Pbudsara, vk0w, 6ruaqx jak to usunąć?

grziwan · 17 Listopad 2009 17:53

tak jak w temacie, dużo nieznanych mi procesów, doczytałem się, że są szkodliwe ale nie wiem jak się ich pozbyć.

Skan z OTL:

OTL logfile created on: 2009-11-17 18:48:08 - Run 3

OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Ivan\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,61% Memory free

3,33 Gb Paging File | 2,89 Gb Available in Paging File | 86,78% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 72,06 Gb Total Space | 62,46 Gb Free Space | 86,68% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 37,01 Gb Free Space | 51,36% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IVANOITALIANO

Current User Name: Ivan

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-17 18:44:51 | 00,529,408 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Ivan\Pulpit\OTL.exe

PRC - [2009-11-17 17:51:40 | 00,027,756 | ---- | M] () – C:\WINDOWS\system32\photo_id.exe

PRC - [2009-10-19 15:50:14 | 00,832,296 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe

PRC - [2009-09-15 11:56:48 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-09-15 11:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-09-15 11:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-08-27 16:05:04 | 00,092,008 | ---- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009-07-27 03:37:50 | 00,180,224 | ---- | M] (PowerISO Computing, Inc.) – C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-05-08 09:42:54 | 00,395,776 | ---- | M] () – C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2009-04-27 10:08:42 | 17,881,088 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.EXE

PRC - [2009-04-16 18:46:30 | 00,630,784 | ---- | M] (ASUSTeK Computer Inc.) – C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

PRC - [2009-04-16 17:58:54 | 00,118,784 | ---- | M] (ASUSTeK Computer Inc.) – C:\Program Files\EeePC\ACPI\AsTray.exe

PRC - [2009-03-25 09:43:40 | 00,376,832 | ---- | M] (ASUSTeK Computer Inc.) – C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

PRC - [2009-03-13 15:15:02 | 00,098,304 | ---- | M] (ASUSTeK Computer Inc.) – C:\Program Files\EeePC\ACPI\AsEPCMon.exe

PRC - [2009-03-06 09:57:54 | 01,434,920 | ---- | M] (Synaptics Incorporated) – C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2009-02-06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\wmiprvse.exe

PRC - [2009-01-14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) – C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008-04-15 13:00:00 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-12-19 16:08:12 | 00,159,744 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\hkcmd.exe

PRC - [2007-12-19 16:08:08 | 00,135,168 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxtray.exe

PRC - [2007-12-19 16:07:40 | 00,163,840 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxext.exe

PRC - [2007-12-19 16:07:30 | 00,249,856 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxsrvc.exe

========== Modules (SafeList) ==========

MOD - [2009-11-17 18:44:51 | 00,529,408 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Ivan\Pulpit\OTL.exe

MOD - [2008-04-15 13:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

MOD - [2008-04-15 13:00:00 | 00,185,344 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-09-15 11:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus)

SRV - [2009-09-15 11:56:28 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner)

SRV - [2009-09-15 11:54:13 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner)

SRV - [2009-09-15 11:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv)

SRV - [2009-08-27 16:05:04 | 00,092,008 | ---- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe – (TomTomHOMEService)

SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2009-02-06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Live\Family Safety\fsssvc.exe – (fsssvc)

SRV - [2009-01-14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) – C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe – (SeaPort)

SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe – (FontCache3.0.0.0)

SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe – (idsvc)

SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe – (NetTcpPortSharing)

SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)

SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe – (aspnet_state)

SRV - [2008-04-15 13:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll – (helpsvc)

SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose)

========== Driver Services (SafeList) ==========

DRV - [2009-09-15 11:56:14 | 00,094,160 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aswmon2.sys – (aswMon2)

DRV - [2009-09-15 11:55:30 | 00,114,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aswSP.sys – (aswSP)

DRV - [2009-09-15 11:55:19 | 00,020,560 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2009-09-15 11:54:30 | 00,052,368 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aswTdi.sys – (aswTdi)

DRV - [2009-09-15 11:54:21 | 00,023,152 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aswRdr.sys – (aswRdr)

DRV - [2009-09-15 11:53:24 | 00,027,408 | ---- | M] (ALWIL Software) – C:\WINDOWS\system32\drivers\aavmker4.sys – (Aavmker4)

DRV - [2009-07-27 03:43:18 | 00,058,908 | ---- | M] (PowerISO Computing, Inc.) – C:\WINDOWS\system32\drivers\scdemu.sys – (SCDEmu)

DRV - [2009-04-27 12:26:44 | 05,074,944 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)

