x-kom hosting

problemy z trojan PWS Wsgame 13295

futro999
utworzono
utworzono (edytowane)

Witam serdecznie!

Mam na dysku Trojan PWS Wsgame 13295.

Próbowałem usunąć go Dr.Web ale po restarcie systemu
wirus mimo wszystko się odnawia.

Chcę się pozbyć paskudy bo komp mi przez to chrupie,
lecz nie wiem do końca jak się za to zabrać.

Proszę o pomoc specjalistę, który się na tym zna.

Pozdrawiam

[log]OTL logfile created on: 2010-06-14 10:14:58 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 202,00 Mb Available Physical Memory | 20,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting              1536 3072      end_of_the_skype_highlighting [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,61 Gb Free Space | 33,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FUTREK-80A69FE1
Current User Name: nazwa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2010-05-20 12:10:09 | 001,973,000 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\drweb32w.exe
PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-24 20:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe
PRC - [2010-03-09 11:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2010-03-09 11:02:14 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010-03-04 16:22:17 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe
PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-05-15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-15 14:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll
MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 14:00:00 | 001,104,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-15 14:00:00 | 000,668,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2008-04-15 14:00:00 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2008-04-15 14:00:00 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 14:00:00 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll
MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 14:00:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 14:00:00 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-15 14:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 14:00:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll
MOD - [2008-04-15 14:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-15 14:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-15 14:00:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008-04-15 14:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 14:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2008-04-15 14:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-15 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008-04-15 14:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2008-04-15 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-15 14:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2007-05-14 15:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2006-10-27 01:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2006-10-27 01:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2006-10-27 01:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2006-10-27 01:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Running] -- -- (PxHelp20)
DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF)
DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R)
DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: raf@down:0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions
[2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions
[2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download
[2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down
[2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml
[2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
[2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX
[2010-06-12 19:16:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent
[2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu
[2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu
[2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup
[2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys
[2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-06-03 17:01:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nazwa\UserData
[2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data
[2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb
[2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB
[2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202
[2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player
[2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache
[2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza
[2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo
[2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
[2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings
[2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio
[2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska
[2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-06-14 10:09:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-13 15:24:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-13 15:24:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-13 15:24:13 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini
[2010-06-13 15:24:12 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT
[2010-06-12 19:16:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml
[2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-13 15:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0
[2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job
[2010-06-14 10:09:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt
[2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-06-13 15:24:51 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >
[/log]

Tomek01
komentarz
komentarz

Załącz jeszcze log RSIT.
W jakiej ścieżce jest wykrywany wirus ? Może masz raport z DrWeb'a ?

  • Dobra wypowiedź 1
futro999
komentarz
komentarz

[quote name='Tomek01' date='14 czerwiec 2010 - 17:32' timestamp='1276533281' post='1036209']
Załącz jeszcze log RSIT.
W jakiej ścieżce jest wykrywany wirus ? Może masz raport z DrWeb'a ?
[/quote]

Witam!

Dzięki za szybką odpowiedź.

Mam logi z RSITa

[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by nazwa at 2010-06-14 21:12:30
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 7 GB (33%) free of 20 GB
Total RAM: 1022 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:43, on 2010-06-14
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Auto-Backup\Auto-Backup.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe
C:\Program Files\trend micro\nazwa.exe
C:\Program Files\DrWeb\drweb32w.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7217 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Dr.Web Daily scan.job
C:\WINDOWS\tasks\Dr.Web Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]
"SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360]
"Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200]
"SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu []
"Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dwsh000003D1.SYS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dwsh000003D1.SYS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1932da-62a5-11df-822b-001302a99def}]
shell\AutoRun\command - D:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}]
shell\AutoRun\command - I:\BEKAM\\\\\\\\\\IGOR.exe
shell\explore\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe
shell\open\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe


======List of files/folders created in the last 1 months======

2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro
2010-06-14 21:12:30 ----D---- C:\rsit
2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
2010-06-13 20:48:13 ----D---- C:\Program Files\DivX
2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX
2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu
2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup
2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline
2010-05-31 18:46:09 ----A---- C:\Log.txt
2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine
2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb
2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web
2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB

======List of files/folders modified in the last 1 months======

2010-06-14 21:13:02 ----D---- C:\WINDOWS\Prefetch
2010-06-14 21:12:36 ----RD---- C:\Program Files
2010-06-14 20:45:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype
2010-06-14 20:23:59 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM
2010-06-14 17:52:14 ----D---- C:\WINDOWS\Temp
2010-06-14 16:48:42 ----D---- C:\WINDOWS
2010-06-14 16:48:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-14 16:48:13 ----D---- C:\WINDOWS\system32
2010-06-14 13:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer
2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files
2010-06-13 23:08:28 ----D---- C:\WINDOWS\system32\drivers
2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks
2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf
2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd
2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-31 15:25:05 ----D---- C:\WINDOWS\system32\Restore
2010-05-31 15:25:04 ----SHD---- C:\System Volume Information
2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-15 09:22:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys []
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 agukvx1p;agukvx1p; C:\WINDOWS\system32\drivers\agukvx1p.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
[/log]

z Dr.WEBa nie mam raportu, ale moge zrobić kolejny skan.

Dokładnej ścieżki nie pamiętam, jednak to było chyba w System Volume Information na dysku C i F.

Zaraz zrobię skana...

Widzisz perspektywy na pozbycie się tego trojana?

Tomek01
komentarz
komentarz

Wyłącz na chwilę a następnie włącz przywracanie systemu na wszystkich partycjach. I po trojanie ;)

Ale jest pozostałość po infekcji z pendrive'a.

Odinstaluj DAEMON Tools Toolbar



Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm.

Do notatnika systemowego wklej taki tekst, (bez frazy kod):
[code]Windows Registry Editor Version 5.00

[ -HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}][/code]
Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.

Załącz nowy log RSIT i OTL.

  • Dobra wypowiedź 1
futro999
komentarz
komentarz

[quote name='Tomek01' date='14 czerwiec 2010 - 20:55' timestamp='1276545437' post='1036307']
Wyłącz na chwilę a następnie włącz przywracanie systemu na wszystkich partycjach. I po trojanie ;)

Ale jest pozostałość po infekcji z pendrive'a.

Odinstaluj DAEMON Tools Toolbar



Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm.

Do notatnika systemowego wklej taki tekst, (bez frazy kod):
[code]Windows Registry Editor Version 5.00

[ -HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}][/code]
Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.

Załącz nowy log RSIT i OTL.
[/quote]


OK
zrobiłem wszystko tak jak napisałeś krok po kroku.

log z RSIT

[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by nazwa at 2010-06-14 22:25:30
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 1022 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:25:38, on 2010-06-14
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Auto-Backup\Auto-Backup.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe
C:\Program Files\trend micro\nazwa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7116 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Dr.Web Daily scan.job
C:\WINDOWS\tasks\Dr.Web Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-15 35328]
"SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360]
"Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200]
"SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu []
"Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1932da-62a5-11df-822b-001302a99def}]
shell\AutoRun\command - D:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}]
shell\AutoRun\command - I:\BEKAM\\\\\\\\\\IGOR.exe
shell\explore\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe
shell\open\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe


======List of files/folders created in the last 1 months======

2010-06-14 22:12:45 ----D---- C:\autorun.inf
2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro
2010-06-14 21:12:30 ----D---- C:\rsit
2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
2010-06-13 20:48:13 ----D---- C:\Program Files\DivX
2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX
2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu
2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup
2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline
2010-05-31 18:46:09 ----A---- C:\Log.txt
2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine
2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb
2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web
2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB

======List of files/folders modified in the last 1 months======

2010-06-14 22:22:20 ----D---- C:\WINDOWS\Prefetch
2010-06-14 22:17:45 ----D---- C:\WINDOWS\Temp
2010-06-14 22:11:20 ----SHD---- C:\System Volume Information
2010-06-14 22:07:27 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-06-14 21:12:36 ----RD---- C:\Program Files
2010-06-14 20:45:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype
2010-06-14 20:23:59 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM
2010-06-14 16:48:42 ----D---- C:\WINDOWS
2010-06-14 16:48:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-14 16:48:13 ----D---- C:\WINDOWS\system32
2010-06-14 13:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer
2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files
2010-06-13 23:08:28 ----D---- C:\WINDOWS\system32\drivers
2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks
2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf
2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd
2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-31 15:25:05 ----D---- C:\WINDOWS\system32\Restore
2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-15 09:22:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys []
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 agukvx1p;agukvx1p; C:\WINDOWS\system32\drivers\agukvx1p.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
[/log]

Log z OTLa

[log]OTL logfile created on: 2010-06-14 22:37:05 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting              1536 3072      end_of_the_skype_highlighting [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,94 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FUTREK-80A69FE1
Current User Name: nazwa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe
PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010-03-04 16:22:17 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe
PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-15 14:00:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2008-04-15 14:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-05-15 00:23:58 | 001,137,664 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2007-05-15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 14:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 14:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 14:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF)
DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R)
DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: raf@down:0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions
[2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions
[2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download
[2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down
[2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml
[2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-03-04 15:02:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: cgehwbve - File not found

MsConfig - StartUpReg: [b]ATICCC[/b] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-06-14 22:12:45 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2010-06-14 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-06-14 16:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent
[2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
[2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX
[2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu
[2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu
[2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup
[2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys
[2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data
[2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb
[2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB
[2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202
[2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player
[2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache
[2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza
[2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo
[2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
[2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings
[2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio
[2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska
[2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-06-14 22:39:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-14 22:20:45 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg
[2010-06-14 16:48:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-14 16:48:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-14 16:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-14 13:36:33 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT
[2010-06-14 13:36:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini
[2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-14 22:20:45 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg
[2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml
[2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-14 16:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0
[2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job
[2010-06-14 22:39:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt
[2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-06-14 16:48:13 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >
[/log]

I jak?

Sohei
komentarz
komentarz

[code]
:OTL
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found
O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found

:files
D:\Install.exe
D:\BEKAM\\\\\IGOR.exe

:commands
[emptytemp]
[reboot][/code]

Do OTL i run fix. Potem nowy log z OTL oraz RSIT: )

  • Dobra wypowiedź 1
futro999
komentarz
komentarz

Dzięki za zaangażowanie

Logi z OTla
[log]OTL logfile created on: 2010-06-16 08:14:08 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 022,00 Mb Total Physical Memory | 345,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting              1536 3072      end_of_the_skype_highlighting [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,23 Gb Free Space | 37,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS
Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
Drive I: | 298,09 Gb Total Space | 91,40 Gb Free Space | 30,66% Space Free | Partition Type: NTFS

Computer Name: FUTREK-80A69FE1
Current User Name: nazwa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe
PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe
PRC - [2010-03-09 11:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009-10-03 05:08:38 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe
PRC - [2009-07-01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF)
DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF)
DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R)
DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: raf@down:0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions
[2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions
[2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download
[2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down
[2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml
[2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-03-04 15:02:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: cgehwbve - File not found

MsConfig - StartUpReg: [b]ATICCC[/b] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-06-16 08:09:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-06-15 15:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010-06-15 13:53:06 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010-06-15 13:53:06 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010-06-15 13:53:05 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010-06-15 13:53:05 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010-06-15 13:53:04 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010-06-15 13:53:04 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010-06-15 13:53:03 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010-06-15 13:53:02 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010-06-15 13:53:02 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010-06-15 13:53:02 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010-06-15 13:52:56 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010-06-15 13:52:44 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010-06-14 22:12:45 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2010-06-14 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-06-14 16:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent
[2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
[2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX
[2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu
[2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu
[2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup
[2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys
[2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data
[2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb
[2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB
[2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202
[2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player
[2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache
[2010-05-08 22:08:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza
[2010-05-05 22:27:44 | 001,507,232 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys
[2010-05-05 22:27:32 | 000,527,136 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010-05-05 22:27:32 | 000,215,840 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010-05-05 22:27:32 | 000,129,824 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1051.dll
[2010-05-05 22:27:32 | 000,041,504 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2010-05-05 22:27:31 | 000,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2010-05-05 22:27:31 | 000,264,992 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010-05-05 22:27:30 | 001,939,360 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010-05-05 22:27:25 | 000,022,560 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo
[2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
[2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010-05-05 22:14:55 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010-05-05 22:14:53 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010-05-05 22:14:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010-05-05 22:14:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010-05-05 22:14:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010-05-05 22:14:50 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010-05-05 22:14:48 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010-05-05 22:14:46 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010-05-05 22:14:44 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010-05-05 22:14:37 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-05-05 22:14:37 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-05-05 22:14:29 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010-05-05 22:14:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010-05-05 22:14:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010-05-05 22:14:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010-05-05 22:14:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010-05-05 22:14:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010-05-05 22:14:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010-05-05 22:14:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010-05-05 22:14:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010-05-05 22:14:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010-05-05 22:14:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010-05-05 22:14:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010-05-05 22:14:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010-05-05 22:14:24 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings
[2010-04-25 22:54:39 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-25 22:54:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio
[2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska
[2010-04-18 15:35:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010-04-18 15:35:14 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010-04-18 15:35:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-06-16 08:15:23 | 000,044,102 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\darok.m3u
[2010-06-16 08:10:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-16 08:10:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-16 08:09:27 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT
[2010-06-16 08:09:27 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini
[2010-06-16 08:09:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-15 15:20:36 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\JDownloader.lnk
[2010-06-15 08:06:05 | 000,044,528 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-06-15 08:05:35 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-14 22:20:45 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg
[2010-06-14 16:48:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys
[2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys
[2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-05-08 22:08:41 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-06-16 08:15:23 | 000,044,102 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\darok.m3u
[2010-06-15 15:20:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\JDownloader.lnk
[2010-06-14 22:20:45 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg
[2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk
[2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel
[2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk
[2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk
[2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk
[2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job
[2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job
[2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk
[2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf
[2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg
[2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini
[2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk
[2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml
[2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
[2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-16 08:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
[2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite
[2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
[2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10
[2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0
[2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
[2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job
[2010-06-16 08:09:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt
[2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log
[2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-06-16 08:10:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >
[/log]


Logi z RSITa
[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by nazwa at 2010-06-16 08:32:16
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 7 GB (37%) free of 20 GB
Total RAM: 1022 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:32:26, on 2010-06-16
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Program Files\DrWeb\SpIDerAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Auto-Backup\Auto-Backup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe
C:\Program Files\trend micro\nazwa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe"
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7042 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Dr.Web Daily scan.job
C:\WINDOWS\tasks\Dr.Web Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360]
"Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200]
"SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu []
"Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-06-16 08:32:16 ----D---- C:\rsit
2010-06-16 08:09:03 ----D---- C:\_OTL
2010-06-15 15:19:51 ----D---- C:\Program Files\JDownloader
2010-06-15 13:53:05 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-06-15 13:53:05 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-06-15 13:53:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-06-15 13:53:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-06-15 13:53:03 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-06-15 13:52:56 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-06-15 13:52:44 ----N---- C:\WINDOWS\system32\px.dll
2010-06-14 22:12:45 ----D---- C:\autorun.inf
2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro
2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX
2010-06-13 20:48:13 ----D---- C:\Program Files\DivX
2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX
2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu
2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu
2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup
2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup
2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web
2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline
2010-05-31 18:46:09 ----A---- C:\Log.txt
2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine
2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb
2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web
2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files
2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB

======List of files/folders modified in the last 1 months======

2010-06-16 08:13:23 ----D---- C:\WINDOWS\Prefetch
2010-06-16 08:11:25 ----D---- C:\WINDOWS\Temp
2010-06-16 08:11:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-16 08:09:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-16 08:09:14 ----D---- C:\WINDOWS\system32
2010-06-16 08:09:14 ----D---- C:\WINDOWS
2010-06-16 07:49:43 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype
2010-06-15 16:01:02 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM
2010-06-15 15:19:51 ----RD---- C:\Program Files
2010-06-15 14:01:48 ----D---- C:\Program Files\Winamp
2010-06-15 13:53:06 ----D---- C:\WINDOWS\system32\drivers
2010-06-14 22:11:20 ----SHD---- C:\System Volume Information
2010-06-14 22:11:20 ----D---- C:\WINDOWS\system32\Restore
2010-06-14 22:07:27 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer
2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files
2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks
2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf
2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd
2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys []
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 ac2ubcew;ac2ubcew; C:\WINDOWS\system32\drivers\ac2ubcew.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

Jeszcze został jeden wpis w rejestrze. Ponownie do notatnika wklej:

[code]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\ list]
"C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"=-[/code]
Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.


Ręcznie usuń folder C:\Program Files\DAEMON Tools Toolbar

W OTL użyj funkcji - Clean Up.

To wszystko :)

  • Dobra wypowiedź 1
futro999
komentarz
komentarz

Nie no Panowie!

Wielkie dzięki!

Wszystko wydaje się być w porządku,
zrobię jeszcze profilaktycznego skana.

Jeszcze raz dziękuję za pomoc.

Pozdrawiam!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.