x-kom hosting

herss.exe

elizawgwldz
utworzono
utworzono

Witam.Trojan Killer wykrył mi herss.exe ,jest on dla mnie bardzo uciążliwy, wykonałam logi w OTL według wskazówek podanych tutaj w przyklejonych tematach, bardzo proszę o przejrzenie ich,jakieś łatwe omówienie ich i pomoc.pozdrawiam

[log]OTL logfile created on: 2010-08-19 17:41:01 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Lucyna Kocon\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 75,00 Mb Available Physical Memory | 29,00% Memory free
714,00 Mb Paging File | 360,00 Mb Available in Paging File | 50,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,95 Gb Total Space | 0,88 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
Drive D: | 75,48 Gb Total Space | 53,95 Gb Free Space | 71,47% Space Free | Partition Type: FAT32
Drive E: | 29,30 Gb Total Space | 25,34 Gb Free Space | 86,47% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 27,34 Gb Free Space | 93,35% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMM
Current User Name: Lucyna Kocon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010-08-12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
PRC - [2010-07-18 15:55:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010-06-09 10:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-02-22 13:42:40 | 026,101,032 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2010-02-22 13:42:40 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2010-02-02 00:32:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-02-02 00:32:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009-11-20 11:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009-08-06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009-02-09 12:10:45 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2007-04-16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006-03-02 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2006-03-02 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2006-03-02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2006-03-02 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2006-03-02 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2006-03-02 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2006-03-02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2006-03-02 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2005-11-09 11:35:58 | 003,063,808 | ---- | M] () -- C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe
PRC - [2004-08-04 01:55:54 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
MOD - [2010-04-16 17:37:04 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:48:08 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 17:18:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:21:24 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:22:08 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:22:06 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 15:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-07-03 15:16:27 | 008,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2006-03-02 14:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2006-03-02 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006-03-02 14:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2006-03-02 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2006-03-02 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2006-03-02 14:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2006-03-02 14:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2006-03-02 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2006-03-02 14:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2006-03-02 14:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2006-03-02 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2006-03-02 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006-03-02 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2006-03-02 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006-03-02 14:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2006-03-02 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2006-03-02 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2006-03-02 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-08-03 13:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010-07-29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-07-29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008-09-24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-05-16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008-05-16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008-05-16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008-05-16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.62
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-25 00:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-25 00:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-08-19 11:52:07 | 000,000,000 | ---D | M]

[2010-02-27 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Extensions
[2010-08-19 17:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions
[2010-08-04 23:52:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010-06-02 23:42:47 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010-04-08 23:08:25 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-08-04 23:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010-08-04 23:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-06-29 12:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010-08-04 23:52:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-02 17:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010-06-08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\searchplugins\conduit.xml
[2010-08-19 17:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-27 18:34:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Steganos Internet Anonym) - {00000000-5736-4205-0008-f7ed0776fb27} - c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Steganos Internet Anonym) - {00000000-5736-4205-0008-F7ED0776FB27} - c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [dso32] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\dsoqq.exe File not found
O4 - HKCU..\Run: [nod32] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\nodqq.exe File not found
O4 - HKCU..\Run: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Lucyna Kocon\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.148.1 78.31.144.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-27 17:40:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-19 11:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\ESET
[2010-08-19 11:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\ESET
[2010-08-19 11:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2010-08-19 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-08-19 11:48:35 | 006,986,501 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\odk12.4.0.30setup(dobreprogramy.pl).exe
[2010-08-17 02:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Pulpit\skróty
[2010-08-17 00:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\Downloads
[2010-08-17 00:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\BitTorrent
[2010-08-17 00:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010-08-10 02:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010-08-10 02:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2010-08-10 02:28:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-08-10 02:24:35 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010-08-10 02:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010-08-10 02:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-10 02:24:22 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010-08-10 02:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\HDCleaner
[2010-08-09 12:21:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-08-09 12:19:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
[2010-08-08 03:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\.oit
[2010-08-07 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kroll Ontrack
[2010-08-07 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\DiskGenius
[2010-08-07 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\PandoraRecovery
[2010-08-07 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2010-08-04 11:50:36 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010-08-03 13:28:36 | 000,055,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010-07-29 13:31:26 | 000,134,512 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010-07-29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010-07-29 13:31:26 | 000,032,608 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010-07-28 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010-07-18 15:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google
[2010-07-18 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010-07-16 13:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-07-07 16:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\ForceField Shared Files
[2010-07-07 16:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\CheckPoint
[2010-07-07 16:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit
[2010-07-07 16:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-07-07 16:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010-06-29 13:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\dwhelper

