Muli sie net avast wykryl malvare

wowo · 26 Lipiec 2009 08:24

Avast wykryl malvare i inne syfy wklejam link do loga z RSIT http://www.wklejto.pl/39232

deFco247 · 26 Lipiec 2009 08:27

Infekcja z pendrive spod literki F:

Pokaż logi z OTL oraz GMER.

W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkanaście minut) -> po skanie Kopiuj.

wowo · 26 Lipiec 2009 08:39

log z OTL

OTL logfile created on: 2009-07-26 10:37:32 - Run 1

OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\oem\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,37 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 59,87% Memory free

3,23 Gb Paging File | 2,72 Gb Available in Paging File | 84,36% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25,39 Gb Total Space | 12,96 Gb Free Space | 51,02% Space Free | Partition Type: NTFS

Drive D: | 49,13 Gb Total Space | 40,20 Gb Free Space | 81,84% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SPECIAL-XP

Current User Name: oem

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2008-08-21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2007-02-06 16:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

PRC - [2008-08-21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2008-04-14 22:51:18 | 03,197,440 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE

PRC - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-01-21 09:56:32 | 00,065,536 | ---- | M] (France Telecom SA) – C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2009-02-06 10:56:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wscntfy.exe

PRC - [2007-01-05 18:36:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2003-10-31 20:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) – C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

PRC - [2009-02-06 10:56:04 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) – C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

PRC - [2008-08-04 01:02:20 | 00,036,352 | ---- | M] () – D:\Winamp\winampa.exe

PRC - [2007-11-14 01:47:50 | 00,278,528 | R— | M] (France Telecom SA) – C:\Program Files\CardDetector\ICON225\CardDetector.exe

PRC - [2009-02-05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008-04-14 23:51:32 | 01,695,232 | ---- | M] (Microsoft Corporation) – C:\Program Files\Messenger\msmsgs.exe

PRC - [2009-06-02 11:56:00 | 24,264,488 | R— | M] (Skype Technologies S.A.) – C:\Program Files\Skype\Phone\Skype.exe

PRC - [2007-02-06 16:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008-01-21 09:56:32 | 00,598,016 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe

PRC - [2006-05-14 22:47:48 | 00,344,064 | ---- | M] () – C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

PRC - [2002-09-29 14:41:10 | 00,090,112 | ---- | M] (Y’z@Home) – C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

PRC - [2009-01-09 20:50:10 | 07,424,000 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2009-01-09 20:51:18 | 07,418,368 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2008-01-21 09:56:18 | 00,090,112 | ---- | M] (France Telecom SA) – C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

PRC - [2007-02-06 16:11:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2008-01-21 09:56:38 | 00,122,880 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\systray\systrayapp.exe

PRC - [2008-01-21 09:56:20 | 00,720,896 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe

PRC - [2008-01-21 09:56:38 | 00,839,680 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\PhoneTools\TextMessaging.exe

PRC - [2008-01-21 09:56:22 | 00,364,544 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe

PRC - [2008-01-21 09:56:32 | 00,065,536 | ---- | M] (France Telecom SA) – C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

PRC - [2008-01-21 09:56:22 | 00,028,672 | ---- | M] (France Telecom SA) – C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\OraConfigRecover.exe

PRC - [2008-04-14 22:51:52 | 00,218,112 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009-06-02 11:56:00 | 00,077,360 | R— | M] (Skype Technologies) – C:\Program Files\Skype\Plugin Manager\skypePM.exe

PRC - [2009-02-26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe

PRC - [2009-07-26 10:36:43 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\oem\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-04-02 12:47:04 | 00,234,888 | ---- | M] () – C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe – (ASKUpgrade [Auto | Stopped])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe – (aspnet_state [On_Demand | Stopped])

SRV - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv [Auto | Running])

SRV - [2008-08-21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe – (Ati HotKey Poller [Auto | Running])

SRV - [2009-01-13 22:05:00 | 00,593,920 | ---- | M] () – C:\WINDOWS\System32\ati2sgag.exe – (ATI Smart [Auto | Stopped])

SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus [Auto | Running])

SRV - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner [On_Demand | Running])

SRV - [2007-02-06 16:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe – (btwdins [Auto | Running])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-01-21 09:56:32 | 00,065,536 | ---- | M] (France Telecom SA) – C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe – (FTRTSVC [Auto | Running])

SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe – (gusvc [On_Demand | Stopped])

SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])

SRV - [2009-02-06 10:56:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService [Auto | Running])

SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Media Player\WMPNetwk.exe – (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009-02-05 23:05:11 | 00,026,944 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4 [system | Running])

DRV - [2007-10-01 14:27:40 | 00,281,600 | ---- | M] (Analog Devices, Inc.) – C:\WINDOWS\System32\drivers\ADIHdAud.sys – (ADIHdAudAddService [On_Demand | Running])

DRV - [2007-07-13 11:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) – C:\WINDOWS\System32\drivers\AEAudio.sys – (AEAudio [On_Demand | Running])

DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys – (aswFsBlk [Auto | Running])

DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2 [Auto | Running])

DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr [On_Demand | Running])

DRV - [2009-02-05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP [system | Running])

DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi [system | Running])

DRV - [2008-08-21 06:52:41 | 03,299,840 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\DRIVERS\ati2mtag.sys – (ati2mtag [On_Demand | Running])

DRV - [2009-02-05 15:05:21 | 01,287,552 | ---- | M] (Broadcom Corporation) – C:\WINDOWS\System32\DRIVERS\bcmwl5.sys – (BCM43XX [On_Demand | Running])

DRV - [2007-02-14 15:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\System32\drivers\btaudio.sys – (btaudio [On_Demand | Running])

DRV - [2007-02-14 15:20:58 | 00,030,459 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\System32\DRIVERS\btport.sys – (BTDriver [On_Demand | Running])

DRV - [2007-02-14 15:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\System32\DRIVERS\btkrnl.sys – (BTKRNL [On_Demand | Running])

DRV - [2007-02-14 15:20:58 | 00,149,123 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\System32\DRIVERS\btwdndis.sys – (BTWDNDIS [On_Demand | Running])

DRV - [2007-02-14 15:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\System32\Drivers\btwusb.sys – (BTWUSB [On_Demand | Running])

DRV - [2007-11-14 00:29:22 | 00,095,744 | R— | M] (Option NV) – C:\WINDOWS\System32\DRIVERS\Gt51Ip.sys – (GT72NDISIPXP [On_Demand | Stopped])

DRV - [2007-11-14 00:29:23 | 00,051,968 | R— | M] (Option N.V.) – C:\WINDOWS\System32\DRIVERS\gt72ubus.sys – (GT72UBUS [On_Demand | Stopped])

DRV - [2007-11-14 00:29:23 | 00,008,064 | R— | M] (Option N.V.) – C:\WINDOWS\System32\DRIVERS\gtptser.sys – (GTPTSER [On_Demand | Stopped])

DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\DRIVERS\HDAudBus.sys – (HDAudBus [On_Demand | Running])

DRV - [2009-06-29 20:36:57 | 00,027,136 | ---- | M] (NCH Swift Sound) – C:\WINDOWS\System32\drivers\nchssvad.sys – (NCHSSVAD [On_Demand | Running])

DRV - [2004-03-24 04:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) – C:\WINDOWS\System32\NSNDIS5.SYS – (NSNDIS5 [On_Demand | Stopped])

DRV - [2008-01-21 09:56:38 | 00,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) – C:\WINDOWS\System32\PCAMPR5.SYS – (PCAMPR5 [On_Demand | Stopped])

DRV - [2008-01-21 09:56:38 | 00,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) – C:\WINDOWS\System32\PCANDIS5.SYS – (PCANDIS5 [On_Demand | Running])

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])

DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20 [boot | Running])

DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])

DRV - [2008-05-02 08:48:55 | 00,062,208 | ---- | M] (Silicon Image, Inc.) – C:\WINDOWS\System32\drivers\si3112.sys – (Si3112 [boot | Running])

DRV - [2001-08-17 22:49:04 | 00,024,576 | ---- | M] (VIA Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\viairda.sys – (VIAIRDA [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\S-1-5-21-1123561945-220523388-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

FF - HKLM\software\mozilla\Firefox\extensions\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-06 10:56:05 | 00,000,000 | —D | M]

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM…\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM…\Run: [bEWINTERNET-PL-IEWSessionManager] C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM…\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe (France Telecom SA)

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM…\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Run: [ALLUpdate] D:\VLC\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Run: [Google Update] C:\Documents and Settings\oem\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU.DEFAULT…\RunOnce: [nltide_2] File not found

O4 - HKU.DEFAULT…\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-18…\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18…\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\oem\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\oem\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe ()

O4 - Startup: C:\Documents and Settings\oem\Menu Start\Programy\Autostart\Y’z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe (Y’z@Home)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc … tor/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup … 9489269881 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ … 586-jc.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl … rashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game14.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-02-05 14:31:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O33 - MountPoints2{4579c58c-12f2-11de-879a-001a6bb0e6f6}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autoruns.exe – File not found

O33 - MountPoints2{4579c58c-12f2-11de-879a-001a6bb0e6f6}\Shell\open\command - “” = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autoruns.exe – File not found

O33 - MountPoints2{dca364ff-ff94-11dd-8756-00f1d000f1d0}\Shell\AutoRun\command - “” = F:\cahpcg.cmd – File not found

O33 - MountPoints2{dca364ff-ff94-11dd-8756-00f1d000f1d0}\Shell\open\Command - “” = F:\cahpcg.cmd – File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS*.tmp files]

[2009-07-26 10:36:41 | 00,513,536 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\oem\Pulpit\OTL.exe

[2009-07-26 10:28:02 | 00,043,848 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 888.dds

[2009-07-26 10:28:02 | 00,021,992 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 133.dds

[2009-07-26 10:28:02 | 00,011,064 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 122.dds

[2009-07-26 10:28:02 | 00,011,064 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 11.dds

[2009-07-26 10:27:51 | 00,011,064 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\Avatar 177.dds

[2009-07-26 10:27:51 | 00,011,064 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 166.dds

[2009-07-26 10:27:51 | 00,011,064 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 155.dds

[2009-07-26 10:27:51 | 00,000,824 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\avatar 144.dds

[2009-07-26 10:17:51 | 00,000,000 | —D | C] – C:\Program Files\trend micro

[2009-07-26 10:17:50 | 00,000,000 | —D | C] – C:\rsit

[2009-07-26 10:11:46 | 00,534,528 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\CF1102.exe

[2009-07-26 10:11:46 | 00,000,000 | --SD | C] – C:\ComboFix

[2009-07-26 10:07:41 | 00,219,648 | ---- | C] () – C:\WINDOWS\PEV.exe

[2009-07-26 10:07:41 | 00,212,480 | ---- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe

[2009-07-26 10:07:41 | 00,161,792 | ---- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe

[2009-07-26 10:07:41 | 00,136,704 | ---- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe

[2009-07-26 10:07:41 | 00,098,816 | ---- | C] () – C:\WINDOWS\sed.exe

[2009-07-26 10:07:41 | 00,080,412 | ---- | C] () – C:\WINDOWS\grep.exe

[2009-07-26 10:07:41 | 00,068,096 | ---- | C] () – C:\WINDOWS\zip.exe

[2009-07-26 10:07:41 | 00,031,232 | ---- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe

[2009-07-26 10:07:36 | 00,000,000 | —D | C] – C:\WINDOWS\ERDNT

[2009-07-26 10:07:35 | 00,534,528 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\CF194.exe

[2009-07-26 10:07:07 | 00,000,000 | —D | C] – C:\Qoobox

[2009-07-22 14:51:00 | 00,000,000 | —D | C] – C:\Documents and Settings\oem\Moje dokumenty\fotyy

[2009-07-20 10:41:01 | 00,000,000 | —D | C] – C:\Documents and Settings\oem\Ustawienia lokalne\Dane aplikacji\Temp

[2009-07-15 22:23:30 | 00,023,029 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\podanie-1.odt

[2009-07-15 22:19:19 | 00,031,622 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\ankieta.odt

[2009-07-15 22:11:36 | 00,018,558 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\zyciorys.odt

[2009-07-15 22:05:21 | 00,071,680 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\podanie-1.doc

[2009-07-15 13:09:24 | 00,112,640 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\ankieta.doc

[2009-07-15 13:09:18 | 00,063,488 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\zyciorys.doc

[2009-07-04 11:35:41 | 01,144,832 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\funnynick.exe

[2009-07-01 11:36:12 | 00,001,124 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003UA.job

[2009-07-01 11:36:12 | 00,001,072 | ---- | C] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003Core.job

[2009-06-29 20:37:14 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\NCH Software

[2009-06-29 20:36:57 | 00,027,136 | ---- | C] (NCH Swift Sound) – C:\WINDOWS\System32\drivers\nchssvad.sys

[2009-06-29 20:36:50 | 00,000,000 | —D | C] – C:\Program Files\NCH Software

[2009-06-29 20:36:45 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound

[2009-06-29 20:36:44 | 00,000,000 | —D | C] – C:\Documents and Settings\oem\Dane aplikacji\NCH Swift Sound

[2009-06-29 20:36:19 | 00,000,838 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\Express Burn.lnk

[2009-06-29 20:36:15 | 00,000,000 | —D | C] – C:\Program Files\NCH Swift Sound

[2009-06-29 20:35:12 | 00,394,148 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\burn.zip

[2009-06-26 10:43:47 | 01,547,911 | ---- | C] () – C:\Documents and Settings\oem\Pulpit\13-yomanda-youre_free-bpm.mp31245440357_[mp3.teledyski.info].mp3

[2009-02-07 20:22:14 | 00,000,010 | ---- | C] () – C:\WINDOWS\WININIT.INI

[2009-02-06 00:31:09 | 00,000,284 | ---- | C] () – C:\WINDOWS\cncscore.ini

[2008-11-06 18:37:32 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2008-11-06 18:34:00 | 00,000,416 | ---- | C] () – C:\WINDOWS\System32\dtu100.dll.manifest

[2008-11-06 18:34:00 | 00,000,416 | ---- | C] () – C:\WINDOWS\System32\dpl100.dll.manifest

[2008-11-06 18:33:02 | 00,012,288 | ---- | C] () – C:\WINDOWS\System32\DivXWMPExtType.dll

[2008-05-03 09:24:01 | 00,000,082 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini

[2007-02-06 16:20:00 | 02,842,624 | ---- | C] () – C:\WINDOWS\System32\btwicons.dll

[2007-02-06 15:55:52 | 00,090,112 | ---- | C] () – C:\WINDOWS\System32\btprn2k.dll

[2005-02-17 12:41:32 | 00,000,603 | ---- | C] () – C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005-02-17 12:41:30 | 00,000,593 | ---- | C] () – C:\WINDOWS\System32\btcss.dll.manifest

[2002-05-30 22:19:43 | 00,282,112 | ---- | C] () – C:\WINDOWS\System32\cncs232.dll

[2001-11-14 13:56:00 | 01,802,240 | ---- | C] () – C:\WINDOWS\System32\lcppn21.dll

[2001-07-22 00:16:20 | 00,000,507 | ---- | C] () – C:\WINDOWS\win.ini

[2001-07-22 00:15:52 | 00,000,231 | ---- | C] () – C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32*.tmp files]

[3 C:\WINDOWS*.tmp files]

[2009-07-26 10:36:43 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\oem\Pulpit\OTL.exe

[2009-07-26 10:31:26 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-07-26 10:31:22 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-07-26 10:31:17 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-07-26 10:31:16 | 00,044,964 | ---- | M] () – C:\WINDOWS\System32\ativvaxx.cap

[2009-07-26 10:11:40 | 00,534,528 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\CF1102.exe

[2009-07-26 10:07:03 | 00,534,528 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\CF194.exe

[2009-07-24 07:41:01 | 00,001,124 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003UA.job

[2009-07-23 19:19:57 | 00,034,816 | ---- | M] () – C:\Documents and Settings\oem\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-07-22 11:41:00 | 00,001,072 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003Core.job

[2009-07-20 10:42:26 | 00,002,286 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\Google Chrome.lnk

[2009-07-15 22:23:31 | 00,023,029 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\podanie-1.odt

[2009-07-15 22:19:20 | 00,031,622 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\ankieta.odt

[2009-07-15 22:11:37 | 00,018,558 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\zyciorys.odt

[2009-07-15 22:05:21 | 00,071,680 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\podanie-1.doc

[2009-07-15 13:09:24 | 00,112,640 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\ankieta.doc

[2009-07-15 13:09:18 | 00,063,488 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\zyciorys.doc

[2009-07-13 05:48:54 | 00,219,648 | ---- | M] () – C:\WINDOWS\PEV.exe

[2009-07-04 14:05:12 | 00,011,064 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 11.dds

[2009-07-04 12:45:46 | 00,043,848 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 888.dds

[2009-07-04 12:08:09 | 00,021,992 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 133.dds

[2009-07-04 11:35:45 | 01,144,832 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\funnynick.exe

[2009-07-04 02:44:23 | 00,001,548 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\CCleaner.lnk

[2009-07-03 23:49:04 | 00,011,064 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 122.dds

[2009-07-03 23:47:58 | 00,000,824 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 144.dds

[2009-07-03 23:38:18 | 00,011,064 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 166.dds

[2009-07-03 23:35:20 | 00,011,064 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\avatar 155.dds

[2009-07-03 21:11:07 | 00,011,064 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\Avatar 177.dds

[2009-06-29 20:36:57 | 00,027,136 | ---- | M] (NCH Swift Sound) – C:\WINDOWS\System32\drivers\nchssvad.sys

[2009-06-29 20:36:19 | 00,000,838 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\Express Burn.lnk

[2009-06-29 20:35:12 | 00,394,148 | ---- | M] () – C:\Documents and Settings\oem\Pulpit\burn.zip

========== LOP Check ==========

[2009-07-26 10:28:44 | 00,000,000 | RH-D | M] – C:\Documents and Settings\All Users\Dane aplikacji

[2009-03-19 14:41:50 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2009-02-06 08:35:30 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2009-03-07 23:49:15 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\f-secure

[2009-02-06 11:24:12 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\fssg

[2009-06-29 20:37:14 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\NCH Software

[2009-06-29 20:37:36 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound

[2009-02-07 16:38:39 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\SugarGames

[2009-02-07 17:40:13 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Zylom

[2009-02-05 15:20:34 | 00,000,000 | RH-D | M] – C:\Documents and Settings\Default User\Dane aplikacji

[2009-02-05 14:41:22 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Dane aplikacji

[2009-02-05 14:33:08 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-06-29 20:36:44 | 00,000,000 | RH-D | M] – C:\Documents and Settings\oem\Dane aplikacji

[2009-03-19 14:57:12 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\Ashampoo

[2009-02-07 19:51:53 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\ATI

[2009-02-06 08:37:25 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\CyberLink

[2009-02-06 11:29:13 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\F-Secure

[2009-02-07 19:20:02 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\Gadu-Gadu

[2009-04-12 23:33:52 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\GetRightToGo

[2009-06-29 20:36:57 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\NCH Swift Sound

[2009-02-06 12:32:10 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\OpenOffice.org

[2009-04-12 11:02:22 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\Opera

[2009-02-06 21:30:05 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\URSE Games

[2009-05-30 23:37:55 | 00,000,000 | —D | M] – C:\Documents and Settings\oem\Dane aplikacji\uTorrent

[2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () – C:\WINDOWS\Tasks\desktop.ini

[2009-07-22 11:41:00 | 00,001,072 | ---- | M] () – C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003Core.job

[2009-07-24 07:41:01 | 00,001,124 | ---- | M] () – C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-220523388-1801674531-1003UA.job

[2009-07-26 10:31:22 | 00,000,006 | -H-- | M] () – C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

deFco247 · 26 Lipiec 2009 08:53

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link

W Custom Scans/Fixes w OTL wklej:

:OTL PRC - [2008-04-14 22:51:18 | 03,197,440 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM…\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-1123561945-220523388-1801674531-1003…\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O33 - MountPoints2{4579c58c-12f2-11de-879a-001a6bb0e6f6}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autoruns.exe – File not found O33 - MountPoints2{4579c58c-12f2-11de-879a-001a6bb0e6f6}\Shell\open\command - “” = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autoruns.exe – File not found O33 - MountPoints2{dca364ff-ff94-11dd-8756-00f1d000f1d0}\Shell\AutoRun\command - “” = F:\cahpcg.cmd – File not found O33 - MountPoints2{dca364ff-ff94-11dd-8756-00f1d000f1d0}\Shell\open\Command - “” = F:\cahpcg.cmd – File not found :Files C:\WINDOWS\System32\CF1102.exe C:\Qoobox :Commands [emptytemp] [start explorer]

Run Fix. Restart, jeśli będzie potrzebny.

Po tym log z usuwania oraz nowy OTL.txt.

wowo · 26 Lipiec 2009 09:20

log po usuwaniu i restarcie http://www.wklej.org/id/126190/

deFco247 · 26 Lipiec 2009 09:23

Odinstaluj pasek narzędziowy Ask.com.

W OTL kliknij CleanUp.

Wyczyść rejestr i dysk CCleaner.

Usuń zbędniki z autostartu.

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.