -------- d-----w- c:\program files\Skype
2010-01-04 17:55 . 2010-01-04 17:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2010-01-03 10:12 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\ipla
2010-01-03 10:12 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2010-01-02 19:08 . 2010-01-02 19:08 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-02 19:08 . 2010-01-02 19:08 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 10:05 . 2009-12-24 10:05 -------- d-----w- c:\program files\HD Tune
2009-12-23 18:37 . 2009-12-23 18:37 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-23 18:37 . 2009-12-23 18:37 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\OpenAL
2009-12-21 19:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 22:25 . 2009-11-30 16:20 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-12-17 16:40 . 2009-12-17 16:40 -------- d-----w- c:\program files\Alcohol Soft
2009-12-17 16:38 . 2009-11-30 16:45 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-17 07:42 . 2009-11-30 15:13 345088 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 17:58 . 2009-12-16 17:58 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-16 14:22 . 2009-12-16 14:22 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\OpenArena
2009-12-14 07:10 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 20:30 . 2009-12-12 20:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-09 10:11 . 2004-08-04 11:00 2146816 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-04 00:39 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 18:28 . 2009-12-07 18:28 1924440 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-12-04 18:22 . 2004-08-04 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 19:41 . 2009-11-30 15:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-30 19:03 . 2009-11-30 19:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 19:02 . 2009-11-30 19:02 152576 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 19:00 . 2009-11-30 19:00 79488 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-30 16:44 . 2009-11-30 16:44 0 ----a-w- c:\windows\nsreg.dat
2009-11-30 16:25 . 2009-11-30 16:25 656 ----a-w- c:\windows\unins000.dat
2009-11-30 16:25 . 2002-02-10 00:00 72748 ----a-w- c:\windows\unins000.exe
2009-11-30 15:57 . 2009-11-30 15:57 184 ----a-w- c:\windows\system32\e000001.dat
2009-11-30 15:14 . 2009-11-30 15:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 11:43 . 2009-11-29 11:43 304920 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-27 17:14 . 2004-08-04 11:00 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 14:52 . 2009-11-18 14:52 37376 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-11-18 14:52 . 2009-11-18 14:52 11776 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-12-08 7336448]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="NvMCTray.dll" [2009-08-17 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2010-01-20 208616]

c:\documents and settings\Marcin\Menu Start\Programy\Autostart\
TC UP.lnk - c:\program files\TC UP\TC UP.exe [2007-11-29 34816]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
QuickTV.lnk - c:\program files\AVerTV\QuickTV.exe [2005-8-30 405504]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\ AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-30 691696]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]
R2 CX88XBAR;AVerMedia, AVerTV Crossbar (88x);c:\windows\system32\drivers\cx88xbar.sys [2009-11-30 9312]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-08-11 8192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-12-24 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-12-24 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-12-24 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-12-24 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-12-24 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-12-24 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-12-24 97704]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.Google.com
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\documents and settings\Marcin\Dane aplikacji\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{8b3f1d75-635d-035a-f9d9-f7b4366df442}\components\-lWD__.dll
FF - plugin: c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-02-11 20:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdx.sys hal.dll >>UNKNOWN [0x8A965938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8
\Driver\atapi -> atapi.sys @ 0xb7e08b40
\Driver\iaStor -> iaStor.sys @ 0xb7d7c6d0
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Generic Marvell Yukon 88E8056 based Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7c4abb0
PacketIndicateHandler -> NDIS.sys @ 0xb7c57a21
SendHandler -> NDIS.sys @ 0xb7c3587b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1202660629-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,7f,50,68,c7,19,81,2d,11,2e,db,aa,e3,c5,bc,45,57,0d,fb,a5,84,
51,3f,9c,b3,ac,ca,e1,41,cf,8b,cd,d4,d7,71,68,39,60,cb,2b,7f,0a,65,37,ef,a9,\
"rkeysecu"=hex:af,ea,70,2c,3c,b1,12,9f,1b,aa,a6,ac,da,fc,41,65