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-19 17:30:09 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\RSIT.exe
[2010-08-19 17:10:06 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-19 17:07:51 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-19 17:07:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-19 17:07:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-19 17:07:40 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-19 12:49:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-19 11:48:59 | 006,986,501 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\odk12.4.0.30setup(dobreprogramy.pl).exe
[2010-08-19 11:47:39 | 043,806,720 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ess_trial_nt32_plk.msi
[2010-08-19 10:37:09 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Lucyna Kocon\NTUSER.DAT
[2010-08-19 10:36:56 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Lucyna Kocon\ntuser.ini
[2010-08-19 00:18:41 | 003,234,358 | -H-- | M] () -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-18 19:31:47 | 000,014,613 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\The_Soviet_Story_ 2008 _[DVDRip XviD-LAP]_[Napisy_PL][Torrenty.org].torrent
[2010-08-17 10:26:41 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part4.rar
[2010-08-17 02:13:08 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part3.rar
[2010-08-17 01:41:24 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part2.rar
[2010-08-17 01:11:10 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part1.rar
[2010-08-17 00:37:27 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2010-08-16 00:14:55 | 000,051,321 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja Totek i Josin.jpg
[2010-08-16 00:12:32 | 000,039,910 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja i Toteczek.jpg
[2010-08-15 13:59:20 | 000,846,484 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00533.JPG
[2010-08-15 13:56:28 | 000,794,086 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00532.JPG
[2010-08-15 13:56:16 | 000,757,276 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00531.JPG
[2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
[2010-08-08 02:54:31 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010-08-03 13:28:36 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010-07-29 13:31:26 | 000,134,512 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010-07-29 13:31:26 | 000,032,608 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010-07-18 15:53:13 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\IrfanView.lnk
[2010-07-07 16:52:48 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010-06-20 20:59:47 | 002,981,182 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020408.JPG
[2010-06-20 20:57:58 | 003,138,923 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020399.JPG
[2010-06-20 20:55:39 | 001,948,139 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020290.JPG
[2010-06-20 20:54:17 | 003,709,858 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020396.JPG
[2010-06-20 20:52:18 | 002,344,752 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020252.JPG
[2010-06-20 20:49:09 | 000,689,198 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\10062010060.jpg
[2010-06-20 20:49:09 | 000,096,789 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\27868_115734341803881_100001019476981_95349_700502_n.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-19 17:29:53 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\RSIT.exe
[2010-08-19 11:44:22 | 043,806,720 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ess_trial_nt32_plk.msi
[2010-08-18 19:31:40 | 000,014,613 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\The_Soviet_Story_ 2008 _[DVDRip XviD-LAP]_[Napisy_PL][Torrenty.org].torrent
[2010-08-17 10:13:58 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part4.rar
[2010-08-17 02:00:02 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part3.rar
[2010-08-17 01:28:25 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part2.rar
[2010-08-17 00:58:11 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part1.rar
[2010-08-17 00:37:27 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2010-08-16 00:14:55 | 000,051,321 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja Totek i Josin.jpg
[2010-08-16 00:12:32 | 000,039,910 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja i Toteczek.jpg
[2010-08-15 13:59:20 | 000,846,484 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00533.JPG
[2010-08-15 13:56:28 | 000,794,086 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00532.JPG
[2010-08-15 13:56:16 | 000,757,276 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00531.JPG
[2010-08-07 17:45:20 | 000,000,634 | ---- | C] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010-07-18 15:53:13 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\IrfanView.lnk
[2010-06-20 20:58:15 | 002,981,182 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020408.JPG
[2010-06-20 20:56:20 | 003,138,923 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020399.JPG
[2010-06-20 20:54:39 | 001,948,139 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020290.JPG
[2010-06-20 20:52:23 | 003,709,858 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020396.JPG
[2010-06-20 20:51:05 | 002,344,752 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\P1020252.JPG
[2010-06-20 20:48:45 | 000,096,789 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\27868_115734341803881_100001019476981_95349_700502_n.jpg
[2010-06-20 20:48:10 | 000,689,198 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\10062010060.jpg
[2010-05-09 14:10:00 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010-04-25 23:58:49 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-04-25 23:58:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-02-27 18:36:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-03-02 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-02-19 02:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-03 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2010-08-19 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-08-08 03:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\.oit
[2010-08-19 01:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\BitTorrent
[2010-07-07 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\CheckPoint
[2010-08-19 11:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\ESET
[2010-07-18 22:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Nowe Gadu-Gadu
[2010-03-14 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\OpenOffice.org
[2010-08-07 14:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\PandoraRecovery

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-06-14 18:21:42 | 000,116,736 | RHS- | M] () -- C:\2ul.exe
[2010-02-27 17:40:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-02-27 17:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-02-27 17:40:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-08-19 17:07:40 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-27 17:40:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-27 17:40:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006-03-02 14:00:00 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2010-08-19 17:30:36 | 502,972,416 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2004-08-04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\agp440.sys
[2004-08-04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\eventlog.dll
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\winlogon.exe
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]


[log]OTL Extras logfile created on: 2010-08-19 17:41:01 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Lucyna Kocon\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 75,00 Mb Available Physical Memory | 29,00% Memory free
714,00 Mb Paging File | 360,00 Mb Available in Paging File | 50,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,95 Gb Total Space | 0,88 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
Drive D: | 75,48 Gb Total Space | 53,95 Gb Free Space | 71,47% Space Free | Partition Type: FAT32
Drive E: | 29,30 Gb Total Space | 25,34 Gb Free Space | 86,47% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 27,34 Gb Free Space | 93,35% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMM
Current User Name: Lucyna Kocon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-5736-4205-1000-F7ED0776FB27}" = Steganos Internet Anonym 2006 (8.0.1)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{62621555-6310-433D-983E-957D707DC535}" = ESET Smart Security
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A9179A20-2862-11D5-8CC2-00C0CA129740}" = Test Drive 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.2 - Polish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}" = OpenOffice.org 3.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1" = DiskGenius 3.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"BitTorrent" = BitTorrent
"C-Media Audio Driver" = C-Media WDM Audio Driver
"ESET Online Scanner" = ESET Online Scanner v3
"HDCleaner" = HDCleaner
"IrfanView" = IrfanView (remove only)
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Testy B 2009_is1" = Testy B 2009
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-08-07 20:42:39 | Computer Name = DOMM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3855, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-07 20:42:52 | Computer Name = DOMM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3855, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-07 20:43:02 | Computer Name = DOMM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3855, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-07 20:43:15 | Computer Name = DOMM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3855, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-08 07:10:28 | Computer Name = DOMM | Source = Google Update | ID = 20
Description =

Error - 2010-08-09 05:37:10 | Computer Name = DOMM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3855,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x0000100b.

Error - 2010-08-19 05:18:51 | Computer Name = DOMM | Source = MsiInstaller | ID = 11905
Description = Product: Ontrack EasyRecovery Professional Trial -- Error 1905.Module
C:\Program Files\Kroll Ontrack\Ontrack EasyRecovery Professional Trial\WordRepair.dll
failed to unregister. HRESULT . Contact your support personnel.

