Jak usunąć My Security Shield

mam tego wirusa. Zainstalowałam program OTL.

Po restarcie kompa mam to:

All processes killed

========== OTL ==========

Error: No service named VcommMgr was found to stop!

Service\Driver key VcommMgr not found.

File C:\WINDOWS\System32\Drivers\VcommMgr.sys not found.

Error: No service named VComm was found to stop!

Service\Driver key VComm not found.

File C:\WINDOWS\System32\DRIVERS\VComm.sys not found.

Error: No service named BT was found to stop!

Service\Driver key BT not found.

File C:\WINDOWS\System32\DRIVERS\btnetdrv.sys not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{53707962-6F74-2D53-2644-206D7942484F}\ not found.

File C:\Documents and Settings\Karolinka\Dane aplikacji\gbvfq.exe not found.

File C:\Documents and Settings\Karolinka\Dane aplikacji\iwe.exe not found.

========== FILES ==========

File\Folder C:\Documents and Settings\Karolinka\Ustawienia lokalne\Dane aplikacji\yhczkwh.exe not found.

File\Folder C:\Documents and Settings\Karolinka\Dane aplikacji\gbvfq.exe not found.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1008 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dc257 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dc2 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dc140 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dc129 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dc112 folder moved successfully.

C:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007 folder moved successfully.

C:\RECYCLER\S-1-5-21-3081841943-3916186032-3791672426-500 folder moved successfully.

C:\RECYCLER\S-1-5-21-2727269739-190730117-3905773200-500 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1008 folder moved successfully.

D:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dd9\Antywirus ESET folder moved successfully.

D:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dd9 folder moved successfully.

D:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007\Dd12 folder moved successfully.

D:\RECYCLER\S-1-5-21-3154695236-1103068012-2772224049-1007 folder moved successfully.

D:\RECYCLER folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: bogun_2

->Temp folder emptied: 68274422 bytes

->Temporary Internet Files folder emptied: 2736566 bytes

->Flash cache emptied: 741 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: tbalakier

->Temp folder emptied: 150697365 bytes

->Temporary Internet Files folder emptied: 261032941 bytes

->Java cache emptied: 14 bytes

->Flash cache emptied: 7672 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39138 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 557810 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 461,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.2 log created on 12302010_110048

Files\Folders moved on Reboot…

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DF4A69.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFAC35.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFADE8.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFB150.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFB25A.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFB58F.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFB6A2.tmp not found!

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.Word~WRS{84448370-F29F-40AA-9F3E-E1F8DED93749}.tmp moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SJXDYXJO\ads[3].htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SJXDYXJO\ads[7].htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SJXDYXJO\favicon[1].ico moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SJXDYXJO\favicon[2].ico moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SJXDYXJO\OTL[2].html moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R831C58U\ads[1].htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R831C58U\favicon[1].ico moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R831C58U\favicon[2].ico moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R831C58U\jak-usunac-security-shield-t427918[1].html moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\L5YBBY2E\ads[2].htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File\Folder C:\WINDOWS\temp\cch~72d5b9c0b.htp not found!

File\Folder C:\WINDOWS\temp\cch~72d5ba271.htp not found!

File\Folder C:\WINDOWS\temp\cch~72dbe3023.htp not found!

File\Folder C:\WINDOWS\temp\cch~72dbe36ac.htp not found!

File\Folder C:\WINDOWS\temp\cch~72dd9505d.htp not found!

File\Folder C:\WINDOWS\temp\cch~72dd956e5.htp not found!

File\Folder C:\WINDOWS\temp\cch~73692d282.htp not found!

File\Folder C:\WINDOWS\temp\cch~73692d8bc.htp not found!

File\Folder C:\WINDOWS\temp\cch~73f22438c.htp not found!

File\Folder C:\WINDOWS\temp\cch~73f224a08.htp not found!

Registry entries deleted on Reboot…

To jest raport po restarcie.

– Dodane 30.12.2010 (Cz) 12:19 –

To jest raport po skanowaniu:

OTL logfile created on: 2010-12-30 12:15:14 - Run 2

OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\tbalakier\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,00 Gb Total Space | 20,59 Gb Free Space | 51,47% Space Free | Partition Type: NTFS

Drive D: | 109,05 Gb Total Space | 108,23 Gb Free Space | 99,25% Space Free | Partition Type: NTFS

Computer Name: LZR-BALAKIER | User Name: balakier | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-30 11:00:00 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

PRC - [2010-12-28 15:02:16 | 000,268,800 | ---- | M] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\hxrwajxk.exe

PRC - [2009-11-10 11:23:06 | 000,198,160 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009-05-19 13:34:13 | 000,231,952 | ---- | M] (Kaspersky Lab) – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

