x-kom hosting

Powolne właczanie systemu, błedy, pusty pupit

Dawid_1551
utworzono
utworzono

Mam pewien problem od pewnego czasu włączam komputer kilkam na ikonke logowania do windows musze czekac ok 45 sek. zanim się włączy następnie jest tapeta bez niczego bez paska ikonek dosłownie bez niczego Aby uruchomic pasek musze uruchomić Menadżera Zadań wejść w aplikacje -> Nowe Zadanie -> i Wpisać windows wtedy się wszystko wyświetli o Także błąd którego Mam Na screenie
[img]http://iv.pl/images/77164410237875337057.jpg[/img]

[font="Lucida Sans Unicode"]Proszę pomożecie ?? PLS !! Mam dość Tego! [/font]

[color="#0000FF"]//Przenoszę
//Tom01[/color]

stachos
komentarz
komentarz

odpal msconfig i zrob screen tego co masz w autostarcie oraz rozruchu

Dawid_1551
komentarz
komentarz

w Autostarcie:
[img]http://iv.pl/images/39582169758575503957.jpg[/img]
[img]http://iv.pl/images/00066722270934907344.jpg[/img]

D3vzaN
komentarz
komentarz

Mam podobny problem, ale np. gdy klikam Start > Wyłącz to jak dam w tym popupie Wyłącz komputer (lub czasami wcisnę przycisk W) to ono się wyłącza i nic się nie dzieje (więc w wierszu poleceń daję komendę shutdown -s). Ogólnie długo się wyłącza (długo jest to okno ze statusami "Trwa zamykanie systemu..." etc.).

Tomek01
komentarz
komentarz

Dawid, w procesach widzę Adware MyWebSearch. Do tego objawy jak najbardziej wirusowe. Przenoszę do odpowiedniego działu.


Wykonaj pełny skan
[url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url]
Jak by coś wykrył, raport pokaż na forum.

Wrzuć zestaw logów, wklejając je w tagi, info poniżej:

Dawid_1551
komentarz
komentarz

Nowy Przypadek Próbuje Pobrać Ten program i komputer się sam wyłancza .

Nie wiem od czego to moze byc . ;/

Tomek01
komentarz
komentarz

Spróbuj w trybie awaryjnym użyć Mbam.
Wstaw logi o które prosiłem.
Do tego w procesach, wcześniej rzuciło mi się tylko MyWebSearch, widać infekcję z pendrive'a: Tempherss, nodqq oraz infekcję King.
Przed wstawieniem logów użyj z podpiętym pen’em [url="http://www.instalki.pl/programy/download/Windows/antywirusy/UsbFix.html"][color="#0000FF"][b]USBFix[/b][/color][/url], z opcją * Vaccinate.

Dawid_1551
komentarz
komentarz

Mam tylko logi z OTL ponieważ jak Chce włączyć RSITA to komputer sie wyłancza :( a jak chce pobrac ten USB to tez sie wylancza Proszę oto logi:
[log]OTL logfile created on: 2011-03-16 20:23:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 28,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 2,70 Gb Free Space | 18,46% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 23,32 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive E: | 35,46 Gb Total Space | 26,51 Gb Free Space | 74,76% Space Free | Partition Type: NTFS