DRV - [2009-03-24 00:25:24 | 00,966,912 | ---- | M] (Ralink Technology, Corp.) – C:\WINDOWS\system32\drivers\rt2860.sys – (RT80x86)

DRV - [2009-03-13 22:05:26 | 01,528,928 | ---- | M] (Atheros Communications, Inc.) – C:\WINDOWS\system32\drivers\athw.sys – (AR5416)

DRV - [2009-03-06 09:58:44 | 00,208,304 | ---- | M] (Synaptics Incorporated) – C:\WINDOWS\system32\drivers\SynTP.sys – (SynTP)

DRV - [2009-03-02 06:03:47 | 00,038,912 | ---- | M] (Atheros Communications, Inc.) – C:\WINDOWS\system32\drivers\l1c51x86.sys – (L1c)

DRV - [2009-02-06 17:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\drivers\fssfltr_tdi.sys – (fssfltr)

DRV - [2008-11-19 09:21:28 | 00,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) – C:\WINDOWS\system32\drivers\uvclf.sys – (uvclf)

DRV - [2008-09-12 06:32:56 | 00,327,192 | ---- | M] (Intel Corporation) – C:\windows\system32\drivers\iaStor.sys – (iaStor)

DRV - [2008-08-05 13:10:12 | 01,684,736 | ---- | M] (Creative) – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)

DRV - [2008-04-15 13:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2008-04-15 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)

DRV - [2008-04-15 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)

DRV - [2008-04-08 14:59:28 | 00,010,752 | ---- | M] (ASUSTeK Computer Inc.) – C:\WINDOWS\system32\drivers\ASUSACPI.SYS – (AsusACPI)

DRV - [2008-02-22 17:53:00 | 00,016,168 | ---- | M] (GEAR Software Inc.) – C:\WINDOWS\system32\drivers\GEARAspiWDM.sys – (GearAspiWDM)

DRV - [2007-12-19 16:32:12 | 05,854,688 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)

DRV - [2006-01-04 08:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-4058441890-2229419618-3121738-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-4058441890-2229419618-3121738-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKU\S-1-5-21-4058441890-2229419618-3121738-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

IE - HKU\S-1-5-21-4058441890-2229419618-3121738-1006\S-1-5-21-4058441890-2229419618-3121738-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

FF - HKLM\software\mozilla\Firefox\extensions\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-09-15 04:02:39 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-17 01:48:56 | 00,000,000 | —D | M]

[2009-10-03 16:11:42 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\Mozilla\Extensions

[2009-10-03 16:11:42 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: (56 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM…\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006…\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM…\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM…\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM…\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM…\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe ()

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM…\Run: [Regedit32] C:\windows\System32\regedit.exe File not found

O4 - HKLM…\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

O4 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006…\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006…\Run: [photo_id] C:\Documents and Settings\Ivan\photo_id.exe File not found

O4 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006…\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006…\Run: [uTorrent] C:\Documents and Settings\Ivan\Pulpit\utorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\Ivan\Menu Start\Programy\Autostart\sysupd32.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4058441890-2229419618-3121738-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE File not found

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.199.83.2 213.199.225.14 82.160.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-05-27 02:30:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] – “%1” %* File not found

O35 - exefile [open] – “%1” %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-17 18:44:51 | 00,529,408 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Ivan\Pulpit\OTL.exe

[2009-11-17 18:26:43 | 00,000,000 | —D | C] – C:_OTL

[2009-11-16 23:54:45 | 00,000,000 | —D | C] – C:\Program Files\Deluxe Ski Jump 3

[2009-11-16 23:50:27 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Moje dokumenty\Deluxe Ski Jump 3

[2009-11-14 01:12:29 | 00,000,000 | RH-D | C] – C:\Documents and Settings\Ivan\Recent

[2009-11-11 16:49:27 | 00,000,000 | —D | C] – C:\Program Files\Spybot - Search & Destroy

[2009-11-11 16:49:27 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

[2009-11-11 16:33:34 | 16,409,960 | ---- | C] (Safer Networking Limited ) – C:\Documents and Settings\Ivan\Pulpit\spybotsd162.exe

[2009-11-10 15:36:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Pulpit\blobby(dobreprogramy.pl)

[2009-11-09 19:08:04 | 02,036,576 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_40.dll

[2009-11-09 19:08:04 | 00,452,440 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_40.dll

[2009-11-09 19:08:03 | 04,379,984 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DX9_40.dll

[2009-11-09 19:08:02 | 00,514,384 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAudio2_3.dll

[2009-11-09 19:08:02 | 00,070,992 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAPOFX1_2.dll

[2009-11-09 19:08:01 | 00,235,856 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine3_3.dll

[2009-11-09 19:08:01 | 00,023,376 | ---- | C] (Microsoft Corporation) – C:\windows\System32\X3DAudio1_5.dll

[2009-11-09 19:08:00 | 00,509,448 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAudio2_2.dll

[2009-11-09 19:08:00 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine3_2.dll

[2009-11-09 19:08:00 | 00,068,616 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAPOFX1_1.dll

[2009-11-09 19:07:59 | 01,493,528 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_39.dll

[2009-11-09 19:07:59 | 00,467,984 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_39.dll

[2009-11-09 19:07:58 | 03,851,784 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DX9_39.dll

[2009-11-09 19:07:57 | 00,507,400 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAudio2_1.dll

[2009-11-09 19:07:57 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine3_1.dll

[2009-11-09 19:07:57 | 00,065,032 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAPOFX1_0.dll

[2009-11-09 19:07:56 | 01,491,992 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_38.dll

[2009-11-09 19:07:56 | 00,467,984 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_38.dll

[2009-11-09 19:07:56 | 00,025,608 | ---- | C] (Microsoft Corporation) – C:\windows\System32\X3DAudio1_4.dll

[2009-11-09 19:07:55 | 03,850,760 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DX9_38.dll

[2009-11-09 19:07:54 | 00,479,752 | ---- | C] (Microsoft Corporation) – C:\windows\System32\XAudio2_0.dll

[2009-11-09 19:07:53 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine3_0.dll

[2009-11-09 19:07:53 | 00,025,608 | ---- | C] (Microsoft Corporation) – C:\windows\System32\X3DAudio1_3.dll

[2009-11-09 19:07:52 | 01,420,824 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_37.dll

[2009-11-09 19:07:52 | 00,462,864 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_37.dll

[2009-11-09 19:07:51 | 03,786,760 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DX9_37.dll

[2009-11-09 19:07:51 | 00,267,272 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_10.dll

[2009-11-09 19:07:50 | 01,374,232 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_36.dll

[2009-11-09 19:07:50 | 00,444,776 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_36.dll

[2009-11-09 19:07:49 | 03,734,536 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_36.dll

[2009-11-09 19:07:48 | 00,267,112 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_9.dll

[2009-11-09 19:07:47 | 01,358,192 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_35.dll

[2009-11-09 19:07:47 | 00,444,776 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_35.dll

[2009-11-09 19:07:46 | 03,727,720 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_35.dll

[2009-11-09 19:07:46 | 00,266,088 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_8.dll

[2009-11-09 19:07:46 | 00,017,928 | ---- | C] (Microsoft Corporation) – C:\windows\System32\X3DAudio1_2.dll

[2009-11-09 19:07:45 | 01,124,720 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_34.dll

[2009-11-09 19:07:45 | 00,443,752 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_34.dll

[2009-11-09 19:07:44 | 03,497,832 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_34.dll

[2009-11-09 19:07:43 | 00,261,480 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_7.dll

[2009-11-09 19:07:43 | 00,081,768 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xinput1_3.dll

[2009-11-09 19:07:42 | 00,443,752 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx10_33.dll

[2009-11-09 19:07:41 | 01,123,696 | ---- | C] (Microsoft Corporation) – C:\windows\System32\D3DCompiler_33.dll

[2009-11-09 19:07:40 | 03,495,784 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_33.dll

[2009-11-09 19:07:39 | 00,255,848 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_6.dll

[2009-11-09 19:07:38 | 00,251,672 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_5.dll

[2009-11-09 19:07:36 | 00,237,848 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_4.dll

[2009-11-09 19:07:36 | 00,015,128 | ---- | C] (Microsoft Corporation) – C:\windows\System32\x3daudio1_1.dll

[2009-11-09 19:07:35 | 02,414,360 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_31.dll

[2009-11-09 19:07:34 | 00,236,824 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_3.dll

[2009-11-09 19:07:34 | 00,230,168 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_2.dll

[2009-11-09 19:07:34 | 00,062,744 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xinput1_2.dll

[2009-11-09 19:07:33 | 00,229,584 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_1.dll

[2009-11-09 19:07:33 | 00,062,672 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xinput1_1.dll

[2009-11-09 19:07:18 | 02,388,176 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_30.dll

[2009-11-09 19:07:17 | 00,230,096 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xactengine2_0.dll

[2009-11-09 19:07:17 | 00,014,032 | ---- | C] (Microsoft Corporation) – C:\windows\System32\x3daudio1_0.dll