PRC - [2009-04-23 05:48:54 | 007,418,368 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009-04-23 05:47:00 | 007,424,000 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008-10-15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) – C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2008-04-04 16:09:56 | 001,044,480 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2008-03-24 12:43:16 | 000,884,736 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

PRC - [2007-11-27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) – C:\Program Files\ActivIdentity\ActivClient\accoca.exe

PRC - [2007-11-27 16:42:12 | 000,093,736 | ---- | M] (ActivIdentity) – C:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2007-11-27 16:40:42 | 000,298,536 | ---- | M] (ActivIdentity) – C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

========== Modules (SafeList) ==========

MOD - [2010-12-30 11:00:00 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – C:\WINDOWS\System32\hidserv.dll – (HidServ)

SRV - File not found [Auto | Stopped] – C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\004019~1.EXE – (0040191242214943mcinstcleanup) McAfee Application Installer Cleanup (0040191242214943)

SRV - [2010-11-23 13:59:57 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2009-05-19 13:34:13 | 000,231,952 | ---- | M] (Kaspersky Lab) [Auto | Running] – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe – (AVP)

SRV - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU)

SRV - [2008-10-15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] – C:\Program Files\RealVNC\VNC4\WinVNC4.exe – (WinVNC4)

SRV - [2007-11-27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] – C:\Program Files\ActivIdentity\ActivClient\accoca.exe – (accoca)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\SMINST\VirtDisk.sys – (VirtDisk)

DRV - [2010-11-23 14:01:22 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rockey4.sys – (ROCKEYNT)

DRV - [2009-05-19 13:34:13 | 000,201,504 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\klif.sys – (klif)

DRV - [2009-05-19 13:34:13 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\kl1.sys – (kl1)

DRV - [2008-12-04 13:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\System32\DRIVERS\iaStor.sys – (iaStor)

DRV - [2008-07-19 11:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HECI.sys – (HECI) Intel®

DRV - [2008-06-27 09:46:48 | 006,023,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)

DRV - [2008-06-05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\e1k5132.sys – (e1kexpress) Intel®

DRV - [2008-05-23 15:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\iqvw32.sys – (NAL)

DRV - [2008-05-13 15:33:20 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ADIHdAud.sys – (ADIHdAudAddService)

DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2008-03-28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\sfaudio.sys – (SFAUDIO)

DRV - [2007-12-18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ifxtpm.sys – (IFXTPM)

DRV - [2007-05-30 17:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\klim5.sys – (klim5)

DRV - [2004-08-04 01:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wVchNTxx.sys – (iAimFP4)

DRV - [2004-08-04 01:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wSiINTxx.sys – (iAimFP3)

DRV - [2004-08-04 01:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV10nt.sys – (iAimTV5)

DRV - [2004-08-04 01:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wCh7xxNT.sys – (iAimTV4)

DRV - [2004-08-04 01:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV06nt.sys – (iAimTV6)

DRV - [2004-08-04 01:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV04nt.sys – (iAimTV3)

DRV - [2004-08-04 01:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV02NT.sys – (iAimTV1)

DRV - [2004-08-04 01:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV01nt.sys – (iAimTV0)

DRV - [2004-08-04 01:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV09NT.sys – (iAimFP7)

DRV - [2004-08-04 01:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV07nt.sys – (iAimFP5)

DRV - [2004-08-04 01:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV08NT.sys – (iAimFP6)

DRV - [2004-08-04 01:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\i81xnt5.sys – (i81x)

DRV - [2004-08-04 01:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV01nt.sys – (iAimFP0)

DRV - [2004-08-04 01:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV02NT.sys – (iAimFP1)

DRV - [2004-08-04 01:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV05NT.sys – (iAimFP2)

DRV - [2002-05-09 01:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\adpu320.sys – (adpu320)

DRV - [2002-04-04 06:32:06 | 000,028,416 | R— | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symmpi.sys – (Symmpi)

DRV - [2002-01-08 09:41:00 | 000,020,546 | R— | M] (Thomson Multimedia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\netrcacm.sys – (netrcacm)

DRV - [2001-08-18 06:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_u3.sys – (sym_u3)

DRV - [2001-08-18 06:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_hi.sys – (sym_hi)

DRV - [2001-08-18 06:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc8xx.sys – (symc8xx)

DRV - [2001-08-18 06:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc810.sys – (symc810)

DRV - [2001-08-17 23:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ac97intc.sys – (ac97intc) Usługa instalacyjna sterownika audio Intel® 82801 (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = 172.23.14.162;172.23.14.188

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = proxy.pkp.com.pl:8080

O1 HOSTS File: ([2010-12-30 11:11:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\tbalakier\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM…\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O4 - HKLM…\Run: [] File not found

O4 - HKLM…\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM…\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)

O4 - HKLM…\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - Startup: C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()

O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup … 2805027062 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)

O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2{fa258bce-cf56-11de-8f44-00237d2f789c}\Shell - “” = AutoRun