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):45,f3,d0,54,37,8e,4a,e8,a8,a7,fa,f5,d2,a2,21,83,0e,b6,0e,e7,08,
7e,a7,3e,be,82,e6,d6,6e,ee,f5,f0,3c,aa,8d,18,5f,54,9b,63,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f33cd67c-d2cb-476e-a1bd-41f5b2174027}]
@Denied: (Full) (Everyone)
"Model"=dword:00000021
"Therad"=dword:00000003
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="790413DBCB66448F745AFC9B5B74C7BDE77C2D92ED20DB9B0602573FD08ECEEDD8CBE8B231A3C7CBFBD18F1A73E2A378A390FC5A6A57AC3CF7000BB7D51A9E5EBB13A594B0DB782444D7853655042864C2143B25EAE0F52BDC829193A763CEE89618B7DA61FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DA2D97226D213B555D3A089DD112010D81A8B388C23F49912878E86794518D3BDAA9C34167AE6E42664CEDE5123BF44B11CA9B17FBEAAB9E717AF2912C6D762DC544B659F916C52DA797B8B3DCB9E36E352DF3AA87DA115835F888BBB9FE21770F41923BB451660796945D86BCE927E49538B6577B27EDDF3D6CFA52DD4CB5A5A06BDEE85E985525ACEFCEFF8EFE9584DFA3A24AE365C6AD83A71566CEE99BA11441E30E7DACC0E68882862D87D64A4EFE8ACD164E346B167898CDD557AC4E99DB15930A474719F233781224FC3356547FE5BA9059A3D506A0AF5E298083C3FA013BE9E509970351EC1F485F71504C4796570CA4DBDB709BEC1346D39ABE1B24A71D28D532EB7217F53A4CABE496D8C4407CABBD1B71EBFD4FD82EC0F7F8BE3E199CE726A9DABDB03586610663B022EF613FBE37870CCFB32505130C59E0392411E1F28265522FE780343D784C8453CF5FBCA107C5A95EC700BC3ED5DAA87A65652636E6DC5664A434AF88A02D4AE70BAF9B1EF6BE73CE23CC532C0A9C8C9A925517165F5E5B7205AE878731FC52AA5CF08DF98A9107C5258DEA5A3522070C7C175D095CEAEC78748DBE8C1EA07995AD664B702ECCF005498F3DFF9D3DD95D5D7E23E68D79D402BACE522884C0650358393CF88C0276AA5E66B5308FB33C647257DAA2BC5B4B95ABB8C33BF7DB6947C1E5B72EC83184F2840EC29F770D406B77B6DBA922179C4873C1B5BC30B8FA49C83C79D54E62A38DEB6E33BD5A87B4963C221C533477563CA899F92D1D88AAE25A2A704C574EBA2F3EE01991570E1FBADF34AD98869B68C5D12EA810E9AA6D84A018E0DAE04697EB321B78889E6CB7A9B1DDCB5708B4FAC9EDA140581DA66B863365352DD4639B2901C41FCEC007B18D6E192502D0653A113F8F42F9477D0DBED6F11A20A3D71951DC01AA65D053B192F77E7CFE5875EBE5F19AA461A226FC287EB26814940ADF5948480E05B8FD53914A79E92A38E0C4B50F99A424360D2E0F40037241A780E945270F842CD901DA69CD23CA75671008153EF68D1A60D8C1D9F942BF45B6636A6D621CC907B4A6682836809D34F57DD117BE07D56425433D411A52D13D15CCDD4C8C9884793D7896224F01211C6BE519D80488A64743960D77B44AA51A681803CEFAD7A9727A162D08306AA8A547787BC3DB600470011B4E9309359B665"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\TC UP\totalcmd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-11 20:56:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-11 19:56

Przed: 26 761 388 032 bajtów wolnych
Po: 27 294 359 552 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2C05246070CB54697AFBBBD955F3BD3B
[/log]

Proszę o sprawdzenie, czy jeszcze coś pozostało w tych logach.

Psycholandia
komentarz
komentarz

Uruchom OTL i klik na CleanUP. Czysto.
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

  • Dobra wypowiedź 1
HQ19
komentarz
komentarz (edytowane)

Malwarebyte'm skanowałem i usunąłem kilka. Dzięki Andziorka za sprawdzenie logów :)

Możecie mi powiedzieć jak poprzez OTL usunąć te wpisy:
[code]FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/"
FF - prefs.js..browser.search.selectedEngine: "Search" <-- nie wiem czy ten usunąć
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..keyword.enabled: true <-- nie wiem czy ten usunąć
FF - prefs.js..browser.search.defaultenginename: "Search" <-- nie wiem czy ten usunąć
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="[/code]

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej[code]
:OTL
FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/"
FF - prefs.js..browser.search.selectedEngine: "Search" <-- nie wiem czy ten usunąć
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..keyword.enabled: true <-- nie wiem czy ten usunąć
FF - prefs.js..browser.search.defaultenginename: "Search" <-- nie wiem czy ten usunąć
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="

:Commands
[emptytemp]
[Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera.

Jeśli chcesz możesz spróbować usunąć bez resetu, wtedy ze skryptu usuń [Reboot]

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.