x-kom hosting

proszę o sprawdzenie loga - avgnt.exe

manugino
utworzono
utworzono

[log]ComboFix 10-03-21.04 - Kasiula 2010-03-22 14:19:58.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.239 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Kasiula\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kasiula\Menu Start\Programy\Autostart\syspck32.exe
c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\av.exe
c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\ave.exe
c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\MSASCui.exe
c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\vma.exe
c:\documents and settings\Kasiula\wuaucldt.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\drivers\meibtvdc.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\wuaucldt.exe

c:\windows\system32\drivers\cdrom.sys - brakowało pliku
Plik odzyskano z - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hnfjixic


((((((((((((((((((((((((( Pliki utworzone od 2010-02-22 do 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 13:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-22 13:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-22 12:45 . 2010-03-22 12:45 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\Malwarebytes
2010-03-22 12:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 12:44 . 2010-03-22 12:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-03-22 12:44 . 2010-03-22 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 12:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 11:42 . 2010-03-22 11:43 203776 --sha-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll
2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\McAfee
2010-03-12 08:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee
2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2010-03-10 22:11 . 2010-03-15 09:34 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-09 21:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:02 . 2008-08-06 11:06 1496064 ------w- c:\windows\system32\CC3250MT.DLL
2060-08-18 16:40 . 2008-08-06 11:06 909824 ------w- c:\windows\system32\cp3245mt.dll
2060-08-18 16:40 . 2008-08-06 11:06 24064 ------w- c:\windows\system32\borlndmm.dll
2010-03-22 08:55 . 2010-03-22 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\jasltw.dat
2010-03-20 13:08 . 2009-09-17 19:52 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\RayV
2010-02-21 17:56 . 2007-12-07 17:04 -------- d-----w- c:\program files\epson
2010-02-14 20:08 . 2010-02-11 20:38 -------- d-----w- c:\program files\Pity 2009
2010-02-14 20:06 . 2007-11-24 11:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 21:23 . 2010-02-11 21:23 -------- d-----w- c:\program files\Asseco Poland SA
2010-01-11 13:12 . 2007-11-02 13:22 60272 ----a-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2001-08-18 06:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2009-08-19 2487592]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\System32\igfxpers.exe" [2006-08-14 94208]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-8-3 950272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-04-04 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-26 108289]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2007-11-02 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-11-02 8278]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-08-03 450560]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-04-04 159616]
.
Zawartość folderu 'Zaplanowane zadania'

2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2010-03-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-12 20:18]
.
.
------- Skan uzupełniający -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.pl/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-syncman - c:\documents and settings\kasiula\wuaucldt.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E} - c:\program files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 14:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2724)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1045\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1045\OWCI11.DLL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Czas ukończenia: 2010-03-22 14:33:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-22 13:33
ComboFix2.txt 2009-03-26 15:53

Przed: 8 287 719 424 bajtów wolnych
Po: 8 519 516 160 bajtów wolnych

- - End Of File - - 353D996CDFBD300073E75C421656CCF4[/log]

Psycholandia
komentarz
komentarz

Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338

manugino
komentarz
komentarz

[log]OTL logfile created on: 2010-03-22 16:06:21 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Kasiula\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 23,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,92 Gb Free Space | 40,55% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 3,63 Gb Free Space | 14,87% Space Free | Partition Type: NTFS
Drive E: | 30,57 Gb Total Space | 3,49 Gb Free Space | 11,41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WVACTDTZ1
Current User Name: Kasiula
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - File not found -- C:\Documents and Settings\Kasiula\Moje dokumenty\Spycheck\Spycheck AntiSpyware\spycheck.exe
PRC - [2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe
PRC - [2010-03-18 10:43:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010-01-03 14:02:50 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-08-06 18:48:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-08-06 18:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-06-09 17:30:45 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-01-15 23:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007-09-25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007-01-16 12:42:20 | 000,950,272 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
PRC - [2006-10-30 12:49:54 | 016,269,312 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006-10-19 13:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-10-18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006-10-18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006-10-18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006-10-18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006-10-18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006-10-18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006-10-14 10:37:40 | 000,110,592 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006-09-01 14:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2006-08-14 07:41:28 | 000,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006-08-14 07:39:08 | 000,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006-08-14 07:38:08 | 000,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006-08-10 15:08:04 | 002,379,776 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005-10-17 16:09:34 | 000,987,136 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005-04-02 00:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe
MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 18:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 18:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 18:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Unknown | Running] -- -- (EvtEng) Intel(R)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-08-06 18:48:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-06-09 17:30:45 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006-10-18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006-10-18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005-04-02 00:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009-12-07 23:19:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-06-09 17:30:45 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-27 17:32:34 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-01-16 12:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2007-01-10 09:14:34 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2006-11-03 02:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-10-19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-10-17 04:55:28 | 001,711,104 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Sterownik karty Intel(R)
DRV - [2006-08-14 09:00:24 | 001,109,568 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-01-20 17:59:16 | 000,841,110 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2006-01-02 19:02:26 | 000,008,278 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2005-04-25 09:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b)
DRV - [2005-02-17 16:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005-02-17 00:19:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-04-30 08:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL File not found
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.winamp.com?src=toolbar"
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-18 10:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-18 10:43:25 | 000,000,000 | ---D | M]

[2008-09-13 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Extensions
[2010-03-21 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions
[2009-07-12 12:41:39 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-10-20 18:48:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008-02-24 00:19:47 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\aolsearch.xml
[2009-07-12 12:41:44 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\winamp-search.xml
[2009-04-29 10:19:28 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
[2010-03-21 12:04:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-18 10:43:18 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-18 10:43:18 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-18 10:43:18 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-18 10:43:18 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-18 10:43:18 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-18 10:43:18 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-03-22 14:28:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Kasiula/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-11-02 10:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-03-18 10:50:10 | 000,033,792 | ---- | M] () - D:\autobusy-nowy.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-11-02 10:21:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-03-22 16:03:13 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe
[2010-03-22 15:03:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-03-22 14:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Moje dokumenty\Spycheck
[2010-03-22 14:33:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-03-22 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-03-22 14:19:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-03-22 14:19:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-03-22 14:19:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-03-22 14:19:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-03-22 14:18:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-03-22 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Malwarebytes
[2010-03-22 13:45:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-22 13:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-03-22 13:44:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-22 13:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-03-21 16:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Moje dokumenty\Pobieranie
[2010-03-15 10:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
[2010-03-10 23:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
[2010-03-10 23:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
[2010-03-10 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010-02-11 22:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Asseco Poland SA
[2010-02-11 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pity 2009
[2010-02-09 19:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Pulpit\epson
[2010-02-09 19:17:59 | 000,061,440 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ECBTEG.DLL
[2010-02-09 19:17:58 | 000,073,676 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPMON2.DLL
[2010-02-09 19:17:58 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPCHP.DLL
[2010-02-09 19:17:33 | 000,000,000 | ---D | C] -- C:\EPSON
[2008-12-17 15:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2008-04-04 09:28:54 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008-04-04 09:28:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2007-11-02 14:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2007-11-02 11:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
[2007-11-02 11:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
[2007-11-02 10:25:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2007-11-02 10:25:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2007-11-02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Kasiula\Pulpit\*.tmp files -> C:\Documents and Settings\Kasiula\Pulpit\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe
[2010-03-22 14:28:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-03-22 14:28:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-03-22 14:28:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-03-22 14:27:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-22 14:27:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-22 14:26:23 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Kasiula\NTUSER.DAT
[2010-03-22 14:26:23 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Kasiula\ntuser.ini
[2010-03-22 14:14:36 | 003,897,235 | R--- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe
[2010-03-22 14:07:35 | 005,864,422 | -H-- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-22 13:50:22 | 000,015,266 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\wo588q8Gd1tnB
[2010-03-22 13:50:21 | 000,015,266 | -HS- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\wo588q8Gd1tnB
[2010-03-22 13:45:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-03-22 12:43:13 | 000,203,776 | -HS- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll
[2010-03-21 23:15:26 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Kolejną grupę stanowią WSKAŹNIKI RENTOWNOŚCI.doc
[2010-03-21 18:41:35 | 000,379,847 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\2041122_niekaRaportAnalityczny27.10.20091.pdf
[2010-03-21 18:39:59 | 000,389,552 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\1691306_Raportanalitycznyniezka20.12.2007.pdf
[2010-03-21 18:05:06 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Microsoft Office Word 2003.lnk
[2010-03-21 14:48:05 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\AVSMediaPlayer.m3u
[2010-03-19 19:21:49 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-17 22:12:49 | 000,720,896 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Moja praca magisterska.doc
[2010-03-17 15:39:48 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\List motywacyjny.doc
[2010-03-17 15:38:59 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\CURRICULUM VITAE.doc
[2010-03-16 18:43:18 | 002,437,544 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\PsychoCats.wmv
[2010-03-15 10:34:42 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-03-15 10:34:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2010-03-13 09:36:14 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk
[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-03-09 20:20:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-09 20:18:45 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-25 00:16:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-24 16:15:12 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Microsoft Office Excel 2003.lnk
[2010-02-24 12:51:42 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\~$ja praca magisterska.doc
[2010-02-21 18:53:46 | 000,000,578 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK
[2010-02-09 19:13:00 | 005,127,680 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\epson3736eu.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Kasiula\Pulpit\*.tmp files -> C:\Documents and Settings\Kasiula\Pulpit\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-22 14:19:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-03-22 14:19:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-03-22 14:19:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-03-22 14:19:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-03-22 14:19:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-03-22 14:16:29 | 003,897,235 | R--- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe
[2010-03-22 13:45:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-03-22 12:42:59 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll
[2010-03-22 12:40:17 | 000,015,266 | -HS- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\wo588q8Gd1tnB
[2010-03-22 09:56:02 | 000,015,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\wo588q8Gd1tnB
[2010-03-21 23:15:08 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\Kolejną grupę stanowią WSKAŹNIKI RENTOWNOŚCI.doc
[2010-03-21 18:41:35 | 000,379,847 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\2041122_niekaRaportAnalityczny27.10.20091.pdf
[2010-03-21 18:39:59 | 000,389,552 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\1691306_Raportanalitycznyniezka20.12.2007.pdf
[2010-03-16 18:43:18 | 002,437,544 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\PsychoCats.wmv
[2010-03-13 09:36:14 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk
[2010-03-10 23:11:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-03-10 23:11:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2010-03-10 17:36:43 | 002,210,067 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\f0770528.jpg
[2010-03-04 11:09:42 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\List motywacyjny.doc
[2010-03-04 11:09:31 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\CURRICULUM VITAE.doc
[2010-02-24 12:51:42 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\~$ja praca magisterska.doc
[2010-02-21 18:53:08 | 000,000,578 | ---- | C] () -- C:\WINDOWS\EPSTPLOG.BAK
[2010-02-09 19:17:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2010-02-09 19:12:13 | 005,127,680 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\epson3736eu.exe
[2009-11-17 22:46:13 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\AVSMediaPlayer.m3u
[2009-11-17 22:45:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-14 20:27:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-10-13 18:13:41 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-09-12 19:34:05 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2009-09-12 19:34:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\393699DEB8.sys
[2008-08-23 12:40:28 | 000,004,068 | ---- | C] () -- C:\WINDOWS\SONYMAP.INI
[2008-08-06 12:06:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2008-08-06 12:05:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-08-03 12:28:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2008-04-04 09:32:28 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-01-05 20:25:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007-12-07 18:06:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-12-07 18:03:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007-11-24 12:12:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007-11-02 20:14:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-11-02 12:17:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007-11-02 12:10:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007-11-02 11:25:05 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-11-02 11:04:08 | 000,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-11-02 10:31:23 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007-11-02 10:30:47 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007-11-02 10:29:48 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-03-21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001-09-17 13:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2007-12-07 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON
[2007-12-07 18:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UDL
[2008-03-16 19:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\EPSON
[2007-11-06 22:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Gadu-Gadu
[2010-03-20 14:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\RayV
[2010-03-22 14:28:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2007-11-02 10:21:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-11-02 14:16:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009-03-25 23:36:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-03-22 14:33:14 | 000,015,521 | ---- | M] () -- C:\ComboFix.txt
[2007-11-02 10:21:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-11-02 10:27:54 | 000,286,720 | ---- | M] () -- C:\Debug.txt
[2007-11-02 10:21:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-11-02 10:21:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007-11-02 14:08:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-12-25 12:45:47 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-03-22 14:27:23 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008-08-03 15:00:14 | 000,000,159 | ---- | M] () -- C:\Setup.log
[2008-01-29 18:18:12 | 000,000,016 | ---- | M] () -- C:\UsageTrack.txt
[2009-09-12 19:31:16 | 000,519,712 | ---- | M] () -- C:\vcredist_x86.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

Psycholandia
komentarz
komentarz

Co z plikiem: avgnt.exe? On jest od Aviry.

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[quote]:Processes
explorer.exe

:OTL
IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Kasiula/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

:Commands
[emptytemp]
[start explorer]
[Reboot][/quote]

Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

manugino
komentarz
komentarz

W avirze wyskakuje trojan FakeAV


[log]Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3510
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512

2010-03-27 23:37:51
mbam-log-2010-03-27 (23-37-51).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 62169
Upłynęło: 34 minute(s), 31 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0065836.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0065980.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0066129.sys (Malware.Trace) -> Quarantined and deleted successfully.
[/log]

Psycholandia
komentarz
komentarz

Daj loga z Combofix: http://www.forumpc.pl/index.php?showtopic=153621

manugino
komentarz
komentarz

[log]ComboFix 10-03-28.01 - Kasiula 2010-03-28 23:14:33.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.156 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kasiula\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Pliki utworzone od 2010-02-28 do 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-27 21:58 . 2010-03-27 21:58 -------- d-----w- C:\_OTL
2010-03-22 13:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-03-22 13:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-22 12:45 . 2010-03-22 12:45 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\Malwarebytes
2010-03-22 12:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 12:44 . 2010-03-22 12:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-03-22 12:44 . 2010-03-22 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 12:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\McAfee
2010-03-12 08:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee
2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2010-03-10 22:11 . 2010-03-15 09:34 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-09 21:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:02 . 2008-08-06 11:06 1496064 ------w- c:\windows\system32\CC3250MT.DLL
2060-08-18 16:40 . 2008-08-06 11:06 909824 ------w- c:\windows\system32\cp3245mt.dll
2060-08-18 16:40 . 2008-08-06 11:06 24064 ------w- c:\windows\system32\borlndmm.dll
2010-03-28 11:28 . 2001-10-26 16:15 85334 ----a-w- c:\windows\system32\perfc015.dat
2010-03-28 11:28 . 2001-10-26 16:15 494082 ----a-w- c:\windows\system32\perfh015.dat
2010-03-28 11:28 . 2007-11-02 10:04 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-22 08:55 . 2010-03-22 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\jasltw.dat
2010-03-20 13:08 . 2009-09-17 19:52 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\RayV
2010-02-21 17:56 . 2007-12-07 17:04 -------- d-----w- c:\program files\epson
2010-02-14 20:08 . 2010-02-11 20:38 -------- d-----w- c:\program files\Pity 2009
2010-02-14 20:06 . 2007-11-24 11:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 21:23 . 2010-02-11 21:23 -------- d-----w- c:\program files\Asseco Poland SA
2010-01-11 13:12 . 2007-11-02 13:22 60272 ----a-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2001-08-18 06:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2009-08-19 2487592]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\System32\igfxpers.exe" [2006-08-14 94208]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-8-3 950272]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-04-04 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-26 108289]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2007-11-02 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-11-02 8278]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-08-03 450560]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-04-04 159616]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - AEGISP
.
Zawartość folderu 'Zaplanowane zadania'

2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2010-03-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-12 20:18]
.
.
------- Skan uzupełniający -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.pl/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 23:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2010-03-28 23:21:24
ComboFix-quarantined-files.txt 2010-03-28 21:21
ComboFix2.txt 2010-03-22 13:33

Przed: 8 396 734 464 bajtów wolnych
Po: 8 357 171 200 bajtów wolnych

- - End Of File - - ED54426518210E04255457A15C8C1AA4[/log]

Psycholandia
komentarz
komentarz (edytowane)

Nic takiego tu nie widzę. Hm, pokaż zdjęcie tego co wyskoczyło. Albo przepisz. Wyskakuje nadal?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.