O33 - MountPoints2{fa258bce-cf56-11de-8f44-00237d2f789c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[7740-05-16 17:58:00 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Dane aplikacji\OpenOffice.org

[2029-06-06 02:27:46 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Adobe

[2029-06-06 02:27:46 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Dane aplikacji\Adobe

[2029-06-06 00:39:15 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Identities

[2029-06-06 00:30:13 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\TOSHIBA

[2010-12-30 11:11:30 | 000,000,000 | -HSD | C] – C:\RECYCLER

[2010-12-30 11:00:48 | 000,000,000 | —D | C] – C:_OTL

[2010-12-30 10:59:53 | 000,602,624 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

[2010-12-29 18:17:07 | 000,020,546 | R— | C] (Thomson Multimedia) – C:\WINDOWS\System32\drivers\netrcacm.sys

[2010-12-21 08:49:34 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Pulpit\Zdjęcia z pożaru

[2010-12-01 10:46:59 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Pulpit\Pożar

========== Files - Modified Within 30 Days ==========

[7740-05-16 17:58:30 | 000,000,864 | ---- | M] () – C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk

[2029-06-06 02:34:29 | 000,000,576 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.lnk

[2029-06-06 02:33:53 | 000,000,378 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Skrót do Natalia Dokumenty.lnk

[2029-06-06 00:28:21 | 000,000,738 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Outlook Express.lnk

[2010-12-30 12:16:49 | 031,761,440 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox.dat

[2010-12-30 12:03:06 | 001,556,000 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox2.dat

[2010-12-30 11:52:03 | 000,001,158 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-12-30 11:51:44 | 000,001,032 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-12-30 11:51:35 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-12-30 11:51:34 | 2090,139,648 | -HS- | M] () – C:\hiberfil.sys

[2010-12-30 11:51:04 | 000,431,288 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox.idx

[2010-12-30 11:51:04 | 000,154,184 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox2.idx

[2010-12-30 11:30:00 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-12-30 11:11:30 | 000,000,098 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\Hosts

[2010-12-30 11:00:55 | 000,500,302 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2010-12-30 11:00:55 | 000,441,260 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2010-12-30 11:00:55 | 000,088,838 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2010-12-30 11:00:55 | 000,071,196 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2010-12-30 11:00:00 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

[2010-12-30 09:52:06 | 027,190,553 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik .pdf

[2010-12-29 21:23:08 | 000,000,118 | ---- | M] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\LZR-BALAKIER.cfg

[2010-12-29 20:47:53 | 000,001,503 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk

[2010-12-29 20:42:41 | 000,295,664 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2010-12-29 20:35:18 | 000,001,393 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2010-12-29 13:47:53 | 000,493,490 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik drukarki.pdf

[2010-12-28 15:02:16 | 000,268,800 | ---- | M] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\hxrwajxk.exe

[2010-12-28 14:13:28 | 012,639,046 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Do wystawienia faktur.pdf

[2010-12-28 12:05:10 | 001,214,527 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pranie odzieży roboczej.pdf

[2010-12-28 12:00:45 | 000,114,243 | ---- | M] () – C:\WINDOWS\System32\drivers\klin.dat

[2010-12-28 12:00:45 | 000,097,859 | ---- | M] () – C:\WINDOWS\System32\drivers\klick.dat

[2010-12-27 15:07:36 | 002,273,499 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\wniosek.pdf

[2010-12-27 10:42:43 | 000,421,876 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Oksimowicz.pdf

[2010-12-27 10:37:25 | 008,120,757 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Lista obecności.pdf

[2010-12-23 13:29:18 | 000,520,734 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura poprawiona.pdf

[2010-12-23 12:21:35 | 000,727,693 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pomieszczenia do sprzątania.pdf

[2010-12-23 11:34:59 | 001,398,596 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura.pdf

[2010-12-23 11:34:47 | 003,108,496 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Janusz.pdf

[2010-12-23 10:25:26 | 002,486,023 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Poprawione zlecenia.pdf

[2010-12-22 08:40:59 | 000,824,444 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\2.pdf

[2010-12-22 08:40:51 | 001,012,269 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\1.pdf

[2010-12-21 15:39:47 | 000,431,931 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Podanie.pdf

[2010-12-21 15:25:50 | 000,390,866 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Zaświadczenie Zaprucki W…pdf

[2010-12-21 13:49:55 | 000,010,752 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Lista pracowników do egzaminu SEP.xls

[2010-12-21 13:32:57 | 000,424,081 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Zaprucki Wacław.pdf

[2010-12-21 12:11:33 | 009,383,870 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\żubr.docx

[2010-12-14 15:45:55 | 000,015,872 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Planowe PLK Białystok 26.11.2010.xls

[2010-12-13 11:36:36 | 000,012,427 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Koszty usuwania skutków pożaru w Białymstoku w dniu 08.docx

[2010-12-02 12:06:58 | 000,011,264 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Bony 2010.xls

[2010-12-02 08:58:52 | 000,291,840 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.doc

[2010-12-02 08:55:57 | 000,291,840 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Logo TK Telekom.doc

[2010-12-01 12:36:41 | 024,671,116 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pulpit.zip

[2010-12-01 12:33:54 | 000,000,676 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pożar w Białymstoku do gazetki.lnk

========== Files Created - No Company Name ==========

[7740-05-16 17:58:30 | 000,000,864 | ---- | C] () – C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk

[2029-06-06 02:34:29 | 000,000,576 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.lnk

[2029-06-06 02:33:53 | 000,000,378 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Skrót do Natalia Dokumenty.lnk

[2029-06-06 00:28:21 | 000,000,738 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Outlook Express.lnk

[2010-12-30 09:51:52 | 027,190,553 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik .pdf

[2010-12-29 21:23:08 | 000,000,118 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\LZR-BALAKIER.cfg

[2010-12-29 20:47:53 | 000,001,503 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk

[2010-12-29 18:25:14 | 000,001,036 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-12-29 18:25:14 | 000,001,032 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-12-29 13:47:53 | 000,493,490 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik drukarki.pdf

[2010-12-28 15:02:16 | 000,268,800 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\hxrwajxk.exe

[2010-12-28 14:13:20 | 012,639,046 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Do wystawienia faktur.pdf

[2010-12-28 12:05:10 | 001,214,527 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pranie odzieży roboczej.pdf

[2010-12-27 15:07:35 | 002,273,499 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\wniosek.pdf

[2010-12-27 10:42:43 | 000,421,876 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Oksimowicz.pdf

[2010-12-27 10:37:22 | 008,120,757 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Lista obecności.pdf

[2010-12-23 13:29:18 | 000,520,734 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura poprawiona.pdf

[2010-12-23 12:21:35 | 000,727,693 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pomieszczenia do sprzątania.pdf

[2010-12-23 11:34:58 | 001,398,596 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura.pdf

[2010-12-23 11:34:46 | 003,108,496 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Janusz.pdf

[2010-12-23 10:25:25 | 002,486,023 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Poprawione zlecenia.pdf

[2010-12-22 08:40:59 | 000,824,444 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\2.pdf

[2010-12-22 08:40:51 | 001,012,269 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\1.pdf

[2010-12-21 15:39:47 | 000,431,931 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Podanie.pdf

[2010-12-21 15:25:50 | 000,390,866 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Zaświadczenie Zaprucki W…pdf

[2010-12-21 13:32:57 | 000,424,081 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Zaprucki Wacław.pdf

[2010-12-21 13:19:21 | 000,010,752 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Lista pracowników do egzaminu SEP.xls

[2010-12-21 11:10:59 | 009,383,870 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\żubr.docx

[2010-12-13 11:36:35 | 000,012,427 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Koszty usuwania skutków pożaru w Białymstoku w dniu 08.docx

[2010-12-02 08:58:51 | 000,291,840 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.doc

[2010-12-01 12:36:38 | 024,671,116 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pulpit.zip

[2010-12-01 12:36:09 | 000,000,676 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pożar w Białymstoku do gazetki.lnk

[2010-11-23 14:01:22 | 000,004,096 | ---- | C] () – C:\WINDOWS\System32\Ry4CoInst.dll

[2010-05-19 06:54:20 | 000,003,584 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-10 07:36:06 | 000,112,688 | ---- | C] () – C:\WINDOWS\System32\shw32.dll

[2009-11-10 13:19:30 | 000,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-11-10 13:19:30 | 000,000,063 | ---- | C] () – C:\WINDOWS\mdm.ini

[2009-11-10 13:19:19 | 000,000,000 | ---- | C] () – C:\WINDOWS\NSREX.INI

[2009-11-09 14:28:35 | 000,303,104 | ---- | C] () – C:\WINDOWS\System32\eST3snm.dll

[2009-07-08 08:29:14 | 000,000,138 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-07-08 08:29:14 | 000,000,051 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\setup.txt

[2009-05-12 20:57:33 | 000,147,456 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4964.dll

[2009-05-12 20:28:22 | 000,000,835 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini

[2009-05-12 12:26:05 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini

[2007-11-27 16:41:06 | 000,114,688 | ---- | C] () – C:\WINDOWS\System32\aicext.dll

[2006-05-05 00:39:16 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[2005-04-03 23:30:00 | 000,110,592 | ---- | C] () – C:\WINDOWS\System32\scardsyn.dll

[1999-01-22 16:46:58 | 000,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

[1998-05-07 04:10:00 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010-04-29 10:07:18 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-11-05 12:03:53 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\Canneverbe_Limited

[2010-11-23 14:06:22 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\gtk-2.0

[2009-11-09 12:41:41 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\Nowe Gadu-Gadu

[2010-04-29 10:07:15 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\OpenFM

[7740-05-16 17:58:00 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\OpenOffice.org

[2010-04-29 07:41:41 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\TeamViewer

[2010-08-02 07:48:13 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\Wireshark

[2010-11-23 14:03:11 | 000,000,000 | —D | M] – C:\Documents and Settings\tbalakier\Dane aplikacji\ZWSoft

========== Purity Check ==========

< End of report >

A co dalej?

http://technetblog.pl/index.php/2010/12 … ty-shield/

Logi wklej na www.wklej.org a w poście podaj linka do wklejki

W okno Własne opcje skanowania / skrypt w OTL wklej:

Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania na forum

Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.

restart

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ not found.

========== FILES ==========

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\hxrwajxk.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: bogun_2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: tbalakier

->Temp folder emptied: 153088 bytes

->Temporary Internet Files folder emptied: 1574600 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb

OTL by OldTimer - Version 3.2.18.2 log created on 12302010_182836

Files\Folders moved on Reboot…

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCBBE.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCBC9.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCC58.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCC63.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCDEC.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DFCDF7.tmp not found!

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IF7S7YYS\adsCAMPFX30.htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IF7S7YYS\jak-usunac-security-shield-t427918[1].html moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IF7S7YYS\jak-usunac-security-shield-t428871[2].html moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D17H5KHG\adsCANDB36V.htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D17H5KHG\adsCAT3C7RY.htm moved successfully.

C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DF5A27.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DF5FDF.tmp not found!

File\Folder C:\Documents and Settings\tbalakier\Ustawienia lokalne\Temp~DF782C.tmp not found!

Registry entries deleted on Reboot…

Dodane 30.12.2010 (Cz) 18:35

po skanowaniu:

OTL logfile created on: 2010-12-30 18:32:06 - Run 1

OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\tbalakier\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,00 Gb Total Space | 21,26 Gb Free Space | 53,14% Space Free | Partition Type: NTFS

Drive D: | 109,05 Gb Total Space | 108,23 Gb Free Space | 99,25% Space Free | Partition Type: NTFS

Computer Name: LZR-BALAKIER | User Name: balakier | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-30 18:25:52 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

PRC - [2009-05-19 13:34:13 | 000,231,952 | ---- | M] (Kaspersky Lab) – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

PRC - [2009-04-23 05:48:54 | 007,418,368 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009-04-23 05:47:00 | 007,424,000 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008-10-15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) – C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-11-27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) – C:\Program Files\ActivIdentity\ActivClient\accoca.exe

PRC - [2007-11-27 16:42:12 | 000,093,736 | ---- | M] (ActivIdentity) – C:\Program Files\ActivIdentity\ActivClient\acevents.exe

========== Modules (SafeList) ==========

MOD - [2010-12-30 18:25:52 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – C:\WINDOWS\System32\hidserv.dll – (HidServ)

SRV - File not found [Auto | Stopped] – C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\004019~1.EXE – (0040191242214943mcinstcleanup) McAfee Application Installer Cleanup (0040191242214943)

SRV - [2010-11-23 13:59:57 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2009-05-19 13:34:13 | 000,231,952 | ---- | M] (Kaspersky Lab) [Auto | Running] – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe – (AVP)

SRV - [2008-10-20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU)

SRV - [2008-10-15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] – C:\Program Files\RealVNC\VNC4\WinVNC4.exe – (WinVNC4)

SRV - [2007-11-27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] – C:\Program Files\ActivIdentity\ActivClient\accoca.exe – (accoca)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\SMINST\VirtDisk.sys – (VirtDisk)

DRV - [2010-11-23 14:01:22 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rockey4.sys – (ROCKEYNT)

DRV - [2009-05-19 13:34:13 | 000,201,504 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\klif.sys – (klif)

DRV - [2009-05-19 13:34:13 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\kl1.sys – (kl1)

DRV - [2008-12-04 13:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\System32\DRIVERS\iaStor.sys – (iaStor)

DRV - [2008-07-19 11:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HECI.sys – (HECI) Intel®

DRV - [2008-06-27 09:46:48 | 006,023,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)

DRV - [2008-06-05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\e1k5132.sys – (e1kexpress) Intel®

DRV - [2008-05-23 15:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\iqvw32.sys – (NAL)

DRV - [2008-05-13 15:33:20 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ADIHdAud.sys – (ADIHdAudAddService)

DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2008-03-28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\sfaudio.sys – (SFAUDIO)

DRV - [2007-12-18 10:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ifxtpm.sys – (IFXTPM)

DRV - [2007-05-30 17:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\klim5.sys – (klim5)

DRV - [2004-08-04 01:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wVchNTxx.sys – (iAimFP4)

DRV - [2004-08-04 01:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wSiINTxx.sys – (iAimFP3)

DRV - [2004-08-04 01:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV10nt.sys – (iAimTV5)

DRV - [2004-08-04 01:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wCh7xxNT.sys – (iAimTV4)

DRV - [2004-08-04 01:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV06nt.sys – (iAimTV6)

DRV - [2004-08-04 01:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV04nt.sys – (iAimTV3)

DRV - [2004-08-04 01:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV02NT.sys – (iAimTV1)

DRV - [2004-08-04 01:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wATV01nt.sys – (iAimTV0)

DRV - [2004-08-04 01:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV09NT.sys – (iAimFP7)

DRV - [2004-08-04 01:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV07nt.sys – (iAimFP5)

DRV - [2004-08-04 01:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV08NT.sys – (iAimFP6)

DRV - [2004-08-04 01:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\i81xnt5.sys – (i81x)

DRV - [2004-08-04 01:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV01nt.sys – (iAimFP0)

DRV - [2004-08-04 01:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV02NT.sys – (iAimFP1)

DRV - [2004-08-04 01:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wADV05NT.sys – (iAimFP2)

DRV - [2002-05-09 01:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\adpu320.sys – (adpu320)

DRV - [2002-04-04 06:32:06 | 000,028,416 | R— | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symmpi.sys – (Symmpi)

DRV - [2002-01-08 09:41:00 | 000,020,546 | R— | M] (Thomson Multimedia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\netrcacm.sys – (netrcacm)

DRV - [2001-08-18 06:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_u3.sys – (sym_u3)

DRV - [2001-08-18 06:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_hi.sys – (sym_hi)

DRV - [2001-08-18 06:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc8xx.sys – (symc8xx)

DRV - [2001-08-18 06:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc810.sys – (symc810)

DRV - [2001-08-17 23:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ac97intc.sys – (ac97intc) Usługa instalacyjna sterownika audio Intel® 82801 (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = 172.23.14.162;172.23.14.188

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = proxy.pkp.com.pl:8080

O1 HOSTS File: ([2010-12-30 11:11:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\tbalakier\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll (GG Network S.A.)

O4 - HKLM…\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)

O4 - Startup: C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()

O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup … 2805027062 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)

O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2{fa258bce-cf56-11de-8f44-00237d2f789c}\Shell - “” = AutoRun

O33 - MountPoints2{fa258bce-cf56-11de-8f44-00237d2f789c}\Shell\AutoRun\command - “” = F:\LaunchU3.exe – File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[7740-05-16 17:58:00 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Dane aplikacji\OpenOffice.org

[2029-06-06 02:27:46 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Adobe

[2029-06-06 02:27:46 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Dane aplikacji\Adobe

[2029-06-06 00:39:15 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\Identities

[2029-06-06 00:30:13 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\TOSHIBA

[2029-06-01 01:00:13 | 000,026,368 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\usbstor.sys

[2010-12-30 18:26:33 | 000,000,000 | —D | C] – C:_OTL

[2010-12-30 18:25:52 | 000,602,624 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

[2010-12-30 14:27:01 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Dane aplikacji\Malwarebytes

[2010-12-30 14:26:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-12-30 14:26:56 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-12-30 14:26:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys

[2010-12-30 14:26:52 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware

[2010-12-30 14:25:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\tbalakier\Pulpit\mbam-setup-1.50.1.1100(dobreprogramy.pl).exe

[2010-12-30 11:11:30 | 000,000,000 | -HSD | C] – C:\RECYCLER

[2010-12-29 19:17:32 | 000,954,368 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mfc40.dll

[2010-12-29 19:17:31 | 000,974,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mfc42.dll

[2010-12-29 19:17:31 | 000,953,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010-12-29 19:15:56 | 000,617,472 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\comctl32.dll

[2010-12-29 19:14:09 | 000,744,448 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010-12-29 19:14:05 | 000,471,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\aclayers.dll

[2010-12-29 19:13:42 | 000,602,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010-12-29 19:13:41 | 000,055,296 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010-12-29 19:13:36 | 000,743,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010-12-29 19:13:07 | 000,040,960 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010-12-29 19:10:04 | 000,293,376 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\browserchoice.exe

[2010-12-29 19:08:31 | 003,558,912 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\moviemk.exe

[2010-12-29 18:44:23 | 000,045,568 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wab.exe

[2010-12-29 18:17:07 | 000,020,546 | R— | C] (Thomson Multimedia) – C:\WINDOWS\System32\drivers\netrcacm.sys

[2010-12-21 08:49:34 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Pulpit\Zdjęcia z pożaru

[2010-12-01 10:46:59 | 000,000,000 | —D | C] – C:\Documents and Settings\tbalakier\Pulpit\Pożar

========== Files - Modified Within 30 Days ==========

[7740-05-16 17:58:30 | 000,000,864 | ---- | M] () – C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk

[2029-06-06 02:34:29 | 000,000,576 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.lnk

[2029-06-06 02:33:53 | 000,000,378 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Skrót do Natalia Dokumenty.lnk

[2029-06-06 00:28:21 | 000,000,738 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Outlook Express.lnk

[2010-12-30 18:32:19 | 031,903,008 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox.dat

[2010-12-30 18:31:44 | 001,561,632 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox2.dat

[2010-12-30 18:30:00 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-12-30 18:30:00 | 000,001,032 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-12-30 18:29:59 | 000,001,158 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-12-30 18:29:39 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-12-30 18:29:38 | 2090,139,648 | -HS- | M] () – C:\hiberfil.sys

[2010-12-30 18:29:03 | 000,433,400 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox.idx

[2010-12-30 18:29:03 | 000,154,760 | -HS- | M] () – C:\WINDOWS\System32\drivers\fidbox2.idx

[2010-12-30 18:25:52 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\tbalakier\Pulpit\OTL.exe

[2010-12-30 14:26:57 | 000,000,784 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Malwarebytes’ Anti-Malware.lnk

[2010-12-30 14:25:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\tbalakier\Pulpit\mbam-setup-1.50.1.1100(dobreprogramy.pl).exe

[2010-12-30 12:25:05 | 000,295,664 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2010-12-30 11:11:30 | 000,000,098 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\Hosts

[2010-12-30 11:00:55 | 000,500,302 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2010-12-30 11:00:55 | 000,441,260 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2010-12-30 11:00:55 | 000,088,838 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2010-12-30 11:00:55 | 000,071,196 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2010-12-30 09:52:06 | 027,190,553 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik .pdf

[2010-12-29 21:23:08 | 000,000,118 | ---- | M] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\LZR-BALAKIER.cfg

[2010-12-29 20:47:53 | 000,001,503 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk

[2010-12-29 20:35:18 | 000,001,393 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2010-12-29 13:47:53 | 000,493,490 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik drukarki.pdf

[2010-12-28 14:13:28 | 012,639,046 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Do wystawienia faktur.pdf

[2010-12-28 12:05:10 | 001,214,527 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pranie odzieży roboczej.pdf

[2010-12-28 12:00:45 | 000,114,243 | ---- | M] () – C:\WINDOWS\System32\drivers\klin.dat

[2010-12-28 12:00:45 | 000,097,859 | ---- | M] () – C:\WINDOWS\System32\drivers\klick.dat

[2010-12-27 15:07:36 | 002,273,499 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\wniosek.pdf

[2010-12-27 10:42:43 | 000,421,876 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Oksimowicz.pdf

[2010-12-27 10:37:25 | 008,120,757 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Lista obecności.pdf

[2010-12-23 13:29:18 | 000,520,734 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura poprawiona.pdf

[2010-12-23 12:21:35 | 000,727,693 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pomieszczenia do sprzątania.pdf

[2010-12-23 11:34:59 | 001,398,596 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura.pdf

[2010-12-23 11:34:47 | 003,108,496 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Janusz.pdf

[2010-12-23 10:25:26 | 002,486,023 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Poprawione zlecenia.pdf

[2010-12-22 08:40:59 | 000,824,444 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\2.pdf

[2010-12-22 08:40:51 | 001,012,269 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\1.pdf

[2010-12-21 15:39:47 | 000,431,931 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Podanie.pdf

[2010-12-21 15:25:50 | 000,390,866 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Zaświadczenie Zaprucki W…pdf

[2010-12-21 13:49:55 | 000,010,752 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Lista pracowników do egzaminu SEP.xls

[2010-12-21 13:32:57 | 000,424,081 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Zaprucki Wacław.pdf

[2010-12-21 12:11:33 | 009,383,870 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\żubr.docx

[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys

[2010-12-14 15:45:55 | 000,015,872 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Planowe PLK Białystok 26.11.2010.xls

[2010-12-13 11:36:36 | 000,012,427 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Koszty usuwania skutków pożaru w Białymstoku w dniu 08.docx

[2010-12-02 12:06:58 | 000,011,264 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Bony 2010.xls

[2010-12-02 08:58:52 | 000,291,840 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.doc

[2010-12-02 08:55:57 | 000,291,840 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Logo TK Telekom.doc

[2010-12-01 12:36:41 | 024,671,116 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pulpit.zip

[2010-12-01 12:33:54 | 000,000,676 | ---- | M] () – C:\Documents and Settings\tbalakier\Pulpit\Pożar w Białymstoku do gazetki.lnk

========== Files Created - No Company Name ==========

[7740-05-16 17:58:30 | 000,000,864 | ---- | C] () – C:\Documents and Settings\tbalakier\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk

[2029-06-06 02:34:29 | 000,000,576 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.lnk

[2029-06-06 02:33:53 | 000,000,378 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Skrót do Natalia Dokumenty.lnk

[2029-06-06 00:28:21 | 000,000,738 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Outlook Express.lnk

[2010-12-30 14:26:57 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Malwarebytes’ Anti-Malware.lnk

[2010-12-30 09:51:52 | 027,190,553 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik .pdf

[2010-12-29 21:23:08 | 000,000,118 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\LZR-BALAKIER.cfg

[2010-12-29 20:47:53 | 000,001,503 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk

[2010-12-29 18:25:14 | 000,001,036 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-12-29 18:25:14 | 000,001,032 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-12-29 13:47:53 | 000,493,490 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Licznik drukarki.pdf

[2010-12-28 14:13:20 | 012,639,046 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Do wystawienia faktur.pdf

[2010-12-28 12:05:10 | 001,214,527 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pranie odzieży roboczej.pdf

[2010-12-27 15:07:35 | 002,273,499 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\wniosek.pdf

[2010-12-27 10:42:43 | 000,421,876 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Oksimowicz.pdf

[2010-12-27 10:37:22 | 008,120,757 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Lista obecności.pdf

[2010-12-23 13:29:18 | 000,520,734 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura poprawiona.pdf

[2010-12-23 12:21:35 | 000,727,693 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pomieszczenia do sprzątania.pdf

[2010-12-23 11:34:58 | 001,398,596 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Faktura.pdf

[2010-12-23 11:34:46 | 003,108,496 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Janusz.pdf

[2010-12-23 10:25:25 | 002,486,023 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Poprawione zlecenia.pdf

[2010-12-22 08:40:59 | 000,824,444 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\2.pdf

[2010-12-22 08:40:51 | 001,012,269 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\1.pdf

[2010-12-21 15:39:47 | 000,431,931 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Podanie.pdf

[2010-12-21 15:25:50 | 000,390,866 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Zaświadczenie Zaprucki W…pdf

[2010-12-21 13:32:57 | 000,424,081 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Zaprucki Wacław.pdf

[2010-12-21 13:19:21 | 000,010,752 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Lista pracowników do egzaminu SEP.xls

[2010-12-21 11:10:59 | 009,383,870 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\żubr.docx

[2010-12-13 11:36:35 | 000,012,427 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Koszty usuwania skutków pożaru w Białymstoku w dniu 08.docx

[2010-12-02 08:58:51 | 000,291,840 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\LOGO.doc

[2010-12-01 12:36:38 | 024,671,116 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pulpit.zip

[2010-12-01 12:36:09 | 000,000,676 | ---- | C] () – C:\Documents and Settings\tbalakier\Pulpit\Pożar w Białymstoku do gazetki.lnk

[2010-11-23 14:01:22 | 000,004,096 | ---- | C] () – C:\WINDOWS\System32\Ry4CoInst.dll

[2010-05-19 06:54:20 | 000,003,584 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-10 07:36:06 | 000,112,688 | ---- | C] () – C:\WINDOWS\System32\shw32.dll

[2009-11-10 13:19:30 | 000,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-11-10 13:19:30 | 000,000,063 | ---- | C] () – C:\WINDOWS\mdm.ini

[2009-11-10 13:19:19 | 000,000,000 | ---- | C] () – C:\WINDOWS\NSREX.INI

[2009-11-09 14:28:35 | 000,303,104 | ---- | C] () – C:\WINDOWS\System32\eST3snm.dll

[2009-07-08 08:29:14 | 000,000,138 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-07-08 08:29:14 | 000,000,051 | ---- | C] () – C:\Documents and Settings\tbalakier\Ustawienia lokalne\Dane aplikacji\setup.txt

[2009-05-12 20:57:33 | 000,147,456 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4964.dll

[2009-05-12 20:28:22 | 000,000,835 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini

[2009-05-12 12:26:05 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini

[2007-11-27 16:41:06 | 000,114,688 | ---- | C] () – C:\WINDOWS\System32\aicext.dll

[2006-05-05 00:39:16 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[2005-04-03 23:30:00 | 000,110,592 | ---- | C] () – C:\WINDOWS\System32\scardsyn.dll

[1999-01-22 16:46:58 | 000,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

[1998-05-07 04:10:00 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\ODMA32.dll

< End of report >

Uruchom OTL klikasz Sprzątanie

Pobierz Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Wykonaj pełne skanowanie Usuń co znajdzie podaj log na forum

Malwarebytes’ Anti-Malware 1.50.1.1100

www.malwarebytes.org

Wersja bazy: 5363

Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702

2010-12-31 14:41:51

mbam-log-2010-12-31 (14-41-51).txt

Typ skanowania: Pełne skanowanie (C:|D:|)

Przeskanowano obiektów: 206573

Upłynęło: 28 minut(y), 1 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

(Nie znaleziono zagrożeń)

Chyba udalo się! Slicznie dziękuję za pomoc :slight_smile: