Blokada netu

Dla specjalistów Bezpieczeństwo
#1

Zostałem zablokowany potrzebna pomoc i info jak się zabezpieczyć na przyszłość :frowning:

#2

W trybie awaryjnym z dostępem do internetu

Pobierz OTL analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html#p3059741 przeskanuj daj log OTL.txt oraz Extras.txt.

:slight_smile:

#3

http://www.wklej.org/id/868282/

http://www.wklej.org/id/868322/

#4

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile:

#5

All processes killed

========== OTL ==========

No active process named lsass.exe was found!

Registry key HKEY_USERS\S-1-5-21-1801674531-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-1801674531-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-1801674531-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hpqSRMon deleted successfully.

C:\Documents and Settings\Zbyszek.ZBYSZEK1\Menu Start\Programy\Autostart\ctfmon.lnk moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\lsass.exe moved successfully.

File C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\lsass.exe not found.

C:\Program Files\Common Files\ApnToolbarInstaller.exe moved successfully.

C:\Program Files\Common Files\ApnStub.exe moved successfully.

File C:\WINDOWS\tasks\Adobe Flash Player Updater.job not found.

File C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Zbyszek Logon.job not found.

File C:\Documents and Settings\Zbyszek.ZBYSZEK1\Menu Start\Programy\Autostart\ctfmon.lnk not found.

File C:\WINDOWS\tasks\AppleSoftwareUpdate.job not found.

File C:\Documents and Settings\Zbyszek.ZBYSZEK1\Menu Start\Programy\Autostart\ctfmon.lnk not found.

C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Babylon folder moved successfully.

C:\Documents and Settings\Zbyszek\Dane aplikacji\BabylonToolbar\BabylonToolbar folder moved successfully.

C:\Documents and Settings\Zbyszek.ZBYSZEK1\Dane aplikacji\Babylon folder moved successfully.

C:\Documents and Settings\Zbyszek.ZIBI\Dane aplikacji\Babylon folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 73962 bytes

->Flash cache emptied: 56502 bytes

User: Administrator.ZBYSZEK1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56478 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56478 bytes

User: LocalService

->Temp folder emptied: 82513 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.ZARZĄDZANIE NT

->Temp folder emptied: 82245 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.ZARZĄDZANIE NT.000

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33490 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 46931262 bytes

User: NetworkService.ZARZĄDZANIE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 145037422 bytes

User: NetworkService.ZARZĄDZANIE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 830746 bytes

User: Zbyszek

->Temporary Internet Files folder emptied: 23690367 bytes

->Flash cache emptied: 111539 bytes

User: Zbyszek.ZBYSZEK1

->Temp folder emptied: 4738058 bytes

->Temporary Internet Files folder emptied: 1196190 bytes

->FireFox cache emptied: 3953127 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 766 bytes

User: Zbyszek.ZIBI

->Temp folder emptied: 0 bytes

->FireFox cache emptied: 50178866 bytes

->Google Chrome cache emptied: 6967886 bytes

->Flash cache emptied: 737 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 8494116 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21495747 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 300,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11112012_193657

Files\Folders moved on Reboot…

PendingFileRenameOperations files…

Dodane 11.11.2012 (N) 20:10

OTL logfile created on: 2012-11-11 19:54:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,32% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,29% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,47 Gb Total Space | 0,96 Gb Free Space | 4,91% Space Free | Partition Type: NTFS

Drive D: | 149,04 Gb Total Space | 140,21 Gb Free Space | 94,07% Space Free | Partition Type: NTFS

Drive E: | 92,19 Gb Total Space | 88,05 Gb Free Space | 95,51% Space Free | Partition Type: NTFS

Drive H: | 244,14 Gb Total Space | 237,53 Gb Free Space | 97,29% Space Free | Partition Type: NTFS

Drive I: | 221,62 Gb Total Space | 0,31 Gb Free Space | 0,14% Space Free | Partition Type: NTFS

Drive K: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,40% Space Free | Partition Type: FAT32

Computer Name: ZBYSZEK1 | User Name: Zbyszek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-11 15:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\OTL.exe

PRC - [2012-11-09 11:58:06 | 000,711,112 | ---- | M] () – C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

