x-kom hosting

Mam virusa plus brak pliku dll

mnich20
utworzono
utworzono (edytowane)

Witam koleżanka przyniosła mi lapka do naprawy.
Problemy to:
brak pliku - zlib4.dll
brak dostępu do dysków lokalnych - po przywróceniu systemu z kilku dni wcześniej dostęp został przywrócony.

Załączam logi do sprawdzenia z RSIT i OTL.
Będę wdzięczny za szybką odpowiedz.

Log z RSIT
[log]Logfile of random's system information tool 1.06 (written by random/random)
Run by monia at 2010-02-13 12:22:01
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 10 GB (37%) free of 26 GB
Total RAM: 895 MB (80% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}]
My Global Search Bar BHO - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL [2009-12-13 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL [2009-12-13 225280]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-24 7569408]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-24 86016]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-12 774233]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-25 148888]
"BearShare"=C:\Program Files\BearShare\BearShare.exe /pause []
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2002-05-10 73728]
"VVSN"=C:\Program Files\VVSN\VVSN.exe [2004-12-22 107520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
"ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe sleep []

C:\Documents and Settings\monia\Menu Start\Programy\Autostart
smgr32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2006-10-14 5376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Bit Lord 1.1\BitLord.exe"="C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}]
shell\AutoRun\command - G:\esc.exe


======List of files/folders created in the last 1 months======

2010-02-13 12:22:02 ----D---- C:\Program Files\trend micro
2010-02-13 12:22:01 ----D---- C:\rsit
2010-02-13 11:53:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-02-13 11:52:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-02-13 11:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-02-13 11:52:35 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-02-13 11:42:36 ----SHD---- C:\RECYCLER
2010-02-13 11:42:36 ----D---- C:\Program Files\MyGlobalSearch
2010-02-13 11:20:22 ----D---- C:\WINDOWS\temp
2010-02-13 11:17:09 ----D---- C:\WINDOWS\ERDNT
2010-02-13 11:17:09 ----D---- C:\Qoobox
2010-02-13 10:58:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-10 23:17:44 ----DC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 23:17:37 ----DC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 23:16:22 ----DC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 23:16:15 ----DC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 23:16:09 ----DC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 23:15:58 ----DC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 23:15:47 ----DC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 23:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-29 09:42:32 ----SHD---- C:\found.000
2010-01-23 18:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$

======List of files/folders modified in the last 1 months======

2010-02-13 12:22:02 ----D---- C:\Program Files
2010-02-13 11:56:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 11:55:48 ----D---- C:\WINDOWS
2010-02-13 11:53:21 ----D---- C:\WINDOWS\Prefetch
2010-02-13 11:53:18 ----HD---- C:\WINDOWS\inf
2010-02-13 11:53:17 ----D---- C:\WINDOWS\system32
2010-02-13 11:53:01 ----A---- C:\WINDOWS\imsins.BAK
2010-02-13 11:52:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-13 11:50:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-13 11:50:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 11:47:07 ----D---- C:\WINDOWS\system32\drivers
2010-02-13 11:45:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-13 11:43:12 ----D---- C:\WINDOWS\system32\config
2010-02-13 11:43:01 ----D---- C:\WINDOWS\system32\wbem
2010-02-13 11:43:00 ----D---- C:\WINDOWS\Registration
2010-02-13 11:18:47 ----A---- C:\WINDOWS\system.ini
2010-02-13 09:53:23 ----D---- C:\Documents and Settings\monia\Dane aplikacji\Winamp
2010-02-13 09:24:07 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 11:32:41 ----D---- C:\Documents and Settings\monia\Dane aplikacji\VSO
2010-02-07 13:27:03 ----D---- C:\Documents and Settings\monia\Dane aplikacji\gtk-2.0
2010-01-23 18:17:27 ----D---- C:\Program Files\Internet Explorer
2010-01-16 10:45:16 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-12 193056]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
S2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
S2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
S2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
S3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-24 3661184]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-04 34176]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-04 13056]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-25 152984]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-24 143427]
S2 NWCWorkstation;Usługa klienta dla systemu NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------[/log]

Log z OTL
plik Extras
[log]OTL Extras logfile created on: 2010-02-13 12:10:53 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\monia\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

895,00 Mb Total Physical Memory | 750,00 Mb Available Physical Memory | 84,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 9,31 Gb Free Space | 37,24% Space Free | Partition Type: NTFS
Drive D: | 86,78 Gb Total Space | 73,91 Gb Free Space | 85,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,09 Gb Total Space | 2,47 Gb Free Space | 0,83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONIA-DC4E85F71
Current User Name: monia
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\Bit Lord 1.1\BitLord.exe" = C:\Program Files\Bit Lord 1.1\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29943E04-5E17-416A-9876-41EE64BF88E9}}[Files]_is1" = Driver CD Creator v1.3.1
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.5.5c
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"342C18BCBCBED6905E53C982AA36C4830D43716E" = Windows Driver Package - NVIDIA System (05/13/2005 5.1.2600.0450)
"4E5BBDAC46CABC920502E7C8DC1428919A3DB83F" = Windows Driver Package - NVIDIA (nvsmu) System (03/06/2006 5.1.2600.0114)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"8616D564CF16B5649AD2CCD417FAF71FF9A55845" = Windows Driver Package - NVIDIA System (06/08/2006 4.5.7)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B4D4DBEF57F64A9AC87AEA0057435ABC6E7A00D4" = Windows Driver Package - NVIDIA Corporation (nvata) HDC (01/27/2006 5.10.2600.0650)
"BearShare" = BearShare
"bearsharetb" = MediaBar
"BitLord" = BitLord 1.1
"D3637900ECBCB65E5C282A5A02042EE7B3CA8885" = Windows Driver Package - NVIDIA (NVENETFD) Net (03/03/2006 50.2.4)
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"My Global Search Uninstall" = My Global Search Bar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"SMPlayer" = SMPlayer 0.6.8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Wincmd" = Windows Commander (Remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2009-08-19 04:47:20 | Computer Name = MONIA-DC4E85F71 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd mshtml.dll, wersja 6.0.2900.3603, adres błędu 0x0023bfba.

Error - 2009-08-27 03:26:44 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2009-08-29 03:18:44 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2009-09-21 06:58:07 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2009-09-28 08:16:58 | Computer Name = | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80004002 z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2009-09-28 08:16:58 | Computer Name = | Source = SENS | ID = 0
Description =

Error - 2009-11-07 16:02:30 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2009-11-18 16:12:40 | Computer Name = | Source = SENS | ID = 0
Description =

Error - 2009-11-20 01:54:54 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2009-11-27 02:55:47 | Computer Name = | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 2010-02-13 06:45:57 | Computer Name = MONIA-DC4E85F71 | Source = System Error | ID = 1003
Description = Kod błędu c0000135, parametr 1 e1e8ac10, parametr 2 e28a2698, parametr
3 00000000, parametr 4 00000000.

Error - 2010-02-13 06:53:27 | Computer Name = MONIA-DC4E85F71 | Source = Windows Update Agent | ID = 20
Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować
następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Windows Internet Explorer
7 dla systemu Windows XP.

Error - 2010-02-13 07:03:55 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-02-13 07:04:08 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%31

Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu: %%31

Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2010-02-13 07:05:18 | Computer Name = MONIA-DC4E85F71 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2010-02-13 07:08:13 | Computer Name = MONIA-DC4E85F71 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
[/log]

plik OTL
[log]OTL logfile created on: 2010-02-13 12:10:53 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\monia\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

895,00 Mb Total Physical Memory | 750,00 Mb Available Physical Memory | 84,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 9,31 Gb Free Space | 37,24% Space Free | Partition Type: NTFS
Drive D: | 86,78 Gb Total Space | 73,91 Gb Free Space | 85,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,09 Gb Total Space | 2,47 Gb Free Space | 0,83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONIA-DC4E85F71
Current User Name: monia
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe
PRC - [2009-02-09 11:10:45 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2004-08-04 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004-08-04 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004-08-04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe
MOD - [2009-12-08 10:13:27 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 09:48:08 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 16:18:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:21:24 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:22:08 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:22:06 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 14:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-07-03 14:16:27 | 008,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2004-08-04 13:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004-08-04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 13:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2004-08-04 13:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2004-08-04 13:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-04 13:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-04 13:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004-08-04 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004-08-04 13:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2004-08-04 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004-08-04 13:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2004-08-04 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-04 13:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2004-08-04 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-04 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-05-25 17:33:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006-08-24 17:40:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-08-20 18:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-08-24 17:40:00 | 003,661,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-07-24 14:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-07-17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006-06-18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-12 13:17:56 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-03-04 05:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-03-04 05:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-01-28 05:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-02-17 22:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-04 13:00:00 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2004-08-04 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004-08-04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-05-28 09:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2002-05-13 09:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stealth.sys -- (Stealth)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\S-1-5-21-1177238915-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wp.pl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-11 16:26:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-13 11:18:29 | 000,000,000 | ---D | M]

[2009-05-24 09:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Extensions
[2010-02-12 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions
[2009-05-25 17:31:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-12-14 06:52:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009-05-25 17:31:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\searchplugins\winamp-search.xml
[2010-02-12 13:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-06-15 10:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2009-08-27 17:37:14 | 000,460,280 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll
[2009-07-16 17:23:34 | 000,685,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll
[2009-12-13 22:20:29 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
[2009-07-22 22:12:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2008-04-03 18:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2007-03-31 18:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2006-06-03 17:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2008-03-28 22:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 12:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search)
O3 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (My Global Search)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe (WhenU.com)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe File not found
O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1715567821-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-23 13:26:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}\Shell - "" = AutoRun
O33 - MountPoints2\{a6d747fa-bf1a-11de-8079-001a92dfa331}\Shell\AutoRun\command - "" = G:\esc.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-05-23 13:26:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\monia\Pulpit\cykaj.
[2010-02-13 12:08:20 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe
[2010-02-13 11:53:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010-02-13 11:52:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\Studniowka
[2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\f
[2010-02-13 11:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monia\Pulpit\ewi
[2010-02-13 11:42:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-13 11:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\MyGlobalSearch
[2010-02-13 11:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-02-13 11:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-13 11:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-01-29 09:42:32 | 000,000,000 | -HSD | C] -- C:\found.000
[2009-05-23 13:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-05-23 13:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-05-23 13:26:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-05-23 13:26:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

File not found -- C:\Documents and Settings\monia\Pulpit\cykaj.
[2010-02-13 12:03:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-13 12:02:57 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\monia\Pulpit\RSIT.exe
[2010-02-13 12:02:47 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monia\Pulpit\OTL.exe
[2010-02-13 11:56:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-13 11:56:29 | 003,108,864 | ---- | M] () -- C:\Documents and Settings\monia\ntuser.dat
[2010-02-13 11:56:29 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\monia\ntuser.ini
[2010-02-13 11:55:39 | 000,045,759 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-02-13 11:54:47 | 003,755,940 | -H-- | M] () -- C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-13 11:53:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-13 11:47:07 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-13 11:43:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-13 11:18:47 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-13 11:05:17 | 041,766,616 | ---- | M] () -- C:\Documents and Settings\monia\Pulpit\setup_av_free_pol.exe
[2010-02-07 13:28:19 | 000,005,372 | ---- | M] () -- C:\Documents and Settings\monia\.recently-used.xbel
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-13 12:08:22 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\monia\Pulpit\RSIT.exe
[2010-02-13 11:51:03 | 041,766,616 | ---- | C] () -- C:\Documents and Settings\monia\Pulpit\setup_av_free_pol.exe
[2010-02-09 20:24:29 | 003,108,864 | ---- | C] () -- C:\Documents and Settings\monia\ntuser.dat
[2010-02-07 13:28:19 | 000,005,372 | ---- | C] () -- C:\Documents and Settings\monia\.recently-used.xbel
[2009-07-24 15:25:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-07-14 13:11:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\monia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-11 10:03:11 | 000,000,572 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-05-30 18:16:16 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\monia\Dane aplikacji\Smiley.ico
[2009-05-23 15:25:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009-05-23 15:14:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-23 15:14:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-23 15:14:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-05-23 15:14:21 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-23 15:14:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009-05-23 14:24:47 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2004-08-04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2009-05-23 15:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\GetRightToGo
[2009-05-30 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\1A138
[2009-07-28 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\D399
[2009-10-25 21:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-10-15 20:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2009-11-05 14:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2009-07-28 18:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\BearShare
[2009-12-13 22:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\BearShareTb
[2009-10-18 20:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\DC++
[2009-12-19 10:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\GanymedeNet
[2010-02-07 13:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\gtk-2.0
[2009-11-22 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\Nowe Gadu-Gadu
[2009-05-29 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\OpenFM
[2010-02-10 11:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monia\Dane aplikacji\VSO

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%*.* >[/color]
[2009-05-23 13:26:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-05-23 13:41:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-05-23 13:26:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-23 13:26:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-23 13:26:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 13:00:00 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2010-02-13 12:03:25 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
< End of report >
[/log]

Mateusz J.
komentarz
komentarz

Masz wirusa z pendrive.
Pokaż log z ComboFix.

mnich20
komentarz
komentarz (edytowane)

Zrobiłem skana z:
- Avasta wykrył wirusa - pliki usunąłem,
- MKS vir online wykrył wirusa i trojana - pliki usunąłem,
- skaner online kasperski - trojana pliki usunięte,
- skaner online nod 32 -wykrył 2 wirusy i trojana - pliki usuną.

Na forum znalazłem jeśli jest błąd pliku zlib4.dll aby wstawić w OTL:
[log]:OTL
O4 - Startup: C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe ()

:Files
C:\Documents and Settings\monia\Menu Start\Programy\Autostart\smgr32.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

[/log]
Komunikat o braku pliku już się nie pojawia.
Wydaję mi się że juest tu jeszcze dużo śmieci w logach.

Po uruchomieniu combofixa zaczął od razu skanować, usuną kilka folderów, zrestartował się i poniżej log.
[log]ComboFix 10-02-12.01 - monia 2010-02-15 19:09:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.895.560 [GMT 1:00]
Uruchomiony z: c:\documents and settings\monia\Pulpit\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0002D0B4
c:\program files\myglobalsearch\bar\Cache\0002D2F6.bin
c:\program files\myglobalsearch\bar\Cache\0002D4CA.bin
c:\program files\myglobalsearch\bar\Cache\0002D5E4.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 18:02 . 2010-02-15 18:02 396288 ----a-w- c:\windows\system32\CF2970.exe
2010-02-14 21:04 . 2010-02-14 21:04 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\ArcaBit
2010-02-14 20:10 . 2010-02-14 20:10 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\Apple Computer
2010-02-14 20:10 . 2010-02-14 20:10 -------- d-----w- c:\documents and settings\monia\Ustawienia lokalne\Dane aplikacji\Apple Computer
2010-02-14 19:54 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-02-14 19:52 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-02-14 19:52 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-14 19:51 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-02-14 19:50 . 2010-02-14 19:50 -------- d-----w- c:\program files\Agnitum
2010-02-14 19:50 . 2010-02-14 19:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Agnitum
2010-02-14 19:46 . 2010-02-14 20:08 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\ArcaVirMicroScan
2010-02-14 18:06 . 2010-02-14 18:06 -------- d-----w- c:\program files\ESET
2010-02-14 17:00 . 2010-02-14 17:15 -------- d-----w- c:\program files\SkanerOnline
2010-02-14 16:31 . 2010-02-14 16:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-14 16:29 . 2010-02-14 16:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2010-02-14 16:29 . 2008-06-19 19:53 60416 ----a-w- c:\windows\system32\antiwpa.dll
2010-02-14 16:19 . 2010-02-14 16:19 -------- d-sh--w- c:\documents and settings\monia\IECompatCache
2010-02-14 16:19 . 2010-02-14 16:19 -------- d-sh--w- c:\documents and settings\monia\PrivacIE
2010-02-14 16:16 . 2010-02-14 16:16 -------- d-sh--w- c:\documents and settings\monia\IETldCache
2010-02-14 16:14 . 2010-02-14 16:21 -------- d-----w- c:\windows\ie8updates
2010-02-14 16:12 . 2010-02-14 16:13 -------- dc-h--w- c:\windows\ie8
2010-02-14 16:10 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-14 16:10 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-14 16:10 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-14 16:10 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-14 16:10 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-14 16:10 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-14 16:10 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-14 16:00 . 2010-02-14 16:00 -------- d-----w- c:\windows\system32\LogFiles
2010-02-14 15:41 . 2010-02-14 16:16 -------- d-----w- c:\windows\system32\pl-pl
2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\system32\pl
2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\system32\bits
2010-02-14 15:41 . 2010-02-14 15:41 -------- d-----w- c:\windows\l2schemas
2010-02-14 14:03 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-14 14:03 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-14 14:03 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-14 14:03 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-14 14:03 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-14 14:03 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-14 14:03 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-14 14:03 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-14 14:03 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-14 14:03 . 2010-02-14 14:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-02-13 11:22 . 2010-02-13 11:22 -------- d-----w- c:\program files\trend micro
2010-02-13 10:43 . 2010-02-13 10:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-29 08:42 . 2010-01-29 08:42 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 19:53 . 2009-05-25 16:28 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\Winamp
2010-02-14 16:50 . 2004-08-04 12:00 84062 ----a-w- c:\windows\system32\perfc015.dat
2010-02-14 16:50 . 2004-08-04 12:00 490852 ----a-w- c:\windows\system32\perfh015.dat
2010-02-14 15:43 . 2009-05-23 12:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-14 14:03 . 2009-05-23 15:26 -------- d-----w- c:\program files\Alwil Software
2010-02-10 10:32 . 2009-10-13 13:25 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\VSO
2010-02-09 11:32 . 2009-11-24 05:54 79488 ----a-w- c:\documents and settings\monia\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-07 12:27 . 2009-06-06 20:29 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\gtk-2.0
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:35 . 2009-07-01 08:48 -------- d-----w- c:\documents and settings\monia\Dane aplikacji\GanymedeNet
2009-12-19 09:34 . 2009-07-01 08:47 -------- d-----w- c:\program files\Ganymede
2009-12-17 07:42 . 2009-05-23 12:22 345088 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv(2).dll
2009-12-14 07:10 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-04 12:00 2146816 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-04 00:39 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"nwiz"="nwiz.exe" [2006-08-24 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-24 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-05-10 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [2002-05-13 77920]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-14 162512]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-02-14 704384]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2010-02-14 1195008]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-14 19024]
S3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-02-14 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-02-14 257432]
.
Zawartość folderu 'Zaplanowane zadania'

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{18533090-4690-4C1F-89D8-9065AAF3EF5C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\monia\Dane aplikacji\Mozilla\Firefox\Profiles\e8vsihlv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
HKLM-Run-VVSN - c:\program files\VVSN\VVSN.exe
Notify-WgaLogon - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\uninstall_plugin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 19:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\WININET.dll
.
Czas ukończenia: 2010-02-15 19:25:21 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-15 18:25

Przed: 7 801 167 872 bajtów wolnych
Po: 7 929 995 264 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 648EB70CC5DF49D45950DE3E8CB127F4
[/log]

Gość
komentarz
komentarz

Czysto.

Odpal OTL i wciśnij CleanUp.

Pełny scan MBAMem: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&fromsearch=1&#entry752434

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.