Logi z Hijackthis najprawdopodobniej Keylogger

Dla specjalistów Bezpieczeństwo
#1

Witam dzisiaj sciagnolem keyloggera , jezeli jest to istotne moge podac strone

o to Logi

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:04:42, on 2009-06-26

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Tibia\Tibia.exe

C:\WINDOWS\smss.cmd

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”

O4 - HKLM…\Run: [C] C:\WINDOWS\SYSTEM32\kducc.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [systool] C:\WINDOWS\smss.cmd

O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM…\RunOnce: [spybot - Search & Destroy] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” /autocheck

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [steam] “c:\program files\valve\steam\steam.exe” -silent

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM…\Policies\Explorer\Run: [this] C:\Program Files\Web Technologies\wcs.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.adax.pl/witamy

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{635CDBDB-FD13-4620-90DB-7D222D79128D}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 8296 bytes

bardzo prosze o pomoc

#2

W HT usuń

Potem ctrl + alt + del i zabijasz smss.cmd , nie pomyl go z systemowym.

Usuń z dysku C:\WINDOWS\smss.cmd.

Potem wklej logi z OTL i gmer, bo jeszcze tego trochę jest a HijackThis pewnie nie wystarczy.

http://www.searchengines.pl/index.php?s … t&p=392369

http://www.gmer.net/

#3

Witam, wczoraj zrobilem przywracanie systemu z dnia poprzedniego przed sciagnieciem tego pliku i tak jak mi doradziles chcialem usunać ten plik

O4 - HKLM…\Run: [systool] C:\WINDOWS\smss.cmd

ale go juz tam nie ma , czy to moze byc tym spowodowane?

#4

To, że go nie ma to i lepiej. Ale chcę logi z programów które wymieniłem w poprzednim poście bo tutaj jeszcze coś jest. I nie baw się w przywracanie systemu dopóki nie skończymy usuwania.

#5

logi z gmer

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-27 11:20:31

Windows 5.1.2600 Dodatek Service Pack 3

---- System - GMER 1.0.15 ----

SSDT spur.sys ZwEnumerateKey [0xF72A5CA2]

SSDT spur.sys ZwEnumerateValueKey [0xF72A6030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86D6C1F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


logi z otl

OTL logfile created on: 2009-06-27 11:17:27 - Run 2

OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\MAREK\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,29 Mb Total Physical Memory | 608,88 Mb Available Physical Memory | 59,50% Memory free

2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,20% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,09 Gb Total Space | 246,82 Gb Free Space | 82,80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ALF

Current User Name: MAREK

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2008-08-16 09:23:55 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2009-05-19 21:56:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007-09-17 02:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007-10-16 19:30:10 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2002-06-06 11:15:14 | 00,861,184 | ---- | M] (THOMSON multimedia) -- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

PRC - [2002-12-09 18:24:28 | 00,045,056 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\TaskBarIcon.exe

PRC - [2005-10-26 16:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

PRC - [2005-06-06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

PRC - [2009-05-19 21:56:41 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2005-06-08 16:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

PRC - [2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2008-08-08 14:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2005-08-10 07:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe

PRC - [2006-02-24 11:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

PRC - [2003-03-18 18:18:36 | 00,450,560 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\EspaceWanadoo.exe

PRC - [2002-12-09 18:24:28 | 00,180,224 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\ComComp.exe

PRC - [2002-12-09 18:24:30 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\Watch.exe

PRC - [2008-11-10 11:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe

PRC - [2009-06-10 20:26:40 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\Steam.exe

PRC - [2009-06-27 10:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MAREK\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-08-16 09:23:55 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet\_state.exe -- (aspnet\_state [On\_Demand | Stopped])

SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr\_optimization\_v2.0.50727\_32 [On\_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On\_Demand | Stopped])

SRV - [2009-05-19 21:56:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-09-17 02:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On\_Demand | Stopped])

SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On\_Demand | Stopped])

SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On\_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002-06-06 11:14:32 | 00,053,168 | ---- | M] (THOMSON multimedia) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On\_Demand | Running])

DRV - [2003-01-06 13:28:00 | 00,743,136 | R--- | M] (THOMSON multimedia) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On\_Demand | Running])

DRV - [2006-09-19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On\_Demand | Running])

DRV - [2008-12-31 17:55:40 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On\_Demand | Stopped])

DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On\_Demand | Running])

DRV - [1998-09-25 10:55:24 | 00,052,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\HPFECP13.SYS -- (HPFECP13 [Auto | Running])

DRV - [2007-10-16 19:38:30 | 04,615,168 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On\_Demand | Running])

DRV - [2008-04-18 15:06:50 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510bus.sys -- (k510bus [On\_Demand | Stopped])

DRV - [2008-04-18 15:06:50 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdfl.sys -- (k510mdfl [On\_Demand | Stopped])

DRV - [2008-04-18 15:06:50 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdm.sys -- (k510mdm [On\_Demand | Stopped])

DRV - [2008-04-18 15:06:50 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mgmt.sys -- (k510mgmt [On\_Demand | Stopped])

DRV - [2008-04-18 15:06:50 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510obex.sys -- (k510obex [On\_Demand | Stopped])

DRV - [2007-09-17 02:07:00 | 06,853,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4\_mini.sys -- (nv [On\_Demand | Running])

DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On\_Demand | Running])

DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On\_Demand | Stopped])

DRV - [2007-04-14 16:28:58 | 00,094,592 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On\_Demand | Running])

DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2008-10-09 17:05:42 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2008-06-13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On\_Demand | Running])

DRV - [2008-08-24 23:06:01 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On\_Demand | Running])

DRV - [2008-06-13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On\_Demand | Running])

DRV - [2008-06-13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On\_Demand | Running])

DRV - [2008-06-13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On\_Demand | Stopped])

DRV - [2008-06-13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On\_Demand | Running])

DRV - [2008-06-13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On\_Demand | Running])

DRV - [2008-06-13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On\_Demand | Running])

DRV - [2008-06-13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default\_Page\_URL = [http://go.microsoft.com/fwlink/?LinkId=69157](http://go.microsoft.com/fwlink/?LinkId=69157)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default\_Search\_URL = [http://go.microsoft.com/fwlink/?LinkId=54896](http://go.microsoft.com/fwlink/?LinkId=54896)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default\_Secondary\_Page\_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [http://go.microsoft.com/fwlink/?LinkId=54896](http://go.microsoft.com/fwlink/?LinkId=54896)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [http://go.microsoft.com/fwlink/?LinkId=69157](http://go.microsoft.com/fwlink/?LinkId=69157)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [http://ie.search.msn.com/](http://ie.search.msn.com/){SUB\_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [http://www.google.com/ie](http://www.google.com/ie)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [http://www.google.com](http://www.google.com)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [http://www.daemon-search.com/startpage](http://www.daemon-search.com/startpage)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[http://www.google.pl](http://www.google.pl)"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: [jqs@sun.com](mailto:jqs@sun.com):1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-19 21:56:42 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-23 18:40:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-12 19:54:41 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-07-21 15:26:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MAREK\Dane aplikacji\mozilla\Extensions

[2008-07-21 15:26:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MAREK\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008-07-21 15:26:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MAREK\Dane aplikacji\mozilla\Firefox\Profiles\pldklwaf.default\extensions

[2008-10-09 17:08:57 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\MAREK\Dane aplikacji\Mozilla\FireFox\Profiles\pldklwaf.default\searchplugins\daemon-search.xml

[2009-06-26 22:36:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-06-12 19:54:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-05-19 21:56:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-06-12 19:54:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-06-12 19:54:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2009-05-19 21:56:42 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-03-09 17:01:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

[2009-06-12 19:54:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (UrlHelper Class) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs\_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader\_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [C] C:\WINDOWS\System32\kducc.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sony Ericsson PC Suite] File not found

O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\TaskBarIcon.exe (France Télécom R&D)

O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] c:\program files\valve\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\MAREK\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol\_Catalog9\Catalog\_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol\_Catalog9\Catalog\_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} [http://www.eska.pl/streamplayers/OggX.ocx](http://www.eska.pl/streamplayers/OggX.ocx) (OggX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab) (Java Plug-in 1.6.0\_13)

O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/1.3 ... 03-win.cab](http://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab) (Java Plug-in 1.3.1\_03)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab) (Java Plug-in 1.6.0\_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab) (Java Plug-in 1.6.0\_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload2.macromedia.com/get/s ... wflash.cab](http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab) (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (kducc.exe) - File not found

O20 - Winlogon\Notify\avldr: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-12-27 11:18:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2008-07-03 15:52:13 | 00,000,000 | ---D | M] - C:\Automap -- [NTFS]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (\*) - File not found

O34 - HKLM BootExecute: (MACHINE) - File not found

O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[32 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\MAREK\Pulpit\*.tmp files]

[2009-06-27 11:07:34 | 01,119,738 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\Nowy folder (2).rar

[2009-06-27 10:44:24 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MAREK\Pulpit\OTL.exe

[2009-06-27 10:39:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\HijackThis.lnk

[2009-06-27 10:39:17 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MAREK\Pulpit\HJTInstall.exe

[2009-06-26 23:48:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2009-06-26 23:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009-06-26 23:30:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MAREK\Pulpit\Nowy folder (2)

[2009-06-26 22:03:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-06-26 21:38:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009-06-26 21:30:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009-06-26 21:21:09 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk

[2009-06-26 21:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}

[2009-06-26 21:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft(2)

[2009-06-26 21:00:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-06-26 21:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

[2009-06-26 19:43:56 | 05,292,054 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\bez tytułu.bmp

[2009-06-22 21:39:26 | 00,011,099 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\j.docx

[2009-06-20 22:28:13 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\mIRC.lnk

[2009-06-20 22:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC

[2009-06-20 22:26:39 | 01,751,280 | ---- | C] (mIRC Co. Ltd.) -- C:\Documents and Settings\MAREK\Pulpit\mirc635.exe

[2009-06-17 14:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\TibiaCam TV Lite

[2009-06-17 14:55:16 | 00,927,222 | ---- | C] (TibiaCam TV ) -- C:\Documents and Settings\MAREK\Pulpit\TibiaCamLite-2.7.exe

[2009-06-12 08:14:43 | 00,211,516 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\Kafeteria - KAMICA NERKOWA- czyli jak znosić ból podczas rodzenia kamienia.mht

[2009-06-11 13:26:12 | 00,159,472 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_13\_21\_26.oop~

[2009-06-11 13:26:12 | 00,159,388 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_21\_45\_20.oop~

[2009-06-11 13:26:12 | 00,157,308 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_13\_21\_22.oop~

[2009-06-11 13:26:12 | 00,153,529 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_12\_40\_36.oop~

[2009-06-11 13:26:12 | 00,149,987 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_12\_09\_02.oop~

[2009-06-11 13:26:12 | 00,148,399 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_27\_00.oop~

[2009-06-11 13:26:12 | 00,148,118 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_26\_26.oop~

[2009-06-11 13:26:12 | 00,148,107 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_23\_38.oop~

[2009-06-11 13:26:12 | 00,145,757 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c.oop

[2009-06-11 13:26:12 | 00,145,757 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_23\_55\_02.oop~

[2009-06-11 13:26:12 | 00,145,757 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_23\_09\_12.oop~

[2009-06-11 13:26:12 | 00,145,577 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_19\_52.oop~

[2009-06-11 13:26:12 | 00,143,348 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_18\_00\_28.oop~

[2009-06-11 13:26:12 | 00,141,271 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_18\_00\_16.oop~

[2009-06-11 13:26:12 | 00,139,586 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_51\_32.oop~

[2009-06-11 13:26:12 | 00,137,306 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_51\_16.oop~

[2009-06-11 13:26:12 | 00,133,248 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_07\_00.oop~

[2009-06-11 13:26:12 | 00,129,894 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_12\_33\_44.oop~

[2009-06-11 13:26:12 | 00,129,102 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_12\_16\_12.oop~

[2009-06-11 13:26:12 | 00,126,581 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_11\_52\_00.oop~

[2009-06-11 13:26:12 | 00,126,041 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_18\_00.oop~

[2009-06-11 13:26:12 | 00,124,220 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_17\_56.oop~

[2009-06-11 13:26:12 | 00,120,661 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_10\_58.oop~

[2009-06-11 13:26:12 | 00,118,736 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_16\_04\_08.oop~

[2009-06-11 13:26:12 | 00,116,853 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_16\_04\_00.oop~

[2009-06-11 13:26:12 | 00,112,788 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_15\_35\_22.oop~

[2009-06-11 13:26:12 | 00,108,888 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_15\_01\_44.oop~

[2009-06-11 13:26:12 | 00,108,225 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_14\_13\_26.oop~

[2009-06-11 13:26:12 | 00,104,903 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_13\_59\_52.oop~

[2009-06-11 13:26:12 | 00,100,887 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_13\_16\_50.oop~

[2009-06-11 13:26:12 | 00,096,985 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_12\_38\_34.oop~

[2009-06-11 13:26:12 | 00,092,711 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_11\_41\_26.oop~

[2009-06-11 13:26:12 | 00,090,703 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_52.oop~

[2009-06-11 13:26:12 | 00,090,703 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_48.oop~

[2009-06-11 13:26:12 | 00,088,576 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_46.oop~

[2009-06-11 13:26:12 | 00,086,654 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_10\_50.oop~

[2009-06-11 13:26:12 | 00,084,385 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_10\_44.oop~

[2009-06-11 13:26:12 | 00,077,499 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_17\_24\_42.oop~

[2009-06-11 13:26:12 | 00,075,180 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_17\_24\_16.oop~

[2009-06-11 13:26:12 | 00,070,742 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_16\_34\_18.oop~

[2009-06-11 13:26:12 | 00,066,485 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_15\_49\_16.oop~

[2009-06-11 13:26:12 | 00,061,519 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_15\_16\_18.oop~

[2009-06-11 13:26:12 | 00,059,226 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_14\_35\_38.oop~

[2009-06-11 13:26:12 | 00,058,970 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_14\_26\_16.oop~

[2009-06-11 13:26:12 | 00,058,515 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_13\_26\_14.oop~

[2009-06-11 13:26:12 | 00,058,337 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_13\_33\_48.oop~

[2009-06-11 12:43:15 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009-06-11 12:43:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009-06-11 12:40:11 | 00,296,229 | ---- | C] () -- C:\PROGRA~1\Wanadoo\Profil1\Pizzeria Gondola Rzeszów, Pizza Rzeszów, Pizzerie w Rzeszowie, Pizza na Telefon.mht

[2009-06-10 17:15:58 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\Gorky17.lnk

[2009-06-10 16:48:48 | 00,000,000 | ---D | C] -- C:\Gry

[2009-06-07 15:26:46 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TC PowerPack.lnk

[2009-06-07 15:26:42 | 00,000,000 | ---D | C] -- C:\Program Files\TC PowerPack

[2009-06-07 15:22:36 | 14,998,716 | ---- | C] () -- C:\Documents and Settings\MAREK\Pulpit\tcmdpp(dobreprogramy.pl).exe

[2009-06-05 22:26:06 | 00,000,000 | ---D | C] -- C:\Gorky17

[2009-06-05 21:46:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009-06-05 21:45:28 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009-06-05 21:43:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2008-11-25 13:20:05 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}\_WiseFW.ini

[2008-11-22 19:47:50 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-10-23 20:50:50 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2008-10-09 17:05:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-10-06 21:42:38 | 00,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI

[2008-06-15 23:56:05 | 00,000,301 | ---- | C] () -- C:\WINDOWS\HPFTBX13.INI

[2008-04-25 16:45:55 | 00,000,430 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008-04-17 22:18:19 | 00,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini

[2008-04-11 11:18:10 | 00,000,238 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2008-04-05 22:11:39 | 00,000,710 | ---- | C] () -- C:\WINDOWS\CoD.INI

[2008-04-05 15:31:15 | 00,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll

[2008-03-29 01:41:32 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff\_vfw.dll

[2008-01-10 20:16:20 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008-01-10 20:15:30 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007-12-27 12:03:14 | 00,001,472 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007-12-27 12:03:03 | 00,000,639 | ---- | C] () -- C:\WINDOWS\win.ini

[2007-12-27 12:03:02 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2007-12-27 12:02:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007-09-17 02:07:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007-09-17 02:07:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007-09-17 02:07:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007-09-17 02:07:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007-09-17 02:07:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007-02-06 02:05:26 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[1998-09-25 11:43:10 | 00,004,404 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk13.ini

[1998-09-25 11:35:52 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\HPFdat13.dll

[1998-09-25 11:33:44 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPFscp13.dll

[1998-09-25 11:30:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl13.dll

[1998-09-25 11:30:02 | 00,276,480 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl13.dll

[1998-09-25 11:29:58 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl13.dll

[1998-09-25 11:29:52 | 01,105,408 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl13.dll

[1998-09-25 11:17:48 | 00,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps13.dll

[1998-09-25 11:17:20 | 00,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r13.dll

[1998-09-25 11:16:06 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst13.dll

[1998-09-25 11:08:42 | 00,395,264 | ---- | C] () -- C:\WINDOWS\System32\HPFui13.dll

[1998-09-25 11:03:08 | 00,187,904 | ---- | C] () -- C:\WINDOWS\System32\HPFwin13.dll

[1998-09-25 10:59:52 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon13.dll

[1998-09-25 10:59:14 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl13.dll

[1998-09-25 10:56:58 | 00,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop13.dll

[1998-09-25 10:56:46 | 00,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml13.dll

[1998-09-25 10:56:40 | 00,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc13.dll

[1998-09-25 10:56:32 | 00,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem13.dll

[1998-09-25 10:56:28 | 00,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm13.dll

[1998-09-25 10:56:16 | 00,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom13.dll

[1998-09-25 10:55:24 | 00,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp13.sys

[1998-09-25 10:54:34 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu13.dll

[1998-09-25 10:54:04 | 00,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa13.dll

[1998-09-25 10:49:34 | 01,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg13.dll

[1998-09-25 10:46:14 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt13.dll

[1997-06-14 04:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9\_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[32 C:\WINDOWS\*.tmp files]

[1 C:\Documents and Settings\MAREK\Pulpit\*.tmp files]

[2009-06-27 11:07:46 | 01,119,738 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\Nowy folder (2).rar

[2009-06-27 11:07:17 | 01,035,236 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-06-27 11:07:17 | 00,466,752 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-06-27 11:07:17 | 00,408,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-06-27 11:07:17 | 00,082,620 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-06-27 11:07:17 | 00,064,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-06-27 11:03:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-06-27 11:03:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-06-27 10:44:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MAREK\Pulpit\OTL.exe

[2009-06-27 10:39:33 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\HijackThis.lnk

[2009-06-27 10:39:27 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MAREK\Pulpit\HJTInstall.exe

[2009-06-26 23:49:53 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-06-26 21:30:49 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009-06-26 19:43:56 | 05,292,054 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\bez tytułu.bmp

[2009-06-22 21:46:10 | 00,011,801 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\Nowy Dokument programu Microsoft Office Word.docx

[2009-06-22 21:41:22 | 00,011,099 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\j.docx

[2009-06-20 22:28:13 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\mIRC.lnk

[2009-06-20 22:27:07 | 01,751,280 | ---- | M] (mIRC Co. Ltd.) -- C:\Documents and Settings\MAREK\Pulpit\mirc635.exe

[2009-06-18 00:17:07 | 02,115,394 | -H-- | M] () -- C:\Documents and Settings\MAREK\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-06-17 14:55:33 | 00,927,222 | ---- | M] (TibiaCam TV ) -- C:\Documents and Settings\MAREK\Pulpit\TibiaCamLite-2.7.exe

[2009-06-14 23:55:13 | 00,145,757 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c.oop

[2009-06-14 23:55:00 | 00,145,757 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_23\_55\_02.oop~

[2009-06-14 23:09:11 | 00,145,757 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_23\_09\_12.oop~

[2009-06-14 21:45:18 | 00,159,388 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_21\_45\_20.oop~

[2009-06-14 20:15:08 | 00,000,301 | ---- | M] () -- C:\WINDOWS\HPFTBX13.INI

[2009-06-14 13:21:24 | 00,159,472 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_13\_21\_26.oop~

[2009-06-14 13:21:20 | 00,157,308 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_13\_21\_22.oop~

[2009-06-14 12:40:35 | 00,153,529 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_12\_40\_36.oop~

[2009-06-14 12:09:00 | 00,149,987 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_14\_12\_09\_02.oop~

[2009-06-13 20:26:58 | 00,148,399 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_27\_00.oop~

[2009-06-13 20:26:25 | 00,148,118 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_26\_26.oop~

[2009-06-13 20:23:36 | 00,148,107 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_23\_38.oop~

[2009-06-13 20:19:50 | 00,145,577 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_20\_19\_52.oop~

[2009-06-13 18:00:26 | 00,143,348 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_18\_00\_28.oop~

[2009-06-13 18:00:15 | 00,141,271 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_18\_00\_16.oop~

[2009-06-13 13:51:31 | 00,139,586 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_51\_32.oop~

[2009-06-13 13:51:14 | 00,137,306 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_51\_16.oop~

[2009-06-13 13:06:58 | 00,133,248 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_13\_07\_00.oop~

[2009-06-13 12:33:43 | 00,129,894 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_12\_33\_44.oop~

[2009-06-13 12:16:11 | 00,129,102 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_12\_16\_12.oop~

[2009-06-13 11:51:59 | 00,126,581 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_13\_11\_52\_00.oop~

[2009-06-12 19:17:58 | 00,126,041 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_18\_00.oop~

[2009-06-12 19:17:54 | 00,124,220 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_17\_56.oop~

[2009-06-12 19:10:57 | 00,120,661 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_19\_10\_58.oop~

[2009-06-12 16:04:06 | 00,118,736 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_16\_04\_08.oop~

[2009-06-12 16:03:59 | 00,116,853 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_16\_04\_00.oop~

[2009-06-12 15:35:21 | 00,112,788 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_15\_35\_22.oop~

[2009-06-12 15:01:43 | 00,108,888 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_15\_01\_44.oop~

[2009-06-12 14:13:24 | 00,108,225 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_14\_13\_26.oop~

[2009-06-12 13:59:51 | 00,104,903 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_13\_59\_52.oop~

[2009-06-12 13:16:48 | 00,100,887 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_13\_16\_50.oop~

[2009-06-12 12:38:32 | 00,096,985 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_12\_38\_34.oop~

[2009-06-12 11:41:25 | 00,092,711 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_12\_11\_41\_26.oop~

[2009-06-12 08:14:45 | 00,211,516 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\Kafeteria - KAMICA NERKOWA- czyli jak znosić ból podczas rodzenia kamienia.mht

[2009-06-11 22:40:45 | 00,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-06-11 22:26:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-06-11 20:40:50 | 00,090,703 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_52.oop~

[2009-06-11 20:40:47 | 00,090,703 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_48.oop~

[2009-06-11 20:40:44 | 00,088,576 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_40\_46.oop~

[2009-06-11 20:10:48 | 00,086,654 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_10\_50.oop~

[2009-06-11 20:10:43 | 00,084,385 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_20\_10\_44.oop~

[2009-06-11 17:24:40 | 00,077,499 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_17\_24\_42.oop~

[2009-06-11 17:24:14 | 00,075,180 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_17\_24\_16.oop~

[2009-06-11 16:34:16 | 00,070,742 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_16\_34\_18.oop~

[2009-06-11 15:49:14 | 00,066,485 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_15\_49\_16.oop~

[2009-06-11 15:16:16 | 00,061,519 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_15\_16\_18.oop~

[2009-06-11 14:35:36 | 00,059,226 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_14\_35\_38.oop~

[2009-06-11 14:26:15 | 00,058,970 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_14\_26\_16.oop~

[2009-06-11 13:33:46 | 00,058,337 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_13\_33\_48.oop~

[2009-06-11 13:26:12 | 00,058,515 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\klasa 1c 2009\_06\_11\_13\_26\_14.oop~

[2009-06-11 12:40:13 | 00,296,229 | ---- | M] () -- C:\PROGRA~1\Wanadoo\Profil1\Pizzeria Gondola Rzeszów, Pizza Rzeszów, Pizzerie w Rzeszowie, Pizza na Telefon.mht

[2009-06-10 17:20:03 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\MAREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-06-10 17:15:58 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\Gorky17.lnk

[2009-06-07 15:26:46 | 00,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TC PowerPack.lnk

[2009-06-07 15:26:24 | 14,998,716 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\tcmdpp(dobreprogramy.pl).exe

[2009-06-07 15:23:19 | 00,000,405 | ---- | M] () -- C:\Documents and Settings\MAREK\Pulpit\Total Commander.lnk

[2009-06-01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 288 bytes -\> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B

@Alternate Data Stream - 118 bytes -\> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13

\< End of report \>
#6

Logi wklejasz na www.wklej.org , a w poście tylko link .

#7

Dziwne, jednej rzeczy OTL nie pokazuje a HT tak. Na razie wklej w OTL

Klikasz Run Fix. Pokazujesz nowy log z OTL i log Extras.

#8

wczesniejszy log z otl http://www.wklej.org/id/112772/ i gmer http://www.wklej.org/id/112777/

#9

Daj log z usuwania po użyciu powyższego skryptu ciemnowidza , potem nowy log ze skanu OTL.

#10

Po co dajesz te logi. Wykonałeś co napisałem? Bo dalej widzę niektóre wpisy.

Powtórz ze skryptem. Potem wygeneruj nowy log i wklej log Extras.

#11

jak daje run fix to mi wyswietla taki plik

OTL by OldTimer - Version 3.0.5.3 log created on 06272009_115018

chyba cos nie tak

#12

Ten plik ma się pojawić bo tem trafiają “przesunięte” w skrypcie pliki. W środku powinien być log. Możesz go zamieścić, do tego log Extras i nowo robiony z OTL.

#13

http://wklej.org/id/112795/ usuwanie - po restarcie systemu

nowe logi z otl

http://wklej.org/id/112796/

#14

Tutaj nic nie widać.

Wklej w OTL

Klikasz Run Fix, potem CleanUp.

W HijackThis skasuj

Wyłącz na chwilę przywracanie systemu.

http://support.microsoft.com/kb/310405/pll

Wykonaj dokładny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& … lware+1.37

Przeczyść rejestr CCleaner’em

http://dobreprogramy.pl/index.php?dz=2& … +v2.19.901

#15

http://wklej.org/id/112813/ po wklejeniu do otl , teraz cleanup itd.

#16

Teraz resztę wykonuj bo nic tutaj nie widać a jak Malwarebytes coś znajdzie to usuń i wklej log.

#17

w Hijackthis usunolem O4 - HKLM…\Policies\Explorer\Run: [this] C:\Program Files\Web Technologies\wcs.exe

ale nie zrobilem tego przywracania co mi mowiles

logi ze skanu http://wklej.org/id/112850/ zlazl 6 zainfekowanych

Dodane 27.06.2009 (So) 14:00

po usunieęciu plików http://wklej.org/id/112854/

#18

Więcej tutaj nie widać.

Na koniec wyłącz i włącz przywracanie systemu, żeby usunąć kopie szkodnika

http://support.microsoft.com/kb/310405/pll

Przeczyść rejestr CCleaner’em

http://dobreprogramy.pl/index.php?dz=2& … +v2.19.901

#19

Zrobilem tak jak mi zaleciles , zrobilem to przywracanie systemu wylaczenie i wlaczenie ,skan CCleanerem zrobiem kopie zapasowa wyskanowalem rejestr i naprawilem bledy cos jeszcze?

#20

Właściwie to raczej już wszystko, bo nic już nie widać.