PRC - [2012-10-02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-09-13 14:26:52 | 001,006,448 | ---- | M] () – C:\WINDOWS\system32\dmwu.exe

PRC - [2012-08-23 14:40:04 | 000,188,760 | ---- | M] () – C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

PRC - [2012-08-13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgidsagent.exe

PRC - [2012-07-26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2012-06-13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2012-03-19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2012-02-14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2012-02-14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012-11-09 11:58:06 | 000,711,112 | ---- | M] () – C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

MOD - [2012-09-13 14:26:52 | 001,006,448 | ---- | M] () – C:\WINDOWS\system32\dmwu.exe

MOD - [2012-09-13 14:24:48 | 000,028,160 | ---- | M] () – C:\WINDOWS\system32\ImHttpComm.dll

MOD - [2012-08-23 14:40:04 | 000,188,760 | ---- | M] () – C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – %SystemRoot%\System32\hidserv.dll – (HidServ)

SRV - File not found [On_Demand | Stopped] – %SystemRoot%\System32\appmgmts.dll – (AppMgmt)

SRV - [2012-11-09 11:58:06 | 000,711,112 | ---- | M] () [Auto | Running] – C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe – (vToolbarUpdater13.2.0)

SRV - [2012-10-11 17:34:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)

SRV - [2012-10-02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe – (Skype C2C Service)

SRV - [2012-09-13 14:26:52 | 001,006,448 | ---- | M] () [Auto | Running] – C:\WINDOWS\system32\dmwu.exe – (WebOptimizer)

SRV - [2012-08-23 14:40:04 | 000,188,760 | ---- | M] () [Auto | Running] – C:\Program Files\Web Assistant\ExtensionUpdaterService.exe – (Web Assistant Updater)

SRV - [2012-08-13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] – C:\Program Files\AVG\AVG2012\avgidsagent.exe – (AVGIDSAgent)

SRV - [2012-06-07 18:12:14 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)

SRV - [2012-02-14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] – C:\Program Files\AVG\AVG2012\avgwdsvc.exe – (avgwd)

SRV - [2010-12-19 16:06:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2008-04-14 18:20:44 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\WINDOWS\system32\p2pgasvc.dll – (p2pgasvc)

SRV - [2008-04-14 18:20:33 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\WINDOWS\system32\iprip.dll – (Iprip)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] – -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] – -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] – -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] – -- (Changer)

DRV - [2012-11-09 11:58:12 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avgtpx86.sys – (avgtp)

DRV - [2012-08-24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avgtdix.sys – (Avgtdix)

DRV - [2012-07-26 07:18:58 | 000,023,524 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\System32\drivers\GVTDrv.sys – (GVTDrv)

DRV - [2012-07-26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avgldx86.sys – (Avgldx86)

DRV - [2012-07-20 22:02:16 | 000,004,501 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\gdrv.sys – (gdrv)

DRV - [2012-04-19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\avgidshx.sys – (AVGIDSHX)

DRV - [2012-01-31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] – C:\WINDOWS\system32\drivers\avgrkx86.sys – (Avgrkx86)

DRV - [2011-12-23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] – C:\WINDOWS\system32\drivers\avgmfx86.sys – (Avgmfx86)

DRV - [2011-12-23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\avgidsshimx.sys – (AVGIDSShim)

DRV - [2011-12-23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\avgidsfilterx.sys – (AVGIDSFilter)

DRV - [2011-12-23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\avgidsdriverx.sys – (AVGIDSDriver)

DRV - [2011-02-24 17:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)

DRV - [2010-02-11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\tcpip6.sys – (Tcpip6)

DRV - [2009-11-18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)

DRV - [2009-11-18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)

DRV - [2009-06-30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\nvgts.sys – (nvgts)

DRV - [2008-04-13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmnt.sys – (nm)

DRV - [2005-12-21 09:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ar5211.sys – (AR5211)

DRV - [2005-05-25 03:07:32 | 001,198,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag)

DRV - [2005-03-09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] – C:\WINDOWS\system32\drivers\AmdK8.sys – (AmdK8)

DRV - [2004-08-03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139)

DRV - [2004-05-02 09:47:08 | 000,023,040 | R— | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\System32\drivers\GVCplDrv.sys – (GVCplDrv)