Error - 2010-08-19 05:18:52 | Computer Name = DOMM | Source = MsiInstaller | ID = 11905
Description = Product: Ontrack EasyRecovery Professional Trial -- Error 1905.Module
C:\Program Files\Kroll Ontrack\Ontrack EasyRecovery Professional Trial\PowerPointRepair.dll
failed to unregister. HRESULT . Contact your support personnel.

Error - 2010-08-19 05:18:53 | Computer Name = DOMM | Source = MsiInstaller | ID = 11905
Description = Product: Ontrack EasyRecovery Professional Trial -- Error 1905.Module
C:\Program Files\Kroll Ontrack\Ontrack EasyRecovery Professional Trial\ExcelRepair.dll
failed to unregister. HRESULT . Contact your support personnel.

Error - 2010-08-19 11:14:56 | Computer Name = DOMM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3855, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-08-07 17:09:39 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:43 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:46 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:49 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:53 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:56 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:09:59 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:10:03 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:10:06 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-08-07 17:10:09 | Computer Name = DOMM | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.


< End of report >
[/log]


[color="#FF0000"]//Skoro przeczytałeś teamty przyklejone to dlaczego nie wstawiłeś logów w tagi ?
//Zmieniam po raz pierwszy i ostatni.
//Tom01[/color]

ps:nie znam się ale wydaje mi się że oprócz herss jest jeszcze coś co sprawia problemy,jeśli mam powiedzieć dokładniej z czym komputer uprzykrza życie to spróbuję wymienić to co właśnie wpada mi do głowy : oczywiście wiesza się, wiesza się mozilla (ale w sposób złośliwy dość,raz cały dzień ani razu się nie zawiesi,raz dostaje nalotów że w ogóle nie da się korzystać),często cofa samo strony przy przeglądaniu w mozilli, komputer nie widzi cd-romu, nie można wyświetlić ukrytych plików, zużycie procesora skacze znienacka do 100%, jeśli klikam np.na jakiś folder prawym przyciskiem myszy żeby chcieć zobaczyć właściwości to barrrrrdzo długo myśli a i zdarza się że muszę parę razy próbować to zrobić, chyba 2-3 razy zdarzyło się że nie mogłam dokończyć instalacji programu,po prostu w połowie paski postępowe instalacji znikały i nic dalej nie mogłam zrobić, i ogólnie standardowo trzeba dodać że komputer muli się i krztusi. Naprawdę będę wdzięczna za każde zainteresowanie tematem i pomoc.dziękuję

Tomek01
komentarz
komentarz

Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.


W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q="
[2010-06-08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\searchplugins\conduit.xml
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Steganos Internet Anonym) - {00000000-5736-4205-0008-f7ed0776fb27} - c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll ()
03 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Steganos Internet Anonym) - {00000000-5736-4205-0008-F7ED0776FB27} - c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [dso32] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\dsoqq.exe File not found
O4 - HKCU..\Run: [nod32] C:\DOCUME~1\LUCYNA~1\USTAWI~1\Temp\nodqq.exe File not found
O4 - HKCU..\Run: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe ()

:Files
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit
C:\Program Files\Conduit

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.


Wrzucasz log z usuwania oraz nowe logi OTL i RSIT (w tagi !!!).

elizawgwldz
komentarz
komentarz

log z usuwania z OTL:

[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Prefs.js: "ZoneAlarm Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=" removed from keyword.URL
C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{00000000-5736-4205-0008-f7ed0776fb27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-5736-4205-0008-f7ed0776fb27}\ deleted successfully.
c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-5736-4205-0008-F7ED0776FB27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-5736-4205-0008-F7ED0776FB27}\ not found.
File c:\Program Files\Steganos Internet Anonym 2006\SIA2006iep.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nod32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SIA2006 deleted successfully.
C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Conduit folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 1015148 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lucyna Kocon
->Temp folder emptied: 145015979 bytes
->Temporary Internet Files folder emptied: 9292774 bytes
->FireFox cache emptied: 43330771 bytes
->Flash cache emptied: 4600 bytes

User: NetworkService
->Temp folder emptied: 2032396 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1468074057 bytes
RecycleBin emptied: 417271228 bytes

Total Files Cleaned = 1 989,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08192010_184111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...[/log]


nowy log z OTL:
[log]OTL logfile created on: 2010-08-19 18:55:07 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Lucyna Kocon\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 41,00 Mb Available Physical Memory | 16,00% Memory free
618,00 Mb Paging File | 244,00 Mb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,95 Gb Total Space | 2,58 Gb Free Space | 17,28% Space Free | Partition Type: NTFS
Drive D: | 75,48 Gb Total Space | 53,95 Gb Free Space | 71,47% Space Free | Partition Type: FAT32
Drive E: | 29,30 Gb Total Space | 25,34 Gb Free Space | 86,47% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 27,34 Gb Free Space | 93,35% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOMM
Current User Name: Lucyna Kocon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010-08-12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
PRC - [2010-07-25 00:49:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-07-18 15:55:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010-06-09 10:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-02-22 13:42:40 | 026,101,032 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2010-02-22 13:42:40 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2010-02-02 00:32:16 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-02-02 00:32:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009-11-20 11:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009-08-06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009-02-09 12:10:45 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2007-04-16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006-03-02 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2006-03-02 14:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
PRC - [2006-03-02 14:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
PRC - [2006-03-02 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2006-03-02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2006-03-02 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2006-03-02 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2006-03-02 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2006-03-02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2006-03-02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2006-03-02 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2004-08-04 01:55:54 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
MOD - [2010-04-16 17:37:04 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:48:08 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 17:18:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:21:24 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:22:08 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:22:06 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 15:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-07-03 15:16:27 | 008,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2006-03-02 14:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2006-03-02 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006-03-02 14:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2006-03-02 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2006-03-02 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2006-03-02 14:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2006-03-02 14:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2006-03-02 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2006-03-02 14:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2006-03-02 14:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2006-03-02 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2006-03-02 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006-03-02 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2006-03-02 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006-03-02 14:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2006-03-02 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2006-03-02 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2006-03-02 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-08-03 13:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010-07-29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-07-29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008-09-24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-05-16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008-05-16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008-05-16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008-05-16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1343024091-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-507921405-1343024091-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-1343024091-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.62

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-19 18:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-25 00:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-08-19 11:52:07 | 000,000,000 | ---D | M]

[2010-02-27 18:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Extensions
[2010-08-19 17:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions
[2010-08-04 23:52:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010-06-02 23:42:47 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010-04-08 23:08:25 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-08-04 23:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010-08-04 23:52:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-06-29 12:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010-08-04 23:52:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-02 17:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Mozilla\Firefox\Profiles\9zrt9k2g.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010-08-19 17:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-27 18:34:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1343024091-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-507921405-1343024091-682003330-1004..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-507921405-1343024091-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - Startup: C:\Documents and Settings\Lucyna Kocon\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1343024091-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Secure Surfing Engine\sselsp.dll ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.148.1 78.31.144.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-27 17:40:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-08-19 18:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-08-19 18:23:16 | 000,000,000 | ---D | C] -- C:\rsit
[2010-08-19 11:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\ESET
[2010-08-19 11:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\ESET
[2010-08-19 11:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2010-08-19 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-08-19 11:48:35 | 006,986,501 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\odk12.4.0.30setup(dobreprogramy.pl).exe
[2010-08-17 02:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Pulpit\skróty
[2010-08-17 00:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Moje dokumenty\Downloads
[2010-08-17 00:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\BitTorrent
[2010-08-17 00:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010-08-10 02:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010-08-10 02:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2010-08-10 02:28:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-08-10 02:24:35 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010-08-10 02:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010-08-10 02:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-10 02:24:22 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010-08-10 02:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\HDCleaner
[2010-08-09 12:21:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-08-09 12:19:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
[2010-08-08 03:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\.oit
[2010-08-07 17:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kroll Ontrack
[2010-08-07 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\DiskGenius
[2010-08-07 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\PandoraRecovery
[2010-08-07 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2010-08-04 11:50:36 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010-08-03 13:28:36 | 000,055,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010-07-29 13:31:26 | 000,134,512 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010-07-29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010-07-29 13:31:26 | 000,032,608 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys
[2010-07-28 14:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-08-19 18:43:40 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-19 18:43:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-19 18:43:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-19 18:43:30 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-19 18:42:24 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Lucyna Kocon\NTUSER.DAT
[2010-08-19 18:42:00 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Lucyna Kocon\ntuser.ini
[2010-08-19 18:09:18 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-19 17:30:09 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\RSIT.exe
[2010-08-19 12:49:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-19 11:48:59 | 006,986,501 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\odk12.4.0.30setup(dobreprogramy.pl).exe
[2010-08-19 11:47:39 | 043,806,720 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ess_trial_nt32_plk.msi
[2010-08-19 00:18:41 | 003,234,358 | -H-- | M] () -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-18 19:31:47 | 000,014,613 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\The_Soviet_Story_ 2008 _[DVDRip XviD-LAP]_[Napisy_PL][Torrenty.org].torrent
[2010-08-17 10:26:41 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part4.rar
[2010-08-17 02:13:08 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part3.rar
[2010-08-17 01:41:24 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part2.rar
[2010-08-17 01:11:10 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part1.rar
[2010-08-17 00:37:27 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2010-08-16 00:14:55 | 000,051,321 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja Totek i Josin.jpg
[2010-08-16 00:12:32 | 000,039,910 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja i Toteczek.jpg
[2010-08-15 13:59:20 | 000,846,484 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00533.JPG
[2010-08-15 13:56:28 | 000,794,086 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00532.JPG
[2010-08-15 13:56:16 | 000,757,276 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00531.JPG
[2010-08-09 12:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucyna Kocon\Pulpit\OTL.exe
[2010-08-08 02:54:31 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Lucyna Kocon\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010-08-03 13:28:36 | 000,055,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdi.sys
[2010-07-29 13:31:26 | 000,134,512 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfw.sys
[2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010-07-29 13:31:26 | 000,032,608 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwndis.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-19 17:29:53 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\RSIT.exe
[2010-08-19 11:44:22 | 043,806,720 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ess_trial_nt32_plk.msi
[2010-08-18 19:31:40 | 000,014,613 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\The_Soviet_Story_ 2008 _[DVDRip XviD-LAP]_[Napisy_PL][Torrenty.org].torrent
[2010-08-17 10:13:58 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part4.rar
[2010-08-17 02:00:02 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part3.rar
[2010-08-17 01:28:25 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part2.rar
[2010-08-17 00:58:11 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\Neon_Genesis_Death_and_Rebirth___pl_subs.part1.rar
[2010-08-17 00:37:27 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitTorrent.lnk
[2010-08-16 00:14:55 | 000,051,321 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja Totek i Josin.jpg
[2010-08-16 00:12:32 | 000,039,910 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\ja i Toteczek.jpg
[2010-08-15 13:59:20 | 000,846,484 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00533.JPG
[2010-08-15 13:56:28 | 000,794,086 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00532.JPG
[2010-08-15 13:56:16 | 000,757,276 | ---- | C] () -- C:\Documents and Settings\Lucyna Kocon\Pulpit\DSC00531.JPG
[2010-08-07 17:45:20 | 000,000,634 | ---- | C] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010-05-09 14:10:00 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010-04-25 23:58:49 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-04-25 23:58:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-02-27 18:36:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-03-02 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-02-19 02:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-03 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2010-08-19 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-08-08 03:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\.oit
[2010-08-19 01:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\BitTorrent
[2010-07-07 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\CheckPoint
[2010-08-19 11:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\ESET
[2010-07-18 22:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Nowe Gadu-Gadu
[2010-03-14 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\OpenOffice.org
[2010-08-07 14:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\PandoraRecovery

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-06-14 18:21:42 | 000,116,736 | RHS- | M] () -- C:\2ul.exe
[2010-02-27 17:40:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-02-27 17:33:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-02-27 17:40:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-08-19 18:43:30 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-27 17:40:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-27 17:40:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006-03-02 14:00:00 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2010-08-19 18:43:30 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2004-08-04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\agp440.sys
[2004-08-04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\eventlog.dll
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\backup\winlogon.exe
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe
< End of report >[/log]


nowy log z RSIT:
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Lucyna Kocon at 2010-08-19 18:47:34
Microsoft Windows XP Home Edition Dodatek Service Pack 2
System drive C: has 3 GB (17%) free of 15 GB
Total RAM: 255 MB (2% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49:55, on 2010-08-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Lucyna Kocon\Pulpit\RSIT.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\trend micro\Lucyna Kocon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FAE80D5-B86A-43BB-BF98-CE04BF55E5F0}: NameServer = 78.31.148.1,78.31.144.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

--
End of file - 5755 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-18 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-18 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-18 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-02-22 26101032]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-18 39408]

C:\Documents and Settings\Lucyna Kocon\Menu Start\Programy\Autostart
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-19 18:23:21 ----D---- C:\Program Files\trend micro
2010-08-19 18:23:16 ----D---- C:\rsit
2010-08-19 11:56:05 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\ESET
2010-08-19 11:52:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2010-08-17 00:37:26 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\BitTorrent
2010-08-17 00:37:21 ----D---- C:\Program Files\BitTorrent
2010-08-10 02:49:00 ----D---- C:\WINDOWS\Internet Logs
2010-08-10 02:28:10 ----HD---- C:\WINDOWS\PIF
2010-08-10 02:24:35 ----D---- C:\ERDNT
2010-08-10 02:24:32 ----D---- C:\WINDOWS\ERUNT
2010-08-10 02:24:32 ----D---- C:\WINDOWS\ERDNT
2010-08-10 02:24:22 ----D---- C:\!FixIEDef
2010-08-10 02:19:40 ----D---- C:\Program Files\HDCleaner
2010-08-09 12:21:21 ----D---- C:\_OTL
2010-08-08 03:18:10 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\.oit
2010-08-07 17:44:50 ----D---- C:\Program Files\Kroll Ontrack
2010-08-07 15:18:20 ----D---- C:\Program Files\DiskGenius
2010-08-07 14:58:58 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\PandoraRecovery
2010-08-07 14:58:47 ----D---- C:\Program Files\Pandora Recovery
2010-08-04 11:50:36 ----A---- C:\WINDOWS\system32\drivers\eamon.sys
2010-08-03 13:28:36 ----A---- C:\WINDOWS\system32\drivers\epfwtdi.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\epfwndis.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\epfw.sys
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2010-07-28 14:45:36 ----D---- C:\Program Files\PokerStars

======List of files/folders modified in the last 1 months======

2010-08-19 18:50:42 ----D---- C:\WINDOWS\Temp
2010-08-19 18:48:45 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\Skype
2010-08-19 18:46:58 ----D---- C:\WINDOWS\Prefetch
2010-08-19 18:42:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 18:41:29 ----RD---- C:\Program Files
2010-08-19 18:41:24 ----D---- C:\Program Files\Steganos Internet Anonym 2006
2010-08-19 17:10:08 ----D---- C:\Documents and Settings\Lucyna Kocon\Dane aplikacji\skypePM
2010-08-19 17:08:53 ----D---- C:\WINDOWS
2010-08-19 12:47:34 ----HD---- C:\WINDOWS\inf
2010-08-19 12:47:32 ----D---- C:\WINDOWS\system32
2010-08-19 12:29:13 ----D---- C:\WINDOWS\system32\Restore
2010-08-19 12:15:08 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-19 11:55:40 ----SHD---- C:\WINDOWS\Installer
2010-08-19 11:53:33 ----D---- C:\WINDOWS\system32\drivers
2010-08-19 11:52:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-19 11:52:00 ----D---- C:\Program Files\ESET
2010-08-19 11:18:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-10 02:39:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2010-08-10 02:24:31 ----SHD---- C:\System Volume Information
2010-08-09 11:45:40 ----D---- C:\Program Files\GridinSoft Trojan Killer
2010-08-07 17:43:42 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-25 00:51:56 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-02 136176]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-18 182768]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]

-----------------EOF-----------------[/log]

Tomek01
komentarz
komentarz

Jeszcze coś się przypałętało, wklej do OTL:

[code]:Processes
Explorer.exe

:OTL
PRC - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
SRV - [2008-10-16 18:22:20 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
O4 - HKU\.DEFAULT..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [SIA2006] C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe File not found

:Files
C:\Program Files\AskBarDis\bar\bin\AskService.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Run fix...

Po wszystkim w OTL użyj funkcji Clean Up.
Przeczyść system CCleaner'em, zrób defragmentację. Powinno śmigać jak ta lala bo w logu już nic więcej nie widać.

elizawgwldz
komentarz
komentarz

Bardzo dziękuję Tomaszu za pomoc :) mam wstawić jakieś logi jeszcze czy już nie trzeba? wydaje mi się że jest dużo lepiej, herss.exe się pozbyłam i mam nadzieję że nie wróci,od razu komputer zaczął pokazywać dyski i pamięci zewnętrzne,można dotrzeć do ukrytych plików no i mniej się zacina,mozilla też już się nie tnie. ccleaner już użyty.przede mną tylko defragmentacja którą zrobię zaraz. jednak jeszcze jedna rzecz o którą się spytam...nieszczęsny Trojan killer znalazł mi jeszcze takie coś (dwa pliki),zaznaczył na czerwono,wstawiam raport ze skanowania,jest krótki więc pozwoliłam go sobie po prostu wkleić :
Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----[b]- \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe ---- Registry
Hijack.Security


----- \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe ---- Registry
Hijack.Security[/b]


Scan completed!

Scan result: 2 detected items
Scan completed in: Scan completed in 7 minute(s) 0 sec.
Files were scanned: 2836


cóż to jest,i czy coś jeszcze z tym robić?jeśli tak to co?

Sohei
komentarz
komentarz

hmmm z tego co mi wiadomo to obydwa pochodzą od antyvirusa nod32 więc sądzę że ten caly trojan killer pokazuje fake alerty

elizawgwldz
komentarz
komentarz

Sohei też mi się tak wydaje,no ale cóż wymagać od takiej pierdoły,ale dodam ciekawostke, ESET nie wykrył mi herss'a a trojan killer i owszem,ehhh

Sohei
komentarz
komentarz

ważne że tomek usuną infekcje a w/w kluczy rejestru radzę nie ruszać

elizawgwldz
komentarz
komentarz

nie nie ,nie mam zamiaru i nie będę tego ruszać,już będę zwracać większa uwagę na wykrywane rzeczy,faktycznie masz rację bo właśnie skojarzyłam że zaczął mi to wykrywać po zainstalowaniu eset smart security.jeszcze raz dzięki wam wielkie za pomoc,i przede wszystkim że tak szybko się odezwaliście.jakbyście gdzieś mieli podane adresy to bym wam aż po zimnym piwie wysłała jeszcze ;) (bez urazy oczywiście).pozdrawiam

Sohei
komentarz
komentarz

takie nasze zadanie :) pomagać użytkownikom

[color="#2E8B57"]//Otóż To !!!
//Tomek01[/color]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.