Computer Name: PA-5BDB842177E2 | User Name: Państwo Duszak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-03-16 20:09:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-12-12 20:21:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-12-12 20:21:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-08-07 18:19:32 | 000,045,302 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\winlogon.exe
PRC - [2010-08-07 18:19:32 | 000,045,302 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\services.exe
PRC - [2010-08-07 18:19:32 | 000,045,302 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\lsass.exe
PRC - [2010-04-26 18:39:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-01-11 14:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009-08-06 15:54:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
PRC - [2009-02-09 10:55:23 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
PRC - [2008-01-24 10:59:10 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2008-01-24 10:54:16 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
PRC - [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\EXPLORER.EXE
PRC - [2006-06-27 13:11:54 | 000,046,718 | ---- | M] (MyPortal.pl) -- C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
PRC - [2004-08-04 00:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [RPCSS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [NETWORKSERVICE]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [NETSVCS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [LOCALSERVICE]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [IMGSVC]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe
PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe
PRC - [2004-08-04 00:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-03-16 20:21:00 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\system32\mgking0.dll
MOD - [2011-03-16 20:20:59 | 000,087,552 | RHS- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Temp\nodqq0.dll
MOD - [2011-03-16 20:09:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-01-05 10:49:13 | 000,841,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2010-01-05 10:49:09 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-06-25 09:23:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 16:31:27 | 000,583,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-02-09 11:03:55 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-09 11:03:55 | 000,687,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 13:53:07 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-07-03 14:03:38 | 008,489,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-01-24 10:58:57 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-01-24 10:57:51 | 000,579,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-01-24 10:56:41 | 000,549,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-01-24 10:54:46 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-01-24 10:54:40 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-01-24 10:46:46 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-01-24 10:42:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008-01-24 10:42:36 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2006-08-25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
MOD - [2004-08-04 00:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2004-08-04 00:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-04 00:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2004-08-04 00:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-04 00:42:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [On_Demand | Stopped] -- -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- -- (avast! Mail Scanner)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-04-21 08:22:17 | 000,038,784 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Axtmvprt.sys -- (Axtmvprt)
DRV - [2009-04-21 08:22:03 | 000,040,064 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Axtmvmdm.sys -- (Axtmvmdm)
DRV - [2009-04-21 08:21:42 | 000,003,456 | R--- | M] (Axesstel) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Axtmvflt.sys -- (Axtmvflt)
DRV - [2008-11-11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008-11-11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-11-11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2006-04-19 09:54:33 | 000,087,936 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2006-04-19 09:53:24 | 000,016,352 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2006-04-19 09:53:05 | 000,036,176 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2006-04-19 09:52:00 | 000,024,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004-08-04 01:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004-01-09 16:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003-12-11 16:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003-07-01 21:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003-06-12 11:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-73586283-839522115-197928-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wrzuta"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nk.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: FantapperExtension@brandaffinity.net:1.0.2
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=nVZH98lIpbRKwgeoo6Bf3Q&ind=2010080508&ptnrS=ZKfox000&si=&n=77cf64fc&psa=&st=kwd&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-18 13:05:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-12 20:21:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010-06-09 17:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Extensions
[2011-03-16 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\extensions
[2010-06-13 16:00:30 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-12-31 12:27:07 | 000,000,000 | ---D | M] ("Fantapper") -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\extensions\FantapperExtension@brandaffinity.net
[2010-12-31 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\extensions\FantapperExtension@brandaffinity.net\chrome
[2010-12-31 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\extensions\FantapperExtension@brandaffinity.net\defaults
[2010-10-09 10:45:14 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\searchplugins\mywebsearch.xml
[2010-10-24 19:49:46 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Mozilla\Firefox\Profiles\7qjp8cjp.default\searchplugins\wrzuta.xml
[2011-03-16 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAńSTWO DUSZAK\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\7QJP8CJP.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAńSTWO DUSZAK\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\7QJP8CJP.DEFAULT\EXTENSIONS\FANTAPPEREXTENSION@BRANDAFFINITY.NET
[2010-04-26 18:39:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-03-31 09:57:14 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-05-18 13:40:10 | 000,685,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll
[2010-06-12 06:15:05 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2010-06-12 06:15:05 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-06-12 06:15:05 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-06-12 06:15:05 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-06-12 06:15:05 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-06-12 06:15:05 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-08-04 11:34:11 | 000,000,883 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 62.146.191.245 ns1.bigpoint.net
O1 - Hosts: 62.146.190.5 ns2.bigpoint.net
O1 - Hosts: 216.151.180.15 ns3.bigpoint.net
O1 - Hosts: 62.146.187.21 pl1.darkorbit.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-73586283-839522115-197928-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast!] File not found
O4 - HKLM..\Run: [Bron-Spizaetus] File not found
O4 - HKLM..\Run: [Bron-Spizaetus-cgiolspw] C:\WINDOWS\ShellNew\bbm-wpsloigc.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [api32] C:\DOCUME~1\PASTWO~1\USTAWI~1\Temp\apiqq.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [AutoConnect] File not found
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [cdoosoft] C:\DOCUME~1\PASTWO~1\USTAWI~1\Temp\herss.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [dso32] C:\DOCUME~1\PASTWO~1\USTAWI~1\Temp\dsoqq.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [King_ar] C:\WINDOWS\System32\arking.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [king_mg] C:\WINDOWS\System32\mgking.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [nod32] C:\DOCUME~1\PASTWO~1\USTAWI~1\Temp\nodqq.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe (MyPortal.pl)
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [Tok-Cirrhatus] File not found
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [Tok-Cirrhatus-4566] C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\br10155on.exe ()
O4 - HKU\S-1-5-21-73586283-839522115-197928-1003..\Run: [wsctf.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\Autostart\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\sembako-cgzjloi.exe") - C:\WINDOWS\sembako-cgzjloi.exe ()
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - cmd-bro-olx.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-16 20:21:06 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-03-16 20:24:50 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-03-16 20:24:50 | 000,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-03-16 20:24:50 | 000,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06c20674-fde8-11de-a8a9-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{06c20674-fde8-11de-a8a9-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{21635eca-058c-11df-a8c5-000feaa0a10a}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{21635eca-058c-11df-a8c5-000feaa0a10a}\Shell\explore\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{21635eca-058c-11df-a8c5-000feaa0a10a}\Shell\open\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{282abfc8-2723-11e0-97b9-000feaa0a10a}\Shell\AutoRun\command - "" = G:\r3fhr.exe
O33 - MountPoints2\{282abfc8-2723-11e0-97b9-000feaa0a10a}\Shell\open\Command - "" = G:\r3fhr.exe
O33 - MountPoints2\{2b1267ee-fc4e-11de-a89f-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{2b1267ee-fc4e-11de-a89f-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2b1267f0-fc4e-11de-a89f-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{2b1267f0-fc4e-11de-a89f-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2b1267f1-fc4e-11de-a89f-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{2b1267f1-fc4e-11de-a89f-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4e084dd0-fae7-11de-a89e-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{4e084dd0-fae7-11de-a89e-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4e084dd1-fae7-11de-a89e-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{4e084dd1-fae7-11de-a89e-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58d74d52-c309-11df-969a-000feaa0a10a}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{58d74d52-c309-11df-969a-000feaa0a10a}\Shell\explore\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{58d74d52-c309-11df-969a-000feaa0a10a}\Shell\open\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{5f1fdc02-73e6-11df-9586-000feaa0a10a}\Shell\AutoRun\command - "" = G:\r3fhr.exe
O33 - MountPoints2\{5f1fdc02-73e6-11df-9586-000feaa0a10a}\Shell\open\Command - "" = G:\r3fhr.exe
O33 - MountPoints2\{8d7e46c4-2074-11df-93d7-000feaa0a10a}\Shell\AutoRun\command - "" = G:\nds0q.exe
O33 - MountPoints2\{8d7e46c4-2074-11df-93d7-000feaa0a10a}\Shell\open\Command - "" = G:\nds0q.exe
O33 - MountPoints2\{94bd356e-fad9-11de-a89d-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{94bd356e-fad9-11de-a89d-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a5298822-1955-11df-93bd-000feaa0a10a}\Shell\AutoRun\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
O33 - MountPoints2\{a5298822-1955-11df-93bd-000feaa0a10a}\Shell\open\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
O33 - MountPoints2\{ccfd512e-a87c-11df-964f-000feaa0a10a}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{ccfd512e-a87c-11df-964f-000feaa0a10a}\Shell\explore\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{ccfd512e-a87c-11df-964f-000feaa0a10a}\Shell\open\Command - "" = G:\EXPLORER.EXE
O33 - MountPoints2\{d8b18258-fdad-11de-a8a6-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b18258-fdad-11de-a8a6-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d8b1825a-fdad-11de-a8a6-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b1825a-fdad-11de-a8a6-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d8b21d08-fad8-11de-a89c-000feaa0a10a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b21d08-fad8-11de-a89c-000feaa0a10a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e3e12c99-f3bb-11de-a87d-000feaa0a10a}\Shell\AutoRun\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
O33 - MountPoints2\{e3e12c99-f3bb-11de-a87d-000feaa0a10a}\Shell\open\command - "" = G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk - C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE - (VIA)
MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]SoundMan[/b] - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Tok-Cirrhatus[/b] - hkey= - key= - C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\br10155on.exe ()
MsConfig - StartUpReg: [b]Tok-Cirrhatus-4566[/b] - hkey= - key= - C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\br10155on.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-03-16 06:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-16
[2011-03-15 21:28:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011-03-15 16:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-15
[2011-03-14 20:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\MyPortal
[2011-03-14 20:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\MyPortal
[2011-03-14 15:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-14
[2011-03-13 13:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-13
[2011-03-12 21:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Originals
[2011-03-12 20:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\AmitySource
[2011-03-12 20:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AmitySource
[2011-03-12 12:15:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011-03-12 12:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-12
[2011-03-11 18:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Unity
[2011-03-11 15:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-11
[2011-03-10 15:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-10
[2011-03-09 15:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-9
[2011-03-08 17:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Pulpit\Nowy folder
[2011-03-08 09:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-8
[2011-03-07 15:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-7
[2011-03-06 12:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-6
[2011-03-05 08:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-5
[2011-03-04 15:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-4
[2011-03-03 15:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-3
[2011-03-02 15:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-2
[2011-03-01 18:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-1
[2011-02-28 20:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HyperCam 3
[2011-02-28 20:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2011-02-28 20:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 3
[2011-02-28 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-28
[2011-02-27 14:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Pulpit\Pulpit
[2011-02-27 12:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-27
[2011-02-26 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2011-02-26 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2011-02-26 16:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\Bron.tok-18-26
[2011-02-26 16:16:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011-02-19 19:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Locktime
[2011-02-19 19:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime
[2011-02-18 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
[2011-02-18 16:51:54 | 001,657,659 | ---- | C] (TeamSpeak Systems ) -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\ts2_server_rc2_202319.exe
[2011-02-16 16:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Postal2
[2011-02-12 18:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\San Andreas Multiplayer
[2011-02-08 16:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\K-Meleon
[2011-02-08 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\K-Meleon
[2011-02-03 16:46:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\Narzędzia administracyjne
[2011-01-24 23:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\The KMPlayer
[2011-01-24 23:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\The KMPlayer
[2011-01-24 23:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011-01-24 23:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Menu Start\Programy\Vplayer
[2011-01-24 23:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Vplayer
[2011-01-24 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Codec pack Extend
[2011-01-24 23:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Crystal Player
[2011-01-21 16:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-03-16 20:26:05 | 000,000,051 | RHS- | M] () -- C:\autorun.inf
[2011-03-16 20:21:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-03-16 20:21:06 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2011-03-16 20:21:00 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\mgking0.dll
[2011-03-16 20:20:50 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-03-16 20:20:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-16 20:20:42 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-16 20:19:20 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\BronNetDomList.bat
[2011-03-16 20:02:01 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-03-16 19:53:47 | 000,129,024 | RHS- | M] () -- C:\WINDOWS\System32\arking0.dll
[2011-03-16 19:46:34 | 000,196,608 | RHS- | M] () -- C:\WINDOWS\System32\arking.exe
[2011-03-16 15:31:49 | 000,147,282 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\bez tytułu1.JPG
[2011-03-16 15:31:15 | 000,150,196 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\bez tytułu.JPG
[2011-03-15 21:44:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011-03-15 21:20:39 | 000,079,575 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\1271956614_by_kazza21_500.jpg
[2011-03-15 19:47:30 | 000,008,635 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\indeks.jpg
[2011-03-15 19:47:10 | 000,009,022 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\images.jpg
[2011-03-15 19:38:01 | 000,009,590 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\indekss.jpg
[2011-03-15 17:23:33 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\mgking1.dll
[2011-03-14 20:52:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\sx.inf
[2011-03-14 20:52:06 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\Speed-X.lnk
[2011-03-14 20:04:21 | 000,129,024 | RHS- | M] () -- C:\WINDOWS\System32\arking1.dll
[2011-03-14 17:15:09 | 000,130,048 | -H-- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\photothumb.db
[2011-03-14 17:09:20 | 000,041,766 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\heroina3.jpg
[2011-03-12 21:31:07 | 000,007,746 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\logo6.png
[2011-03-12 21:29:55 | 000,010,468 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Nike_Wallpapers_by_drift_Angel.jpg
[2011-03-06 13:35:12 | 078,405,590 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\Claax prestent energy electro mix 5.03.2011 (seciki.pl).mp3
[2011-03-06 12:45:06 | 000,031,045 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\b0fd2ef01f.jpeg
[2011-03-06 12:28:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-02 19:15:35 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-28 20:47:47 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\HyperCam 3.lnk
[2011-02-26 16:36:21 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\JunkAtx18.bin
[2011-02-26 16:16:09 | 000,000,010 | RHS- | M] () -- C:\WINDOWS\System32\sistem.sys
[2011-02-26 15:59:27 | 000,013,312 | -H-- | M] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\photothumb.db
[2011-02-18 16:51:57 | 001,657,659 | ---- | M] (TeamSpeak Systems ) -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\ts2_server_rc2_202319.exe
[2011-02-15 17:52:47 | 000,435,978 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-02-15 17:52:47 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-02-15 17:52:47 | 000,067,078 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-02-15 17:52:47 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-01-24 23:21:48 | 000,000,813 | ---- | M] () -- C:\WINDOWS\VPlayer.INI
[2011-01-24 23:21:48 | 000,000,084 | ---- | M] () -- C:\WINDOWS\VplayerINI.vpl
[2011-01-24 23:16:05 | 000,048,414 | ---- | M] () -- C:\WINDOWS\System32\uninst Codec pack Extend (ffdshow, h264, vp56).exe
[2011-01-24 20:03:09 | 000,084,799 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Gol.PNG
[2011-01-24 19:54:33 | 000,003,160 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\3ringsandtriangle.png
[2011-01-22 21:55:42 | 000,087,529 | ---- | M] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\GTA.JPG
[2011-01-18 22:26:47 | 000,000,102 | ---- | M] () -- C:\WINDOWS\FaceFun.INI
[2011-01-18 22:24:00 | 000,000,528 | RHS- | M] () -- C:\WINDOWS\PCGWIN32.LI4
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-03-16 20:19:20 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\BronNetDomList.bat
[2011-03-16 16:34:02 | 000,000,057 | RHS- | C] () -- C:\autorun.inf
[2011-03-16 15:31:49 | 000,147,282 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\bez tytułu1.JPG
[2011-03-16 15:31:15 | 000,150,196 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\bez tytułu.JPG
[2011-03-15 21:09:06 | 000,174,592 | RHS- | C] () -- C:\albkpq3.exe
[2011-03-15 19:36:14 | 000,009,590 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\indekss.jpg
[2011-03-15 19:34:41 | 000,008,635 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\indeks.jpg
[2011-03-14 20:52:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\sx.inf
[2011-03-14 20:52:06 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\Speed-X.lnk
[2011-03-14 17:07:20 | 000,041,766 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\heroina3.jpg
[2011-03-12 20:53:32 | 000,007,746 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\logo6.png
[2011-03-06 14:12:03 | 078,405,590 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\Claax prestent energy electro mix 5.03.2011 (seciki.pl).mp3
[2011-03-06 12:45:00 | 000,031,045 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\b0fd2ef01f.jpeg
[2011-02-28 20:47:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Pulpit\HyperCam 3.lnk
[2011-02-26 16:36:21 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\JunkAtx18.bin
[2011-02-26 16:16:09 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys
[2011-02-25 20:18:16 | 000,115,712 | RHS- | C] () -- C:\ysyjq1bs.exe
[2011-02-21 20:41:15 | 000,182,272 | RHS- | C] () -- C:\w9.exe
[2011-01-27 10:02:55 | 000,128,000 | RHS- | C] () -- C:\r3fhr.exe
[2011-01-24 23:20:52 | 000,000,813 | ---- | C] () -- C:\WINDOWS\VPlayer.INI
[2011-01-24 23:20:52 | 000,000,084 | ---- | C] () -- C:\WINDOWS\VplayerINI.vpl
[2011-01-24 23:16:05 | 000,048,414 | ---- | C] () -- C:\WINDOWS\System32\uninst Codec pack Extend (ffdshow, h264, vp56).exe
[2011-01-24 20:03:09 | 000,084,799 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Gol.PNG
[2011-01-24 19:54:42 | 000,003,160 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\3ringsandtriangle.png
[2011-01-22 21:55:42 | 000,087,529 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Moje dokumenty\GTA.JPG
[2011-01-18 22:24:28 | 000,000,102 | ---- | C] () -- C:\WINDOWS\FaceFun.INI
[2011-01-18 22:24:00 | 000,000,528 | RHS- | C] () -- C:\WINDOWS\PCGWIN32.LI4
[2011-01-11 21:03:59 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-12-20 21:17:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-12-10 07:51:38 | 000,597,504 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2010-12-03 18:33:46 | 000,129,024 | RHS- | C] () -- C:\WINDOWS\System32\arking1.dll
[2010-11-28 17:37:37 | 000,196,608 | RHS- | C] () -- C:\WINDOWS\System32\arking.exe
[2010-11-28 17:37:37 | 000,129,024 | RHS- | C] () -- C:\WINDOWS\System32\arking0.dll
[2010-11-08 17:17:08 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\mgking1.dll
[2010-11-08 07:38:14 | 000,182,272 | RHS- | C] () -- C:\WINDOWS\System32\mgking.exe
[2010-11-08 07:38:14 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\mgking0.dll
[2010-07-06 18:20:51 | 000,045,302 | -H-- | C] () -- C:\WINDOWS\sembako-cgzjloi.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\svchost.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\smss.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\services.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\lsass.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\WINDOWS\System32\DXBLBA.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\csrss.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\WINDOWS\System32\cmd-bro-olx.exe
[2010-07-06 18:20:51 | 000,045,302 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\br10155on.exe
[2010-06-08 18:03:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1605931354.bin
[2010-03-21 17:20:11 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2010-03-21 17:20:10 | 000,078,085 | ---- | C] () -- C:\WINDOWS\System32\Pattern.dat
[2010-03-21 17:19:04 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2010-03-21 17:19:01 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2010-03-21 17:19:01 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\Animation.dll
[2010-03-21 17:19:01 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2010-03-13 09:17:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2010-02-05 12:56:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-01-10 10:38:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-01-03 14:06:40 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-31 08:56:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-12-29 07:29:06 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009-12-28 19:17:06 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-12-28 19:15:20 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-12-28 18:34:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-12-28 18:25:49 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-12-28 15:21:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009-12-28 15:19:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2009-12-28 15:13:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009-12-28 15:13:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007-01-17 17:40:04 | 000,403,968 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007-01-17 17:40:02 | 003,158,528 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007-01-17 17:40:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007-01-17 17:26:42 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006-12-31 22:00:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006-11-02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006-10-28 19:10:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2004-10-12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004-10-12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004-10-09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004-08-04 00:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002-10-06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-04 23:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-04 23:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-04 23:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001-10-26 17:15:16 | 000,435,978 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 17:15:16 | 000,067,078 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-17 22:30:24 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-17 22:30:22 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-21 23:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-09 14:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-03-15 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-02-19 19:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime
[2010-04-19 19:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-03-31 16:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-03-21 16:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Avant Browser
[2011-01-24 23:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Crystal Player
[2010-03-09 14:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\ESET
[2010-05-16 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Gadu-Gadu
[2010-03-16 20:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Gadu-Gadu 10
[2010-09-11 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\GanymedeNet
[2010-10-01 18:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\gtk-2.0
[2010-03-08 11:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\InterTrust
[2010-01-08 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\iPlus
[2010-09-09 17:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\LG Electronics
[2011-02-19 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Locktime
[2010-03-15 20:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\OpenFM
[2010-03-10 14:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Opera
[2010-06-25 19:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\PowerChallenge
[2011-02-08 16:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Toolbar4
[2011-03-11 18:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\Unity
[2010-04-14 14:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Państwo Duszak\Dane aplikacji\uTorrent
[2010-08-24 18:18:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-06-21 17:24:58 | 000,117,248 | RHS- | M] () -- C:\09lf.exe
[2010-07-31 17:58:29 | 000,116,224 | RHS- | M] () -- C:\6mhbwj.exe
[2010-10-23 16:41:14 | 000,162,816 | RHS- | M] () -- C:\9d6resf.exe
[2010-11-02 16:02:18 | 000,153,088 | RHS- | M] () -- C:\9keibj.exe
[2010-10-30 11:13:12 | 000,174,592 | RHS- | M] () -- C:\albkpq3.exe
[2010-10-30 16:23:32 | 000,175,616 | RHS- | M] () -- C:\apqpm.exe
[2011-03-16 20:21:06 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2011-03-16 20:27:19 | 000,000,051 | RHS- | M] () -- C:\autorun.inf
[2010-06-03 16:39:14 | 000,116,736 | RHS- | M] () -- C:\awb3ryk.exe
[2010-10-28 16:41:39 | 000,175,616 | RHS- | M] () -- C:\b9v.exe
[2010-07-16 07:37:05 | 000,117,760 | RHS- | M] () -- C:\biriprg.exe
[2011-03-15 21:44:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-11-14 09:09:32 | 000,178,176 | RHS- | M] () -- C:\bud3mkqr.exe
[2010-11-11 16:45:34 | 000,179,712 | RHS- | M] () -- C:\cbbw88s.exe
[2010-06-01 15:33:27 | 000,115,200 | RHS- | M] () -- C:\cgaqyi.exe
[2009-12-28 18:30:07 | 000,000,000 | ---- | M] () -- C:\CONFIG
[2010-11-09 16:06:01 | 000,178,176 | RHS- | M] () -- C:\dwh.exe
[2010-11-06 16:29:17 | 000,174,592 | RHS- | M] () -- C:\egmjjb.exe
[2010-11-17 16:34:09 | 000,176,640 | RHS- | M] () -- C:\et3ypes.exe
[2010-06-25 16:11:20 | 000,117,248 | RHS- | M] () -- C:\eyruu.exe
[2010-05-25 16:15:06 | 000,113,152 | RHS- | M] () -- C:\f662sjd.exe
[2010-07-05 15:44:03 | 000,117,248 | RHS- | M] () -- C:\g6jk.exe
[2010-10-14 15:56:55 | 000,174,592 | RHS- | M] () -- C:\h3wp9.exe
[2011-03-16 20:20:42 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-22 18:25:06 | 000,179,712 | RHS- | M] () -- C:\i00dvoym.exe
[2010-07-14 16:50:46 | 000,116,224 | RHS- | M] () -- C:\i8gcgmg.exe
[2009-12-28 18:30:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-10-14 10:04:44 | 000,174,592 | RHS- | M] () -- C:\io3yalc.exe
[2010-10-21 18:33:29 | 000,162,816 | RHS- | M] () -- C:\jeo3ky.exe
[2010-10-20 17:23:24 | 000,162,816 | RHS- | M] () -- C:\jofk1wf.exe
[2010-06-16 06:15:16 | 000,114,688 | RHS- | M] () -- C:\krwyrv0d.exe
[2010-10-16 16:12:54 | 000,174,592 | RHS- | M] () -- C:\kyme.exe
[2010-11-04 19:12:22 | 000,173,568 | RHS- | M] () -- C:\l10.exe
[2010-10-27 05:38:51 | 000,180,224 | RHS- | M] () -- C:\lpl.exe
[2009-12-28 18:30:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-06-08 16:15:54 | 000,114,688 | RHS- | M] () -- C:\n0qls.exe
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 22:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2010-10-18 17:20:10 | 000,162,816 | RHS- | M] () -- C:\o1o.exe
[2010-05-15 18:52:10 | 000,112,640 | RHS- | M] () -- C:\p6xebrnt.exe
[2011-03-16 20:20:41 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2010-04-02 08:02:44 | 000,116,736 | RHS- | M] () -- C:\pbyqfn.exe
[2004-08-04 00:44:26 | 000,283,136 | ---- | M] (Cinematronics) -- C:\PINBALL.EXE
[2010-04-19 08:02:01 | 000,128,000 | RHS- | M] () -- C:\r3fhr.exe
[2010-10-25 16:19:17 | 000,139,264 | RHS- | M] () -- C:\r3q63rok.exe
[2010-07-13 12:08:19 | 000,116,736 | RHS- | M] () -- C:\r3x0k.exe
[2010-06-11 06:18:44 | 000,116,736 | RHS- | M] () -- C:\rfg.exe
[2010-10-27 15:55:44 | 000,178,688 | RHS- | M] () -- C:\tscl.exe
[2010-11-28 11:18:37 | 000,182,272 | RHS- | M] () -- C:\w9.exe
[2010-03-13 11:15:25 | 000,140,408 | ---- | M] () -- C:\Worms-(8)-[!].gs0
[2010-10-18 05:43:57 | 000,175,104 | RHS- | M] () -- C:\wq.exe
[2010-07-07 19:47:33 | 000,116,224 | RHS- | M] () -- C:\x3xh.exe
[2010-06-08 05:54:27 | 000,115,200 | RHS- | M] () -- C:\yqq8eqil.exe
[2010-04-05 20:12:09 | 000,115,712 | RHS- | M] () -- C:\ysyjq1bs.exe
[2010-11-26 13:43:30 | 000,182,784 | RHS- | M] () -- C:\yveqsh93.exe
[2010-09-11 13:19:05 | 000,000,534 | ---- | M] () -- C:\[20081211]InternetKit.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-24 11:05:50 | 016,733,141 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-01-24 11:05:50 | 016,733,141 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\System32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\System32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-24 11:05:50 | 016,733,141 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\System32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\System32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\System32\winlogon.exe
[2010-08-07 18:19:32 | 000,045,302 | ---- | M] () MD5=1C750E4F327E0050D4F5790FD882A436 -- C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

< End of report >[/log]

[log]OTL Extras logfile created on: 2011-03-16 20:23:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 28,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 2,70 Gb Free Space | 18,46% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 23,32 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
Drive E: | 35,46 Gb Total Space | 26,51 Gb Free Space | 74,76% Space Free | Partition Type: NTFS

Computer Name: PA-5BDB842177E2 | User Name: Państwo Duszak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Axesstel\AxessManager\AxessManager.exe" = C:\Program Files\Axesstel\AxessManager\AxessManager.exe:*:Enabled:AxessManager Application
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (Gadu-Gadu S.A.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Team17\Worms 2\Frontend.exe" = C:\Program Files\Team17\Worms 2\Frontend.exe:*:Enabled:Worms 2 Frontend
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3J5O7PJ4\Wowd-4.0.3-beta-Windows-appbar[1].exe" = C:\Documents and Settings\Państwo Duszak\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3J5O7PJ4\Wowd-4.0.3-beta-Windows-appbar[1].exe:*:Enabled:Wowd
"C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie\Wowd-4.0.3-beta-Windows-appbar.exe" = C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Pobieranie\Wowd-4.0.3-beta-Windows-appbar.exe:*:Enabled:Wowd
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Wowd-4.1.0-beta-Windows-appbar.exe" = C:\Documents and Settings\Państwo Duszak\Moje dokumenty\Wowd-4.1.0-beta-Windows-appbar.exe:*:Enabled:Wowd -- (Wowd, Inc.)
"C:\Documents and Settings\Państwo Duszak\Pulpit\Wowd-4.1.0-beta-Windows-appbar.exe" = C:\Documents and Settings\Państwo Duszak\Pulpit\Wowd-4.1.0-beta-Windows-appbar.exe:*:Enabled:Wowd
"C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe:*:Enabled:Wowd -- (Sun Microsystems, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""SubEdit-Player"" = "SubEdit-Player"
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{23D51AF4-E674-4F4C-A937-F98E458A37AB}_is1" = Testy B 2010a
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{A05BE20E-6510-44BC-95ED-6E6D730407D3}" = Vplayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"7-Zip" = 7-Zip 4.35 beta
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"Codec pack Extend (ffdshow, h264, vp5/6)" = Codec pack Extend (ffdshow, h264, vp5/6)
"DirectShowPack" = DirectShow Pack (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Enable S3 for USB Device" = Enable S3 for USB Device
"Fraps" = Fraps
"Gadu-Gadu" = Gadu-Gadu 7.7
"HyperCam 3" = HyperCam 3
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"Kreator sygnatur 1.0" = Kreator sygnatur 1.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PhotoScape" = PhotoScape
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SPEEDX" = Speed-X (uninstall)
"The KMPlayer" = The KMPlayer (remove only)
"UserBar Generator_is1" = UserBar Generator 1.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"XP Codec Pack" = XP Codec Pack

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-73586283-839522115-197928-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2010-05-11 06:57:02 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-11 10:51:14 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-11 12:46:10 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-12 08:23:41 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-13 06:56:19 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-14 00:36:16 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-14 09:46:24 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-14 11:12:18 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-14 11:13:51 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

Error - 2010-05-14 11:18:27 | Computer Name = PA-5BDB842177E2 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2011-02-28 16:18:08 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd smm_hypercam.exe, wersja 3.0.912.7, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-02-28 16:22:59 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-03-02 14:15:42 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący
błąd dbghelp.dll, wersja 5.1.2600.2180, adres błędu 0x0001295d.

Error - 2011-03-02 17:35:19 | Computer Name = PA-5BDB842177E2 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca taskmgr.exe, wersja 5.1.2600.2180, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-03-06 12:50:35 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.2900.0.2180, moduł
powodujący błąd apiqq0.dll, wersja 0.0.0.0, adres błędu 0x00023c2f.

Error - 2011-03-11 13:42:45 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.21183, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0abec28e.

Error - 2011-03-12 10:48:09 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.21183, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x093ec28e.

Error - 2011-03-13 11:09:38 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3989,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x0000100b.

Error - 2011-03-14 15:01:51 | Computer Name = PA-5BDB842177E2 | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 800706BF z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-03-16 15:19:34 | Computer Name = PA-5BDB842177E2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3989,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x0000100b.

[ System Events ]
Error - 2011-03-16 14:49:15 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! iAVS4 Control Service z powodu następującego
błędu: %%3

Error - 2011-03-16 14:49:15 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! Antivirus z powodu następującego
błędu: %%3

Error - 2011-03-16 14:53:37 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! iAVS4 Control Service z powodu następującego
błędu: %%3

Error - 2011-03-16 14:53:37 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! Antivirus z powodu następującego
błędu: %%3

Error - 2011-03-16 15:03:28 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! iAVS4 Control Service z powodu następującego
błędu: %%3

Error - 2011-03-16 15:03:28 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! Antivirus z powodu następującego
błędu: %%3

Error - 2011-03-16 15:10:18 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! iAVS4 Control Service z powodu następującego
błędu: %%3

Error - 2011-03-16 15:10:18 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! Antivirus z powodu następującego
błędu: %%3

Error - 2011-03-16 15:20:57 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! iAVS4 Control Service z powodu następującego
błędu: %%3

Error - 2011-03-16 15:20:57 | Computer Name = PA-5BDB842177E2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi avast! Antivirus z powodu następującego
błędu: %%3


< End of report >[/log]

drobny2992
komentarz
komentarz

Uruchom program Combofix, który usunie wszystkie zainfekowane pliki. Potem przeskanuj komputer antywirusem oraz napraw system poleceniem chkdsk c: /r w wierszu poleceń i będzie działać ;)

Tomek01
komentarz
komentarz

Rzeczywiście w Twoim przypadku zastosowanie Combofix'a jest wskazane, Zrób przedtem jednak obraz partycji systemowej.
Podczas instalacji Combofix'a koniecznie zezwól na instalację konsoli odzyskiwania !
Jest wirus BronTok, różne infekcje z mediów przenośnych, ogólnie syf.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.