DRV - [2003-09-25 15:00:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ov519vid.sys – (ovt519)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=1&crg=3.1010000&barid={04BCCA8B-D4E6-11E1-810A-000ACD08178D}

IE - HKLM…\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … t=1&barid={04BCCA8B-D4E6-11E1-810A-000ACD08178D}&q={searchTerms}&barid={04BCCA8B-D4E6-11E1-810A-000ACD08178D}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU…\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

IE - HKCU…\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU…\SearchScopes{39164D44-FF9F-405C-A9F4-7C5EA06237EE}: “URL” = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU…\SearchScopes{580F4093-0F46-4EF6-AD85-410D4CB08DAF}: “URL” = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=15

IE - HKCU…\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = https://isearch.avg.com/search?cid={D615D637-39F3-469B-B8D8-368A01F56D0C}&mid=64bdb4a8f96047d0a35ed16861072d91-06ce4fc639803a2e3563922518183d8e94088cb9〈=pl&ds=AVG&pr=fr&d=2012-07-06 14:04:19&v=12.2.5.32&sap=dsp&q={searchTerms}

IE - HKCU…\SearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}: “URL” = http://search.sweetim.com/search.asp?sr … t=1&barid={04BCCA8B-D4E6-11E1-810A-000ACD08178D}&q={searchTerms}&barid={04BCCA8B-D4E6-11E1-810A-000ACD08178D}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = 46.149.112.101:80

========== FireFox ==========

FF - prefs.js…browser.search.selectedEngine: “AVG Secure Search”

FF - prefs.js…extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js…extensions.enabledItems: avg@toolbar:13.2.0.5

FF - prefs.js…extensions.enabledItems: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.478

FF - prefs.js…keyword.URL: “http://isearch.avg.com/search?cid=%7B2d6456ad-0237-4f41-a85b-66a3cd4d653e%7D&mid=64bdb4a8f96047d0a35ed16861072d91-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=13.2.0.5〈=pl&pr=fr&d=2012-07-06%2014%3A04%3A19&sap=ku&q=

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\avg@toolbar: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AVG Secure Search\FireFoxExt\13.2.0.5 [2012-11-09 11:59:36 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012-08-30 14:28:25 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012-11-09 20:35:58 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-09 20:35:46 | 000,000,000 | —D | M]

[2012-11-09 20:35:59 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Dane aplikacji\Mozilla\Extensions

[2012-11-09 23:18:32 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Dane aplikacji\Mozilla\Firefox\Profiles\dypvzktr.default\extensions

[2012-11-09 23:18:32 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Dane aplikacji\Mozilla\Firefox\Profiles\dypvzktr.default\extensions{20a82645-c095-46ed-80e3-08825760534b}

[2012-11-09 20:35:46 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2012-10-27 20:34:09 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012-11-09 11:59:36 | 000,000,000 | —D | M] (AVG Security Toolbar) – C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DANE APLIKACJI\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5

[2012-08-30 14:28:25 | 000,000,000 | —D | M] (Web Assistant) – C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

[2012-03-15 20:49:35 | 000,000,000 | —D | M] (DataMngr) – C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

[2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) – C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2010-10-12 21:19:45 | 000,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-11-09 11:58:39 | 000,003,572 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2010-10-12 21:19:45 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2010-10-12 21:19:45 | 000,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2010-10-12 21:19:45 | 000,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2010-10-12 21:19:45 | 000,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2010-10-12 21:19:45 | 000,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - homepage: http://www.google.com

CHR - Extension: Dysk Google = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Web Assistant = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

CHR - Extension: AVG Secure Search = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

CHR - Extension: AVG Secure Search = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0.bak

CHR - Extension: Gmail = C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-06-27 11:48:33 | 000,000,772 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKCU…\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\AutorunsDisabled [2012-11-11 17:54:52 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Zbyszek.ZBYSZEK1\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{879250B7-DD2E-4012-9338-9D2530F75C96}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-16 11:36:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2011-06-01 17:44:06 | 000,000,089 | ---- | M] () - I:\AUTORUN.INF – [NTFS]

O32 - AutoRun File - [2011-08-25 12:59:48 | 000,000,028 | -H-- | M] () - K:\Autorun.ini – [FAT32]

O32 - AutoRun File - [2012-11-11 17:05:52 | 000,540,921 | ---- | M] () - K:\Autoruns.zip – [FAT32]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-11 19:54:11 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\OTL.exe

[2012-11-11 17:46:05 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\AutorunsDisabled

[2012-11-11 16:45:51 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\AVG2013

[2012-11-10 10:02:20 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\HP Product Assistant

[2012-11-09 22:59:38 | 000,000,000 | RH-D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Recent

[2012-11-09 17:28:00 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\CCleaner

[2012-11-09 17:27:59 | 000,000,000 | —D | C] – C:\Program Files\CCleaner

[2012-11-09 17:25:21 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Temp

[2012-11-05 10:40:49 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\MFAData

[2012-11-05 10:40:49 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Avg2013

[2012-10-27 20:34:07 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox

[2012-10-24 13:03:31 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Dane aplikacji\Apple Computer

[2012-10-23 19:21:16 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\QuickTime

[2012-10-23 19:21:12 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer

[2012-10-23 19:20:09 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Apple

[2012-10-23 19:20:08 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple

[2012-10-23 19:19:26 | 000,000,000 | —D | C] – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\Apple Computer

========== Files - Modified Within 30 Days ==========

[2012-11-11 19:49:47 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2012-11-11 19:49:39 | 000,133,280 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2012-11-11 18:22:09 | 083,023,306 | ---- | M] () – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\0tbpw.pad

[2012-11-11 17:05:52 | 000,540,921 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\Autoruns.zip

[2012-11-11 15:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\OTL.exe

[2012-11-11 14:05:02 | 000,013,780 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2012-11-10 10:33:04 | 000,000,595 | ---- | M] () – C:\WINDOWS\wincmd.ini

[2012-11-09 20:35:50 | 000,001,602 | ---- | M] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\Mozilla Firefox.lnk

[2012-11-09 19:54:06 | 000,500,302 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2012-11-09 19:54:06 | 000,441,260 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2012-11-09 19:54:06 | 000,088,838 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2012-11-09 19:54:06 | 000,071,196 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2012-11-09 19:15:24 | 000,000,664 | ---- | M] () – C:\WINDOWS\System32\d3d9caps.dat

[2012-11-09 18:54:08 | 099,770,965 | ---- | M] () – C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012-11-09 17:28:00 | 000,000,682 | ---- | M] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\CCleaner.lnk

[2012-11-09 11:58:12 | 000,026,984 | ---- | M] (AVG Technologies) – C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012-11-08 18:46:20 | 000,002,267 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\Skype.lnk

[2012-11-08 14:23:50 | 012,395,280 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\Kamila HD_temp 1 kopia_pusta kopia.psd

[2012-11-08 12:27:40 | 006,519,749 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\z_01.psd

[2012-11-07 21:11:40 | 000,221,853 | ---- | M] () – C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012-11-07 19:23:34 | 000,002,447 | ---- | M] () – C:\user.js

[2012-11-06 14:02:58 | 000,000,096 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\default.pls

[2012-11-06 14:02:46 | 000,000,116 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2012-11-05 12:26:01 | 000,012,288 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-10-23 19:21:16 | 000,001,604 | ---- | M] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\QuickTime Player.lnk

[2012-10-21 14:29:00 | 000,029,196 | ---- | M] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\freshlime3.jpg

========== Files Created - No Company Name ==========

[2012-11-11 17:07:39 | 000,540,921 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\Autoruns.zip

[2012-11-10 09:54:27 | 000,133,280 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2012-11-09 20:35:50 | 000,001,602 | ---- | C] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\Mozilla Firefox.lnk

[2012-11-09 19:15:24 | 000,000,664 | ---- | C] () – C:\WINDOWS\System32\d3d9caps.dat

[2012-11-09 19:10:24 | 083,023,306 | ---- | C] () – C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\0tbpw.pad

[2012-11-09 17:28:00 | 000,000,682 | ---- | C] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\CCleaner.lnk

[2012-11-08 12:27:38 | 006,519,749 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\z_01.psd

[2012-10-23 19:21:16 | 000,001,604 | ---- | C] () – C:\Documents and Settings\All Users.WINDOWS\Pulpit\QuickTime Player.lnk

[2012-10-23 19:20:08 | 000,001,830 | ---- | C] () – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Apple Software Update.lnk

[2012-10-21 14:29:00 | 000,029,196 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\freshlime3.jpg

[2012-10-18 14:31:02 | 012,395,280 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Pulpit\Kamila HD_temp 1 kopia_pusta kopia.psd

[2012-09-24 15:42:08 | 000,000,000 | ---- | C] () – C:\WINDOWS\hpqEmlSz.INI

[2012-09-24 15:08:01 | 000,178,280 | ---- | C] () – C:\WINDOWS\hpoins21.dat

[2012-09-24 15:08:01 | 000,007,262 | ---- | C] () – C:\WINDOWS\hpomdl21.dat

[2012-09-04 14:58:46 | 000,000,051 | ---- | C] () – C:\WINDOWS\AudioServe.ini

[2012-09-03 15:13:13 | 000,178,299 | ---- | C] () – C:\WINDOWS\hpoins21.dat.temp

[2012-09-03 15:13:12 | 000,007,262 | ---- | C] () – C:\WINDOWS\hpomdl21.dat.temp

[2012-08-30 14:28:36 | 001,006,448 | ---- | C] () – C:\WINDOWS\System32\dmwu.exe

[2012-08-30 14:28:35 | 000,028,160 | ---- | C] () – C:\WINDOWS\System32\ImHttpComm.dll

[2012-08-01 10:51:06 | 000,008,704 | ---- | C] () – C:\WINDOWS\System32\CNMVS79.DLL

[2012-07-27 10:40:51 | 000,012,288 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-07-23 17:32:52 | 000,000,116 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2012-07-23 14:27:47 | 000,002,296 | ---- | C] () – C:\WINDOWS\mozver.dat

[2012-07-20 12:27:49 | 000,000,096 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\default.pls

[2012-07-06 11:49:19 | 000,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2012-07-06 11:32:37 | 000,000,000 | ---- | C] () – C:\WINDOWS\Irremote.ini

[2012-07-03 15:01:57 | 000,000,754 | ---- | C] () – C:\WINDOWS\WORDPAD.INI

[2012-07-02 16:27:33 | 000,040,960 | ---- | C] () – C:\WINDOWS\CleanDev.exe

[2012-07-02 16:27:33 | 000,032,528 | ---- | C] () – C:\WINDOWS\amcap.exe

[2012-06-26 12:49:22 | 000,484,352 | ---- | C] () – C:\WINDOWS\System32\lame_enc.dll

[2012-06-21 15:00:52 | 000,178,176 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2012-06-21 15:00:51 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini

[2012-06-21 14:52:17 | 000,258,048 | ---- | C] () – C:\WINDOWS\System32\libFLAC.dll

[2012-06-21 14:46:26 | 000,000,595 | ---- | C] () – C:\WINDOWS\wincmd.ini

[2012-06-21 12:34:41 | 000,003,072 | ---- | C] () – C:\WINDOWS\System32\iacenc.dll

[2012-06-14 21:23:09 | 000,000,141 | ---- | C] () – C:\Documents and Settings\Zbyszek.ZBYSZEK1\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2012-06-14 21:23:01 | 000,023,524 | ---- | C] () – C:\WINDOWS\System32\drivers\GVTDrv.sys

[2012-06-14 20:41:48 | 000,516,096 | ---- | C] () – C:\WINDOWS\System32\ati2sgag.exe

[2012-06-14 20:41:39 | 000,093,878 | R— | C] () – C:\WINDOWS\System32\atiicdxx.dat

[2012-06-14 20:40:02 | 000,023,040 | R— | C] () – C:\WINDOWS\System32\drivers\GVCplDrv.sys

[2012-06-13 19:49:38 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[2012-06-13 19:10:29 | 000,040,960 | R— | C] () – C:\WINDOWS\System32\ChCfg.exe

[2012-06-13 18:03:18 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat

[2012-06-13 17:58:29 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat

[2012-04-22 21:12:22 | 004,424,704 | ---- | C] () – C:\WINDOWS\System32\ffmpeg.dll

[2012-04-09 00:40:36 | 000,079,360 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2012-04-09 00:39:46 | 000,260,608 | ---- | C] () – C:\WINDOWS\System32\TomsMoComp_ff.dll

[2012-04-09 00:39:32 | 000,158,720 | ---- | C] () – C:\WINDOWS\System32\ff_unrar.dll

[2012-04-09 00:39:32 | 000,099,840 | ---- | C] () – C:\WINDOWS\System32\ff_wmv9.dll

[2012-04-09 00:39:30 | 001,525,248 | ---- | C] () – C:\WINDOWS\System32\ff_samplerate.dll

[2012-04-09 00:39:30 | 000,146,944 | ---- | C] () – C:\WINDOWS\System32\ff_libmad.dll

[2012-04-09 00:39:28 | 000,212,480 | ---- | C] () – C:\WINDOWS\System32\ff_libdts.dll

[2012-04-09 00:39:28 | 000,115,200 | ---- | C] () – C:\WINDOWS\System32\ff_liba52.dll

[2012-04-09 00:39:26 | 000,328,704 | ---- | C] () – C:\WINDOWS\System32\ff_libfaad2.dll

[2012-03-29 15:21:26 | 000,172,032 | ---- | C] () – C:\WINDOWS\System32\libbluray.dll

[2012-03-29 15:21:18 | 006,582,226 | ---- | C] () – C:\WINDOWS\System32\avcodec-lav-54.dll

[2012-03-29 15:21:18 | 001,152,365 | ---- | C] () – C:\WINDOWS\System32\avformat-lav-54.dll

[2012-03-29 15:21:18 | 000,374,152 | ---- | C] () – C:\WINDOWS\System32\swscale-lav-2.dll

[2012-03-29 15:21:18 | 000,207,872 | ---- | C] () – C:\WINDOWS\System32\avutil-lav-51.dll

[2012-03-29 15:21:18 | 000,144,523 | ---- | C] () – C:\WINDOWS\System32\avfilter-lav-2.dll

[2011-12-07 20:32:24 | 000,216,064 | ---- | C] ( ) – C:\WINDOWS\System32\Lagarith.dll

[2011-09-08 15:00:52 | 000,150,528 | ---- | C] () – C:\WINDOWS\System32\mkx.dll

[2011-09-08 15:00:48 | 000,142,336 | ---- | C] () – C:\WINDOWS\System32\mp4.dll

[2011-09-08 15:00:42 | 000,123,392 | ---- | C] () – C:\WINDOWS\System32\ogm.dll

[2011-09-08 15:00:38 | 000,249,856 | ---- | C] () – C:\WINDOWS\System32\dxr.dll

[2011-09-08 15:00:34 | 000,113,152 | ---- | C] () – C:\WINDOWS\System32\dsmux.exe

[2011-09-08 15:00:24 | 000,154,624 | ---- | C] () – C:\WINDOWS\System32\ts.dll

[2011-09-08 15:00:10 | 000,137,728 | ---- | C] () – C:\WINDOWS\System32\mkv2vfr.exe

[2011-09-08 15:00:06 | 000,358,400 | ---- | C] () – C:\WINDOWS\System32\gdsmux.exe

[2011-09-08 14:59:54 | 000,080,384 | ---- | C] () – C:\WINDOWS\System32\mkzlib.dll

[2011-09-08 14:59:52 | 000,024,576 | ---- | C] () – C:\WINDOWS\System32\mkunicode.dll

[2011-05-30 14:42:50 | 000,240,640 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2011-05-23 08:46:30 | 000,645,632 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2011-03-03 12:39:56 | 000,109,568 | ---- | C] () – C:\WINDOWS\System32\avi.dll

[2011-03-03 12:38:10 | 000,097,792 | ---- | C] () – C:\WINDOWS\System32\avs.dll

[2011-03-03 12:37:50 | 000,093,184 | ---- | C] () – C:\WINDOWS\System32\avss.dll

========== ZeroAccess Check ==========

[2012-06-14 20:43:00 | 000,000,227 | RHS- | M] () – C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

“” = %SystemRoot%\system32\shdocvw.dll – [2012-04-20 20:30:26 | 001,510,400 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\fastprox.dll – [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\wbemess.dll – [2008-04-14 18:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:0B4227B4

< End of report >

#6

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

W OTL kliknij CleanUp (Sprzątanie)

Wyłącz i włącz przywracanie systemu na wszystkich dyskach http://support.microsoft.com/kb/310405/pl

przeskanuj

Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html

:slight_smile: