x-kom hosting

System Zacina się przy starcie

GnijCie
utworzono
utworzono (edytowane)

Witam
Mam nastepujacy problem, gdy juz zaloguje sie na konto nie moge nic robic przy wiekszym szcesciu przez 2 min inaczej nawet przez 5 !! nie wiem co jest, ale bywa że gdy zaktualizuje sie awast problem ustaje, ale dzieje sie tak prawie przy kazdym zalogowaniu. Moze ktoś z Was wie dlaczego tak jest?
[color="#ff0000"]
//przenoszę do subforum Logi do sprawdzenia
//raaz
[/color]

Bobek
komentarz
komentarz

Też tak miałem .. Tylko format został .
[color="#ff0000"]
//format to nie jest rozwiązanie
//raaz[/color]

rokko
komentarz
komentarz

[quote]Moze ktoś z Was wie dlaczego tak jest? [/quote]
W ciemno nikt na to pytanie nie jest w stanie odpowiedzieć, trzeba by diagnostykę systemu zrobić, przeglądnąć logi, dzienniki itp.

Potencjalne rozwiązanie problemu = stworzenie nowego profilu użytkownika, a później ewentualnie transfer plików ze starego profilu do nowego. Spróbuj tego i sprawdź w praktyce.

GnijCie
komentarz
komentarz

Powiem,że dam to rady znieść o ile nie wyrządza to wiekszych szkód dla komputera. A to z profilem to mam 2 profile i na każdym tak sie robi. Podajcie mi jakiś program do logów

Bobek
komentarz
komentarz

Combofix

[color="#ff0000"]//po pierwsze użycia ComboFixa mogą proponować osoby sprawdzające logi
// po drugie zacznij trochę bardziej przykładać się do pisania, bo na dzień dzisiejszy
//Twoje posty kwalifikują się tylko do kosza
//ostatni raz ostrzegam
//raaz[/color]

GnijCie
komentarz
komentarz (edytowane)

[log]ComboFix 10-05-06.05 - anka 2010-05-08 13:17:57.4.1 - x86
Uruchomiony z: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\anka\Dane aplikacji\Desktopicon
c:\documents and settings\anka\Dane aplikacji\Desktopicon\eBay.ico
c:\documents and settings\anka\Dane aplikacji\Desktopicon\uninst.exe
c:\documents and settings\anka\Dane aplikacji\EurekaLog
c:\documents and settings\anka\Dane aplikacji\EurekaLog\EurekaLog.ini

.
((((((((((((((((((((((((( Pliki utworzone od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-06 16:28 . 2010-05-06 16:28 -------- d-----w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\Ahead
2010-05-05 22:12 . 2010-05-05 22:36 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead
2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead
2010-05-05 22:06 . 2010-05-05 22:10 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero
2010-05-03 20:47 . 2010-05-03 20:47 7680 ----a-w- c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i\svchost.exe
2010-05-02 23:11 . 2010-05-02 23:11 7680 ----a-w- c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i\rundll32.exe
2010-05-02 23:11 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall
2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg
2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE
2010-05-01 12:25 . 2010-05-03 12:18 -------- d-----w- c:\program files\Unlocker
2010-04-25 21:09 . 2010-04-25 21:10 -------- d-----w- c:\documents and settings\anka\Ustawienia lokalne\Dane aplikacji\BearShare
2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games
2010-04-17 22:19 . 2010-04-17 22:19 -------- d-----w- c:\documents and settings\anka\WapSter
2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-04-17 21:49 . 2010-04-17 21:49 -------- d-----w- c:\program files\Microsoft WSE
2010-04-17 21:49 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-17 21:13 . 2010-05-05 18:15 -------- d-----w- c:\program files\Ahead
2010-04-17 20:51 . 2010-04-17 20:51 -------- d--h--w- c:\windows\$hf_mig$
2010-04-17 18:42 . 2010-04-17 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 08:16 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype
2010-05-07 18:58 . 2010-05-07 18:58 7692288 ----a-w- c:\documents and settings\anka\ntuser.tmp
2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 20:45 . 2009-03-24 20:28 -------- d-----w- c:\program files\Windows Live
2010-04-17 18:42 . 2009-08-30 11:06 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-17 18:08 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU
2010-04-16 22:16 . 2010-03-20 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 20:22 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity
2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat
2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AcrobatUpdater.exe
2010-03-20 19:27 . 2009-03-20 19:41 56856 -c--a-w- c:\documents and settings\anka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-03-20 18:17 . 2010-03-20 18:17 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Malwarebytes
2010-03-20 18:17 . 2010-03-20 18:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-03-20 16:57 . 2010-03-20 16:57 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-03-20 15:43 . 2010-03-20 15:43 -------- d-----w- c:\program files\CCleaner
2010-03-20 14:50 . 2009-04-18 10:30 -------- d-----w- c:\program files\Common Files\Macromedia
2010-03-07 15:17 . 2010-03-07 15:17 503808 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\msvcp71.dll
2010-03-07 15:17 . 2010-03-07 15:17 499712 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\jmc.dll
2010-03-07 15:17 . 2010-03-07 15:17 348160 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\msvcr71.dll
2010-03-07 15:17 . 2010-03-07 15:17 61440 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31a2c574-n\decora-sse.dll
2010-03-07 15:17 . 2010-03-07 15:17 12800 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31a2c574-n\decora-d3d.dll
2010-02-28 14:43 . 2010-02-27 16:58 0 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-27 16:44 . 2010-02-27 16:44 12 ----a-w- c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat
2010-02-26 19:33 . 2010-02-26 19:33 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\msvcp71.dll
2010-02-26 19:33 . 2010-02-26 19:33 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\jmc.dll
2010-02-26 19:33 . 2010-02-26 19:33 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\msvcr71.dll
2010-02-26 19:33 . 2010-02-26 19:33 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e360387-n\decora-sse.dll
2010-02-26 19:33 . 2010-02-26 19:33 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e360387-n\decora-d3d.dll
2010-02-24 17:35 . 2009-10-28 13:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-20 19:44 . 2009-04-16 19:55 5 -c--a-w- c:\windows\system32\SySmp3con.dat
.

------- Sigcheck -------

[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll
[7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 14:59 1379352 ----a-w- c:\program files\Wisdom-soft\tbWisd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"e:\\PROGRAMY\\eMule\\emule.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=
"e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP
"21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP

R3 FPLY;FPLY;c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe [x]
R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x]
R3 IYMRQEK;IYMRQEK;c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D.tmp [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TRMOJTKIOK;TRMOJTKIOK;c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe [x]
R3 XOOOKHKUL;XOOOKHKUL;c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe [x]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
AddRemove-Adobe_8d0dc9390f2c596455e1446b5918a40 - c:\program files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
AddRemove-ALLConverter to PSP_is1 - c:\program files\ALLConverter\PSP\unins000.exe
AddRemove-eBay Icon - c:\documents and settings\anka\Dane aplikacji\Desktopicon\uninst.exe
AddRemove-Guild Wars - e:\gry\x1\Gw.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-05-08 13:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D.tmp"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll
.
Czas ukończenia: 2010-05-08 13:25:02
ComboFix-quarantined-files.txt 2010-05-08 11:24

Przed: 1 280 188 416 bajtów wolnych
Po: 2 280 914 944 bajtów wolnych

- - End Of File - - 6D1238A425125DAEEE226F0F890EA932[/log]


Prosze oto logi

sebus1989
komentarz
komentarz (edytowane)

witam,
napisz cos wiecej o swoim problemie, co znaczy nic nie robic? w nic kliknac? nie ruszyc myszą?

GnijCie
komentarz
komentarz

moge ruszac myszka i robic wszystko ale tylko na pulpicie a np na pasku czy na start kliknac nie da rady bo sie cos laduje dopiero jak avast aktualizacja wyskoczy ze zostal zaktualizowany to jest normalnie juz

sebus1989
komentarz
komentarz

odlacz internet, odinstaluj avasta, przeczysc ccleaner wszystko, podlacz internet, sciagnij http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html , przy RPC Locator , Enable UPNP i Enable Msg maja byc zielone znaczki.
zrestartuj komputer sciagnij najnowsza wersje avasta

  • 1 miesiąc później...
GnijCie
komentarz
komentarz

sebus1989 zrobilem wszystko tak jak napisales ale to nic nie pomoglo :( jedynie na co czekam , to skanuje system przez najnowszego avasta,ale i tak wielkie dzieki za pomoc jak cos bedzie to dam znac

Tomek01
komentarz
komentarz (edytowane)

Komputer jest zainfekowany.
Poproszę jeszcze logi OTL i RSIT.

Do notatnika wklej:

[code]Driver::
MEMSWEEP2
XOOOKHKUL
TRMOJTKIOK
IYMRQEK
FPLY

File::
c:\windows\system32\drivers\lbrtfdc.sys
c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat
c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe
c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe
c:\windows\system32\D.tmp
c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe
c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe
c:\program files\Wisdom-soft\tbWisd.dll

Folder::
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"=-[/code]

Zapisz jako CFScript.txt, przeciągnij i upuść na na ikonę Combofix'a.


Załącz powstały log.

GnijCie
komentarz
komentarz (edytowane)

a możesz mi troszke wytłumaczyć jak zrobić logi z OTL i RSIT?

a oto log o który prosiłeś ten który z notatnika przeciagnalem na ComboFix'a

[log]ComboFix 10-06-19.03 - anka 2010-06-20 12:49:13.5.1 - x86
Uruchomiony z: E:\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\anka\Pulpit\CFScript.txt

FILE ::
"c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe"
"c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe"
"c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe"
"c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe"
"c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat"
"c:\program files\Wisdom-soft\tbWisd.dll"
"c:\windows\system32\D.tmp"
"c:\windows\system32\drivers\lbrtfdc.sys"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\AAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\AAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\BAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\BAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\CAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\CAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\DAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\DAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\EAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\EAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\FAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\FAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\GAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\GAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\HAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\HAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\IAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\IAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\index.dat
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\JAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\JAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\KAAAAAAA2
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\KAAAAAAA2M
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Actions Palette.psp
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Adobe Photoshop 7.0 Prefs.psp
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Brushes.psp
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\PluginCache.psp
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings\Recently Used Optimizations.irs
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\Color\ACE1Cache.lst
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\TypeSpt\AdobeFnt06.lst
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Photoshop.fon
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Required PL\ADMUI3.fon
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i\svchost.exe
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i\rundll32.exe
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.rw.lck
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.rw.tvr
c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.tvr.backup
c:\program files\Wisdom-soft\tbWisd.dll
c:\windows\system32\drivers\lbrtfdc.sys

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FPLY
-------\Legacy_IYMRQEK
-------\Legacy_MEMSWEEP2
-------\Legacy_TRMOJTKIOK
-------\Legacy_XOOOKHKUL
-------\Service_FPLY
-------\Service_IYMRQEK
-------\Service_MEMSWEEP2
-------\Service_TRMOJTKIOK
-------\Service_XOOOKHKUL


((((((((((((((((((((((((( Pliki utworzone od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-19 11:41 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-19 11:41 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-19 11:41 . 2010-04-14 16:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-19 11:41 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-19 11:41 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 11:00 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU
2010-06-20 10:54 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall
2010-06-20 10:53 . 2010-02-08 22:50 -------- d-----w- c:\program files\Wisdom-soft
2010-06-19 11:40 . 2010-06-19 11:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-06-19 11:40 . 2009-03-20 19:29 -------- d-----w- c:\program files\Alwil Software
2010-06-18 22:14 . 2010-06-18 21:44 -------- d-----w- c:\program files\StepMania
2010-06-15 20:21 . 2010-06-15 20:21 -------- d-----w- c:\program files\ChomikBox
2010-06-15 20:16 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead
2010-06-15 18:48 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype
2010-06-02 17:27 . 2010-06-02 17:27 -------- d-----w- c:\program files\Lavalys
2010-05-30 18:52 . 2010-05-30 18:51 -------- d-----w- c:\program files\Realtek AC97
2010-05-28 20:34 . 2010-05-28 20:34 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-sse.dll
2010-05-28 20:34 . 2010-05-28 20:34 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-d3d.dll
2010-05-28 20:34 . 2010-05-28 20:34 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcr71.dll
2010-05-28 20:34 . 2010-05-28 20:34 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcp71.dll
2010-05-28 20:34 . 2010-05-28 20:34 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\jmc.dll
2010-05-16 10:50 . 2010-05-16 10:50 56856 ----a-w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-05-15 18:53 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity
2010-05-11 18:02 . 2010-05-11 18:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3AEA
2010-05-08 19:10 . 2010-05-08 19:10 76782 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\Uninstall.exe
2010-05-08 19:10 . 2010-05-08 19:10 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVUClient
2010-05-08 18:44 . 2010-05-08 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F8C
2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead
2010-05-05 22:10 . 2010-05-05 22:06 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero
2010-05-05 18:15 . 2010-04-17 21:13 -------- d-----w- c:\program files\Ahead
2010-05-03 16:24 . 2010-05-03 16:24 92312 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUupdater.exe
2010-05-03 16:24 . 2010-05-03 16:24 21760 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe
2010-05-03 16:24 . 2010-05-03 16:24 52992 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUClient.exe
2010-05-03 16:21 . 2010-05-03 16:21 121856 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\WriteMiniDump.exe
2010-05-03 16:18 . 2010-05-03 16:18 46592 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-05-03 16:18 . 2010-05-03 16:18 54784 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\nphwndproxy.dll
2010-05-03 16:18 . 2010-05-03 16:18 1263616 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\SceneWindow.dll
2010-05-03 16:17 . 2010-05-03 16:17 16896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\MemoryHook.dll
2010-05-03 16:16 . 2010-05-03 16:16 320000 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\cal3d.dll
2010-05-03 16:15 . 2010-05-03 16:15 202752 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\boost_python.dll
2010-05-03 16:15 . 2010-05-03 16:15 29184 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\CallStack.dll
2010-05-03 12:18 . 2010-05-01 12:25 -------- d-----w- c:\program files\Unlocker
2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg
2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE
2010-04-26 23:14 . 2010-04-26 23:14 224768 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\audiere.dll
2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games
2010-04-22 04:44 . 2010-04-22 04:44 7506576 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe
2010-04-22 04:44 . 2010-04-22 04:44 4792976 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\vivoxsdk.dll
2010-04-22 04:44 . 2010-04-22 04:44 330896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\libsndfile-1.dll
2010-04-22 04:44 . 2010-04-22 04:44 266384 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\npvivoxvoiceplugin.dll
2010-04-22 04:44 . 2010-04-22 04:44 246416 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ortp.dll
2010-04-22 04:44 . 2010-04-22 04:44 275088 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\vivoxoal.dll
2010-04-22 04:44 . 2010-04-22 04:44 1034896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\dbghelp.dll
2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat
2010-04-16 18:18 . 2010-04-16 18:18 3771296 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\NPSWF32.dll
2010-04-16 18:18 . 2010-04-16 18:18 184832 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ssleay32.dll
2010-04-16 18:18 . 2010-04-16 18:18 1006080 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\libeay32.dll
2010-04-16 18:13 . 2010-04-16 18:13 271929 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pixomatic.dll
2010-04-16 18:10 . 2010-04-16 18:10 49664 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\w9xpopen.exe
2010-04-16 18:10 . 2010-04-16 18:10 353280 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pythoncom26.dll
2010-04-16 18:10 . 2010-04-16 18:10 2251264 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\python26.dll
2010-04-16 18:10 . 2010-04-16 18:10 110080 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pywintypes26.dll
2010-04-14 16:47 . 2010-06-19 11:40 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-06-19 11:40 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:31 . 2010-06-19 11:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-06-19 11:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:30 . 2010-06-19 11:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat
2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AcrobatUpdater.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll
[7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"e:\\PROGRAMY\\eMule\\emule.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=
"e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\anka\\Dane aplikacji\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP
"21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP

R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 12:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUClient.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2010-06-20 13:05:13 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-06-20 11:04
ComboFix2.txt 2010-05-08 11:25

Przed: 1 758 957 568 bajtów wolnych
Po: 1 846 394 880 bajtów wolnych

- - End Of File - - F91DC8115A52DA6B2FF2F6A28661DAAE[/log]

Tomek01
komentarz
komentarz (edytowane)

Zdecydowanie do usunięcia jest też:
c:\documents and settings\anka\Dane aplikacji\IMVUClient

Adobe Acrobat też podejrzanie wygląda. Najlepiej odinstalować i zainstalować ponownie świeżą wersję.


Do Avengera wklej:

[code]Folders to delete:
c:\documents and settings\anka\Dane aplikacji\IMVUClient[/code]

Execute...

Załącz raport z usuwania oraz logi [url="http://images.malwareremoval.com/random/RSIT.exe"][b][color="#0000FF"]R[/color]andom's [color="#0000FF"]S[/color]ystem [color="#0000FF"]I[/color]nformation [color="#0000FF"]T[/color]ool[/b][/url] oraz [url="http://www.instalki.pl/programy/download_c/13/3138.html"][color="#0000FF"][b]OTL[/b][/color][/url].

GnijCie
komentarz
komentarz (edytowane)

probowalem usunac adobe acrobat ale nie bylo go w dodaj/usun musialem zrobic to recznie przy czym nie idzie usunac folderu z AA w ktorym jest niejaki ActiveX reszte zrobie jutro i zdam z tego raport ;d

oto raport z usuwania (Avenger)

[log]//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Mon Jun 21 17:57:08 2010

17:57:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Mon Jun 21 17:57:18 2010

17:57:18: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\documents and settings\anka\Dane aplikacji\IMVUClient" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.[/log]



logi Random's System Information Tool


[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by anka at 2010-06-21 18:03:37
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 2 GB (17%) free of 10 GB
Total RAM: 767 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:43, on 2010-06-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\RSIT.exe
C:\Program Files\trend micro\anka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ALLUpdate] "E:\PROGRAMY\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg
O24 - Desktop Component 1: (no name) - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg

--
End of file - 6406 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=E:\PROGRAMY\ALLPlayer\ALLUpdate.exe [2009-11-11 870400]
"Wisdom-soft ScreenHunter 5.1 Free"=0 []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
E:\PROGRAMY\AQQ\WAPSTE~1\AQQ.exe [2009-11-17 6807552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

C:\Documents and Settings\anka\Menu Start\Programy\Autostart
IMVU.lnk - C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"RestrictRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"E:\PROGRAMY\eMule\emule.exe"="E:\PROGRAMY\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\PROGRAMY\AQQ\WapSter AQQ\AQQ.exe"="E:\PROGRAMY\AQQ\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Communicator"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit -
.txt - open - notepad.exe %1

======List of files/folders created in the last 3 months======

2010-06-21 18:03:37 ----D---- C:\rsit
2010-06-21 18:03:37 ----D---- C:\Program Files\trend micro
2010-06-21 17:59:27 ----D---- C:\Avenger
2010-06-21 17:57:08 ----A---- C:\avenger.txt
2010-06-20 22:44:29 ----D---- C:\32788R22FWJFW
2010-06-20 21:41:25 ----SHD---- C:\RECYCLER
2010-06-20 13:05:14 ----A---- C:\ComboFix.txt
2010-06-20 12:46:37 ----D---- C:\ComboFix
2010-06-19 13:40:56 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-19 13:40:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
2010-06-18 23:44:46 ----D---- C:\Program Files\StepMania
2010-06-15 22:21:16 ----D---- C:\Program Files\ChomikBox
2010-06-12 01:06:14 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-06-02 19:27:11 ----D---- C:\Program Files\Lavalys
2010-05-30 20:51:55 ----D---- C:\Program Files\Realtek AC97
2010-05-11 20:02:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\3AEA
2010-05-08 20:44:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\F8C
2010-05-07 20:46:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\zip.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWSC.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWREG.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\sed.exe
2010-05-07 20:46:28 ----A---- C:\WINDOWS\grep.exe
2010-05-07 20:45:54 ----D---- C:\Qoobox
2010-05-06 00:12:56 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Ahead
2010-05-06 00:12:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2010-05-06 00:06:05 ----D---- C:\Program Files\Nero
2010-05-06 00:06:05 ----D---- C:\Program Files\Common Files\Ahead
2010-05-06 00:06:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2010-05-06 00:04:38 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-05-06 00:04:30 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-05-03 01:11:01 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Thinstall
2010-05-02 17:08:39 ----D---- C:\Program Files\Steinberg
2010-05-02 00:10:46 ----D---- C:\Program Files\Windows Installer Clean Up
2010-05-02 00:10:13 ----D---- C:\Program Files\MSECACHE
2010-05-01 14:25:32 ----D---- C:\Program Files\Unlocker
2010-04-24 18:17:14 ----D---- C:\Program Files\Rockstar Games
2010-04-17 23:49:52 ----D---- C:\Program Files\Microsoft WSE
2010-04-17 23:49:21 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-04-17 23:13:24 ----D---- C:\Program Files\Ahead
2010-04-17 23:02:34 ----D---- C:\Program Files\Adobe
2010-04-17 22:58:35 ----D---- C:\Program Files\Common Files\Services
2010-04-17 22:51:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-17 22:49:15 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-17 20:42:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-23 23:22:24 ----D---- C:\WINDOWS\Logs

======List of files/folders modified in the last 3 months======

2010-06-21 18:03:37 ----RD---- C:\Program Files
2010-06-21 18:02:27 ----D---- C:\WINDOWS\Temp
2010-06-21 17:59:27 ----D---- C:\WINDOWS\system32\drivers
2010-06-21 17:59:27 ----D---- C:\WINDOWS\system32
2010-06-21 17:58:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-21 17:10:28 ----D---- C:\Documents and Settings\anka\Dane aplikacji\IMVU
2010-06-21 16:41:57 ----D---- C:\Program Files\Mozilla Firefox
2010-06-20 22:59:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-06-20 22:37:18 ----D---- C:\WINDOWS
2010-06-20 22:36:16 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Adobe
2010-06-20 13:02:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 12:58:20 ----A---- C:\WINDOWS\system.ini
2010-06-20 12:55:01 ----D---- C:\WINDOWS\system32\config
2010-06-20 12:54:49 ----D---- C:\WINDOWS\ERDNT
2010-06-20 12:54:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-20 12:53:57 ----D---- C:\Program Files\Wisdom-soft
2010-06-20 12:51:58 ----D---- C:\WINDOWS\AppPatch
2010-06-20 12:51:56 ----D---- C:\Program Files\Common Files
2010-06-20 12:44:46 ----D---- C:\WINDOWS\Prefetch
2010-06-19 13:41:05 ----SHD---- C:\WINDOWS\Installer
2010-06-19 13:41:04 ----D---- C:\WINDOWS\WinSxS
2010-06-19 13:40:45 ----D---- C:\Program Files\Alwil Software
2010-06-15 22:22:25 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-15 20:48:59 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Skype
2010-05-30 20:52:14 ----HD---- C:\WINDOWS\inf
2010-05-30 20:52:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-15 20:53:11 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Audacity
2010-05-06 00:04:39 ----D---- C:\WINDOWS\system32\DirectX
2010-05-03 00:52:16 ----D---- C:\Program Files\Common Files\Adobe
2010-05-02 23:55:12 ----RSD---- C:\WINDOWS\Fonts
2010-04-26 18:05:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-26 15:58:12 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 23:49:53 ----RSD---- C:\WINDOWS\assembly
2010-04-17 22:45:49 ----D---- C:\Program Files\Windows Live
2010-04-17 21:25:59 ----D---- C:\Program Files\Microsoft Office
2010-04-17 20:42:34 ----D---- C:\Program Files\Common Files\Ulead Systems
2010-04-17 19:31:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-17 00:16:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-16 16:52:28 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2010-03-28 16:52:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 19:03:26 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-04-14 297552]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GPU-Z;GPU-Z; \??\C:\DOCUME~1\anka\USTAWI~1\Temp\GPU-Z.sys []
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2005-07-25 14464]
S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------[/log]


oraz OTL

[log]OTL logfile created on: 2010-06-21 18:06:58 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 504,00 Mb Available Physical Memory | 66,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 1,72 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,07 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive E: | 62,52 Gb Total Space | 3,97 Gb Free Space | 6,35% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMOWY
Current User Name: anka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008-04-14 23:51:18 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-07-11 22:42:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-10-17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005-07-25 08:13:00 | 000,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVUspace Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "IMVUspace Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 19:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-28 18:24:23 | 000,000,000 | ---D | M]

[2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions
[2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions
[2010-02-08 20:58:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml
[2009-12-16 15:50:30 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml
[2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009-07-31 00:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-31 00:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-31 00:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-31 00:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-31 00:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-31 00:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-06-20 12:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ALLUpdate] E:\PROGRAMY\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found
O4 - Startup: C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg
O24 - Desktop Components:1 () - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg
O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 21:14:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\rsit
[2010-06-21 17:59:27 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-06-20 22:44:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-06-20 21:41:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-06-20 12:46:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-06-19 13:41:16 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-06-19 13:41:16 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-06-19 13:41:15 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-06-19 13:41:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-06-19 13:41:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-06-19 13:41:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-06-19 13:41:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-06-19 13:41:13 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-06-19 13:40:56 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-06-19 13:40:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-06-19 13:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-06-19 13:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\anka\Recent
[2010-06-18 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2010-06-15 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox
[2010-06-02 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-05-30 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-05-28 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-06-21 18:01:37 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-06-21 18:01:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-21 18:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-21 18:01:11 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-21 17:59:02 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\anka\NTUSER.DAT
[2010-06-21 17:58:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\anka\ntuser.ini
[2010-06-21 17:58:24 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc
[2010-06-21 16:46:37 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk
[2010-06-20 12:58:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-20 12:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-19 22:59:13 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL
[2010-06-19 22:41:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc
[2010-06-19 21:30:45 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL
[2010-06-19 13:41:14 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-06-16 23:21:02 | 000,070,870 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\untitled.JPG
[2010-06-16 21:04:55 | 000,055,716 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg
[2010-06-16 19:09:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-15 23:00:19 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\default.pls
[2010-06-15 22:22:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-13 15:27:17 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL
[2010-06-12 01:09:17 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-06-07 21:20:04 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Ozzy Scare at Madame Tussauds Wax Museum.URL
[2010-06-07 20:24:44 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL
[2010-06-07 18:53:05 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL
[2010-06-06 00:08:14 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL
[2010-05-30 23:29:16 | 000,028,428 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\angels_n_devils_cd.jpg
[2010-05-29 23:39:05 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk
[2010-05-29 22:13:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc
[2010-05-25 22:03:33 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc
[2010-05-24 19:09:44 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL
[2010-05-24 19:09:08 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL
[2010-05-23 22:16:38 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL
[2010-05-23 00:54:06 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL
[2010-05-22 22:29:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Poleca się by jeść 20.doc
[2010-05-22 22:12:22 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Zasadotwórcza Żywność.doc
[2010-05-22 21:04:27 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Ditea Uszatki.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-20 22:02:12 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc
[2010-06-19 22:59:13 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL
[2010-06-19 22:41:26 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc
[2010-06-19 21:30:45 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL
[2010-06-16 23:20:58 | 000,070,870 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\untitled.JPG
[2010-06-16 21:04:50 | 000,055,716 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg
[2010-06-15 22:18:46 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\default.pls
[2010-06-13 15:27:17 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL
[2010-06-12 01:06:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-06-11 19:49:46 | 000,117,018 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\298583087.jpg
[2010-06-07 21:20:04 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Ozzy Scare at Madame Tussauds Wax Museum.URL
[2010-06-07 20:24:44 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL
[2010-06-07 18:53:05 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL
[2010-06-06 00:08:14 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL
[2010-05-30 23:29:15 | 000,028,428 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\angels_n_devils_cd.jpg
[2010-05-29 22:13:22 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc
[2010-05-28 21:16:50 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk
[2010-05-25 22:03:32 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc
[2010-05-24 19:09:44 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL
[2010-05-24 19:09:08 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL
[2010-05-23 22:16:38 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL
[2010-05-23 00:54:06 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL
[2010-05-22 22:26:40 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Poleca się by jeść 20.doc
[2010-05-22 22:12:22 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Zasadotwórcza Żywność.doc
[2010-05-22 21:04:26 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Ditea Uszatki.doc
[2009-08-30 13:09:56 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009-08-30 13:09:56 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009-08-30 13:09:56 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009-08-30 13:09:56 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009-06-26 20:46:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll
[2009-06-26 20:46:23 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2009-04-16 22:00:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2009-04-16 21:55:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-03-27 14:53:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-24 20:29:50 | 000,010,197 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009-03-21 00:54:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-21 00:00:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-21 00:00:37 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-03-21 00:00:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-03-21 00:00:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-21 00:00:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-03-20 22:30:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-03-20 21:26:33 | 000,002,457 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-11-26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2010-06-16 23:20:48 | 000,000,257 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url
[2010-06-16 23:20:48 | 000,000,257 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url
[2010-05-23 22:30:49 | 000,000,068 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL
[2010-05-23 22:30:49 | 000,000,068 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86
< End of report >[/log]

Tomek01
komentarz
komentarz (edytowane)

Kroki końcowe.
Odinstaluj Combofix'a: Start >>> Uruchom >>> combofix /u [i naciskasz OK]

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"=-

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVUspace Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "IMVUspace Customized Web Search"
[2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com[2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml
[2009-12-16 15:50:30 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml
O4 - Startup: C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86

:Files
C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk
C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe
C:\Documents and Settings\anka\Dane aplikacji\IMVU
C:\Qoobox

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]
Klikasz run fix, komputer uruchamia się ponownie.


Załącz log z usuwania oraz nowy log OTL.

GnijCie
komentarz
komentarz

oto log z usuwania ComboFixa

[log]ComboFix 10-06-19.03 - anka 2010-06-21 19:45:18.7.1 - x86
Uruchomiony z: E:\ComboFix.exe
Użyto następujących komend :: /u
.

((((((((((((((((((((((((( Pliki utworzone od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 16:03 . 2010-06-21 16:05 -------- d-----w- C:\rsit
2010-06-21 16:03 . 2010-06-21 16:05 -------- d-----w- c:\program files\trend micro
2010-06-19 11:41 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-19 11:41 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-19 11:41 . 2010-04-14 16:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-19 11:41 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-19 11:41 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-19 11:41 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-19 11:41 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-19 11:41 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-19 11:40 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-19 11:40 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-19 11:40 . 2010-06-19 11:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-06-18 21:44 . 2010-06-18 22:14 -------- d-----w- c:\program files\StepMania
2010-06-15 20:21 . 2010-06-15 20:21 -------- d-----w- c:\program files\ChomikBox
2010-06-02 17:27 . 2010-06-02 17:27 -------- d-----w- c:\program files\Lavalys
2010-05-30 18:51 . 2010-05-30 18:52 -------- d-----w- c:\program files\Realtek AC97
2010-05-28 20:34 . 2010-05-28 20:34 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-sse.dll
2010-05-28 20:34 . 2010-05-28 20:34 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-d3d.dll
2010-05-28 20:34 . 2010-05-28 20:34 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcr71.dll
2010-05-28 20:34 . 2010-05-28 20:34 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcp71.dll
2010-05-28 20:34 . 2010-05-28 20:34 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\jmc.dll
2010-05-28 19:16 . 2010-06-20 19:41 -------- d-----w- c:\documents and settings\All Users\Pulpit

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 15:10 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU
2010-06-20 10:54 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall
2010-06-20 10:53 . 2010-02-08 22:50 -------- d-----w- c:\program files\Wisdom-soft
2010-06-19 11:40 . 2009-03-20 19:29 -------- d-----w- c:\program files\Alwil Software
2010-06-15 20:16 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead
2010-06-15 18:48 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype
2010-05-16 10:50 . 2010-05-16 10:50 56856 ----a-w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-05-15 18:53 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity
2010-05-11 18:02 . 2010-05-11 18:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3AEA
2010-05-08 18:44 . 2010-05-08 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F8C
2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead
2010-05-05 22:10 . 2010-05-05 22:06 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero
2010-05-05 18:15 . 2010-04-17 21:13 -------- d-----w- c:\program files\Ahead
2010-05-03 12:18 . 2010-05-01 12:25 -------- d-----w- c:\program files\Unlocker
2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg
2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE
2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games
2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat
2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat
2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll
[7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-08_11.22.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-21 16:01 . 2010-06-21 16:01 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2010-05-30 18:52 . 2008-04-14 21:51 23552 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2010-05-30 18:52 . 2008-04-13 23:15 49408 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys
+ 2010-05-30 18:52 . 2008-04-13 23:15 60160 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys
+ 2004-08-03 23:08 . 2008-04-13 22:15 49408 c:\windows\system32\drivers\stream.sys
- 2004-08-03 23:08 . 2008-04-13 23:15 49408 c:\windows\system32\drivers\stream.sys
+ 2009-03-20 20:30 . 2008-04-13 22:15 60160 c:\windows\system32\drivers\drmk.sys
- 2009-03-20 20:30 . 2008-04-13 23:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2004-08-03 23:08 . 2008-04-13 22:15 49408 c:\windows\system32\dllcache\stream.sys
+ 2010-02-27 16:58 . 2008-04-13 22:10 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2009-03-20 20:30 . 2008-04-13 22:15 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-03-20 20:31 . 2006-08-01 14:02 49152 c:\windows\system32\ChCfg.exe
+ 2009-03-20 20:31 . 2006-08-01 13:02 49152 c:\windows\system32\ChCfg.exe
+ 2010-05-30 18:52 . 2008-04-14 21:50 4096 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-03-20 20:30 . 2006-10-18 00:53 147456 c:\windows\system32\RtlCPAPI.dll
- 2009-03-20 20:30 . 2006-10-18 01:53 147456 c:\windows\system32\RtlCPAPI.dll
+ 2010-05-30 18:52 . 2006-11-17 04:42 577536 c:\windows\system32\ReinstallBackups\0006\DriverFiles\SOUNDMAN.EXE
+ 2010-05-30 18:52 . 2006-10-18 01:53 147456 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPAPI.dll
+ 2010-05-30 18:52 . 2008-04-13 23:49 146048 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys
+ 2010-05-30 18:52 . 2008-04-13 23:46 141056 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys
+ 2010-05-30 18:52 . 2006-07-31 09:27 217088 c:\windows\system32\ReinstallBackups\0006\DriverFiles\Alcrmv.exe
+ 2009-03-20 20:30 . 2008-04-13 22:49 146048 c:\windows\system32\drivers\portcls.sys
- 2009-03-20 20:30 . 2008-04-13 23:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-03 23:15 . 2008-04-13 22:46 141056 c:\windows\system32\drivers\ks.sys
- 2004-08-03 23:15 . 2008-04-13 23:46 141056 c:\windows\system32\drivers\ks.sys
+ 2009-03-20 20:30 . 2008-04-13 22:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-03 23:15 . 2008-04-13 22:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2010-06-19 10:55 . 2010-06-19 10:55 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-03-20 20:30 . 2007-04-16 13:28 577536 c:\windows\soundman.exe
- 2009-03-20 20:30 . 2006-11-17 04:42 577536 c:\windows\soundman.exe
+ 2010-06-19 11:41 . 2010-06-19 11:41 219648 c:\windows\Installer\a6e20.msi
+ 2009-03-20 20:30 . 2006-07-31 09:19 315392 c:\windows\alcupd.exe
- 2009-03-20 20:30 . 2006-07-31 10:19 315392 c:\windows\alcupd.exe
- 2009-03-20 20:30 . 2006-07-31 10:27 217088 c:\windows\Alcrmv.exe
+ 2009-03-20 20:30 . 2006-07-31 09:27 217088 c:\windows\Alcrmv.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-05-30 18:52 . 2007-03-08 13:34 4027840 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCXWDM.SYS
+ 2009-03-20 20:30 . 2008-09-24 08:40 4122368 c:\windows\system32\drivers\alcxwdm.sys
- 2009-03-20 20:30 . 2006-12-08 14:20 10528768 c:\windows\system32\RTLCPL.exe
+ 2009-03-20 20:30 . 2006-12-08 13:20 10528768 c:\windows\system32\RTLCPL.exe
+ 2010-05-30 18:52 . 2006-12-08 14:20 10528768 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPL.EXE
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"e:\\PROGRAMY\\eMule\\emule.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=
"e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP
"21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP

R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-IMVU Avatar chat client software BETA - c:\documents and settings\anka\Dane aplikacji\IMVUClient\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 19:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Czas ukończenia: 2010-06-21 19:53:31
ComboFix-quarantined-files.txt 2010-06-21 17:53
ComboFix2.txt 2010-06-20 11:05
ComboFix3.txt 2010-05-08 11:25

Przed: 1 830 412 288 bajtów wolnych
Po: 1 825 046 528 bajtów wolnych

- - End Of File - - D0A3EF0CD8A7261B948351EC95BFF2D4[/log]

i nowy log OTL

[log]All processes killed
========== PROCESSES ==========
Process Explorer.exe killed successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully.
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "IMVUspace Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "IMVUspace Customized Web Search" removed from browser.search.selectedEngine
C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com folder moved successfully.
C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
File C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll not found.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk not found.
File\Folder C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe not found.
C:\Documents and Settings\anka\Dane aplikacji\IMVU\Cache folder moved successfully.
C:\Documents and Settings\anka\Dane aplikacji\IMVU folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files\Wisdom-soft folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Required PL folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\TypeSpt folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\Color folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir% folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData% folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\EurekaLog folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Desktopicon folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\anka folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: daedd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 213755 bytes
->FireFox cache emptied: 10581469 bytes
->Flash cache emptied: 564 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: anka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87218367 bytes
->Flash cache emptied: 3656 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 11482 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 96,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06212010_201816

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...[/log]

Tomek01
komentarz
komentarz

Ty miałeś odinstalować Combofix'a a nie załączać z niego log. Nowy log miał być z OTL.

GnijCie
komentarz
komentarz

odinstalowalem go i taki log wyszedl

Tomek01
komentarz
komentarz

Ale czekam na nowy log OTL.

GnijCie
komentarz
komentarz

no ale przecież jest podany chyba ze jest jakis bład i go nie widac zaraz pod tym od ComboFixa jest wypisany chyba ze nie o ten chodzi?

Tomek01
komentarz
komentarz

Nie, Ty załączyłeś log z usuwania OTL a nie nowy log.

GnijCie
komentarz
komentarz

kurde to ja juz nic nie rozumiem :( OTL mam dalej na dysku. Wszysto co zrobilem, to wkleilem to co podales do tego okienka w otl i dalem na run fix i taki log wyszedl tak ponoc mialo byc.
To mam teraz wlaczyc OTL od nowa i dac na zwykle skanowanie??

Tomek01
komentarz
komentarz

Dokładnie tak. Muszę sprawdzić czy nie powróciły pewne wpisy.

GnijCie
komentarz
komentarz

oto i on

[log]OTL logfile created on: 2010-06-21 22:31:20 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 466,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 1,94 Gb Free Space | 19,41% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,07 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive E: | 62,52 Gb Total Space | 3,80 Gb Free Space | 6,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMOWY
Current User Name: anka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008-04-14 23:51:18 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-07-11 22:42:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-10-17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005-07-25 08:13:00 | 000,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 19:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-28 18:24:23 | 000,000,000 | ---D | M]

[2010-06-21 20:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions
[2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions
[2010-02-08 20:58:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml
[2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009-07-31 00:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-31 00:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-31 00:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-31 00:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-31 00:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-31 00:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-06-20 12:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ALLUpdate] E:\PROGRAMY\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg
O24 - Desktop Components:1 () - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg
O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 21:14:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-06-21 20:12:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\rsit
[2010-06-21 17:59:27 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-06-19 13:41:16 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-06-19 13:41:16 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-06-19 13:41:15 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-06-19 13:41:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-06-19 13:41:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-06-19 13:41:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-06-19 13:41:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-06-19 13:41:13 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-06-19 13:40:56 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-06-19 13:40:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-06-19 13:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-06-19 13:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\anka\Recent
[2010-06-18 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2010-06-15 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox
[2010-06-02 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-05-30 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-05-28 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-06-21 21:21:18 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Maskakryczna akcja wege!.URL
[2010-06-21 20:25:58 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-06-21 20:25:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-21 20:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-21 20:24:59 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-21 20:22:23 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\anka\NTUSER.DAT
[2010-06-21 20:22:23 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\anka\ntuser.ini
[2010-06-21 19:51:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-21 17:58:24 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc
[2010-06-20 12:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-19 22:59:13 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL
[2010-06-19 22:41:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc
[2010-06-19 21:30:45 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL
[2010-06-19 13:41:14 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-06-16 21:04:55 | 000,055,716 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg
[2010-06-16 19:09:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-15 23:00:19 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\default.pls
[2010-06-15 22:22:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-13 15:27:17 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL
[2010-06-12 01:09:17 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-06-07 20:24:44 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL
[2010-06-07 18:53:05 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL
[2010-06-06 00:08:14 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL
[2010-05-29 23:39:05 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk
[2010-05-29 22:13:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc
[2010-05-25 22:03:33 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc
[2010-05-24 19:09:44 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL
[2010-05-24 19:09:08 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL
[2010-05-23 22:16:38 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL
[2010-05-23 00:54:06 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-21 21:21:18 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Maskakryczna akcja wege!.URL
[2010-06-20 22:02:12 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc
[2010-06-19 22:59:13 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL
[2010-06-19 22:41:26 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc
[2010-06-19 21:30:45 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL
[2010-06-16 21:04:50 | 000,055,716 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg
[2010-06-15 22:18:46 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\default.pls
[2010-06-13 15:27:17 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL
[2010-06-12 01:06:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-06-07 20:24:44 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL
[2010-06-07 18:53:05 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL
[2010-06-06 00:08:14 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL
[2010-05-29 22:13:22 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc
[2010-05-28 21:16:50 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk
[2010-05-25 22:03:32 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc
[2010-05-24 19:09:44 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL
[2010-05-24 19:09:08 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL
[2010-05-23 22:16:38 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL
[2010-05-23 00:54:06 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL
[2009-08-30 13:09:56 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009-08-30 13:09:56 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009-08-30 13:09:56 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009-08-30 13:09:56 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009-06-26 20:46:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll
[2009-06-26 20:46:23 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2009-04-16 22:00:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2009-04-16 21:55:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-03-27 14:53:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-24 20:29:50 | 000,010,197 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009-03-21 00:54:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-21 00:00:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-21 00:00:37 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-03-21 00:00:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-03-21 00:00:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-21 00:00:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-03-20 22:30:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-03-20 21:26:33 | 000,002,457 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-11-26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2010-06-16 23:20:48 | 000,000,257 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url
[2010-06-16 23:20:48 | 000,000,257 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url
[2010-05-23 22:30:49 | 000,000,068 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL
[2010-05-23 22:30:49 | 000,000,068 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL
< End of report >[/log]

Tomek01
komentarz
komentarz

Wygląda czysto.

Profilaktycznie Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.