[2009-11-09 19:07:16 | 02,332,368 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_29.dll

[2009-11-09 19:07:15 | 02,323,664 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_28.dll

[2009-11-09 19:07:15 | 00,061,136 | ---- | C] (Microsoft Corporation) – C:\windows\System32\xinput9_1_0.dll

[2009-11-09 19:07:14 | 02,319,568 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_27.dll

[2009-11-09 19:07:11 | 02,337,488 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_25.dll

[2009-11-09 19:07:09 | 02,222,800 | ---- | C] (Microsoft Corporation) – C:\windows\System32\d3dx9_24.dll

[2009-11-09 19:07:01 | 00,000,000 | —D | C] – C:\windows\Logs

[2009-11-06 14:47:34 | 00,000,000 | —D | C] – C:\Program Files\uTorrent

[2009-11-06 14:41:34 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Dane aplikacji\uTorrent

[2009-11-06 14:39:35 | 00,289,584 | ---- | C] (BitTorrent, Inc.) – C:\Documents and Settings\Ivan\Pulpit\utorrent.exe

[2009-11-06 00:21:22 | 00,000,000 | —D | C] – C:\Program Files\ReflexiveArcade

[2009-11-04 17:16:25 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\Ahead

[2009-10-27 23:54:51 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\Identities

[2009-10-26 17:51:46 | 00,000,000 | —D | C] – C:\Program Files\CueClub

[2009-10-25 19:17:50 | 00,000,000 | —D | C] – C:\Program Files\Frets on Fire

[2009-10-24 00:34:43 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Dane aplikacji\skypePM

[2009-10-24 00:24:25 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Dane aplikacji\Skype

[2009-10-22 12:23:11 | 00,000,000 | —D | C] – C:\Documents and Settings\Ivan\Dane aplikacji\GanymedeNet

[2009-10-22 12:20:05 | 00,000,000 | —D | C] – C:\Program Files\Ganymede

[2009-10-21 16:24:05 | 00,000,000 | —D | C] – C:\Program Files\Lavalys

[2009-10-18 23:21:30 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\karta

[2009-10-18 23:21:14 | 00,000,000 | —D | C] – C:\CodeOpen

========== Files - Modified Within 30 Days ==========

[2009-11-17 18:44:51 | 00,529,408 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Ivan\Pulpit\OTL.exe

[2009-11-17 18:43:13 | 00,000,001 | ---- | M] () – C:\Documents and Settings\Ivan\oashdihasidhasuidhiasdhiashdiuasdhasd

[2009-11-17 18:42:30 | 00,000,006 | -H-- | M] () – C:\windows\tasks\SA.DAT

[2009-11-17 18:42:18 | 00,002,048 | --S- | M] () – C:\windows\bootstat.dat

[2009-11-17 18:42:14 | 21,382,96320 | -HS- | M] () – C:\hiberfil.sys

[2009-11-17 18:41:26 | 03,407,872 | -H-- | M] () – C:\Documents and Settings\Ivan\NTUSER.DAT

[2009-11-17 18:41:26 | 00,000,188 | -HS- | M] () – C:\Documents and Settings\Ivan\ntuser.ini

[2009-11-17 17:51:40 | 00,027,756 | ---- | M] () – C:\windows\System32\photo_id.exe

[2009-11-17 17:51:36 | 00,000,008 | ---- | M] () – C:\Documents and Settings\Ivan\Dane aplikacji\zxcvbd.dat

[2009-11-17 17:49:47 | 00,000,056 | ---- | M] () – C:\windows\System32\drivers\etc\Hosts

[2009-11-16 20:46:02 | 00,031,232 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\boczniak.xls

[2009-11-16 20:45:56 | 00,304,128 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\Sprawozdaniebocznikowe.doc

[2009-11-16 19:07:54 | 00,031,915 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\poprawione sprawozdanie.rar

[2009-11-16 18:41:54 | 00,318,976 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\Sprawozdaniebocznikowe2.doc

[2009-11-16 12:17:26 | 07,103,236 | -H-- | M] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-11-15 23:42:12 | 00,000,972 | ---- | M] () – C:\windows\wincmd.ini

[2009-11-15 21:39:17 | 00,000,004 | ---- | M] () – C:\Documents and Settings\Ivan\Dane aplikacji\avdrn.dat

[2009-11-15 00:58:33 | 00,000,116 | ---- | M] () – C:\windows\NeroDigital.ini

[2009-11-13 12:22:03 | 00,022,016 | ---- | M] () – C:\Documents and Settings\Ivan\Moje dokumenty\buty.xls

[2009-11-12 18:18:21 | 00,015,360 | ---- | M] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-11 18:52:08 | 00,122,368 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\Stanowisko nr9.doc

[2009-11-11 18:39:58 | 00,047,104 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\Zeszyt1.xls

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\System32\wuaucpl.cpl.manifest

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\WindowsShell.Manifest

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\System32\sapi.cpl.manifest

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\System32\nwc.cpl.manifest

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\System32\ncpa.cpl.manifest

[2009-11-11 18:00:01 | 00,000,749 | RH-- | M] () – C:\windows\System32\cdplayer.exe.manifest

[2009-11-11 16:44:11 | 16,409,960 | ---- | M] (Safer Networking Limited ) – C:\Documents and Settings\Ivan\Pulpit\spybotsd162.exe

[2009-11-11 15:53:44 | 00,113,817 | RHS- | M] () – C:\pbudsara.exe

[2009-11-11 15:47:55 | 00,188,200 | ---- | M] () – C:\windows\System32\FNTCACHE.DAT

[2009-11-11 12:40:50 | 01,783,390 | ---- | M] () – C:\Documents and Settings\Ivan\Moje dokumenty\Seksualny_klucz_do_kobiecych_emocji.pdf

[2009-11-09 19:38:22 | 00,813,169 | ---- | M] () – C:\Documents and Settings\Ivan\Pulpit\blobby(dobreprogramy.pl).zip

[2009-11-09 19:05:56 | 00,114,778 | RHS- | M] () – C:\vk0w.exe

[2009-11-09 18:40:04 | 01,116,210 | ---- | M] () – C:\windows\System32\PerfStringBackup.INI

[2009-11-09 18:40:04 | 00,500,872 | ---- | M] () – C:\windows\System32\perfh015.dat

[2009-11-09 18:40:04 | 00,441,772 | ---- | M] () – C:\windows\System32\perfh009.dat

[2009-11-09 18:40:04 | 00,089,384 | ---- | M] () – C:\windows\System32\perfc015.dat

[2009-11-09 18:40:04 | 00,071,708 | ---- | M] () – C:\windows\System32\perfc009.dat

[2009-11-06 14:39:38 | 00,289,584 | ---- | M] (BitTorrent, Inc.) – C:\Documents and Settings\Ivan\Pulpit\utorrent.exe

[2009-11-05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) – C:\windows\System32\MRT.exe

[2009-10-24 00:34:43 | 00,000,032 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2009-10-20 00:53:41 | 03,091,968 | ---- | M] (Microsoft Corporation) – C:\windows\System32\mshtml.dll

[2009-10-20 00:53:41 | 03,091,968 | ---- | M] (Microsoft Corporation) – C:\windows\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2009-11-17 18:21:11 | 00,000,001 | ---- | C] () – C:\Documents and Settings\Ivan\oashdihasidhasuidhiasdhiashdiuasdhasd

[2009-11-17 17:51:40 | 00,027,756 | ---- | C] () – C:\windows\System32\photo_id.exe

[2009-11-17 17:51:35 | 00,000,008 | ---- | C] () – C:\Documents and Settings\Ivan\Dane aplikacji\zxcvbd.dat

[2009-11-16 19:08:03 | 00,122,368 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\Stanowisko nr9.doc

[2009-11-16 19:07:54 | 00,031,915 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\poprawione sprawozdanie.rar

[2009-11-16 18:41:54 | 00,318,976 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\Sprawozdaniebocznikowe2.doc

[2009-11-15 21:39:17 | 00,000,004 | ---- | C] () – C:\Documents and Settings\Ivan\Dane aplikacji\avdrn.dat

[2009-11-13 12:16:16 | 00,022,016 | ---- | C] () – C:\Documents and Settings\Ivan\Moje dokumenty\buty.xls

[2009-11-11 19:22:37 | 00,047,104 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\Zeszyt1.xls

[2009-11-11 19:22:37 | 00,031,232 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\boczniak.xls

[2009-11-11 19:22:32 | 00,304,128 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\Sprawozdaniebocznikowe.doc

[2009-11-11 17:43:39 | 00,113,817 | RHS- | C] () – C:\pbudsara.exe

[2009-11-09 19:38:22 | 00,813,169 | ---- | C] () – C:\Documents and Settings\Ivan\Pulpit\blobby(dobreprogramy.pl).zip

[2009-11-09 19:06:23 | 00,114,778 | RHS- | C] () – C:\vk0w.exe

[2009-10-24 00:34:43 | 00,000,032 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2009-10-05 11:48:51 | 00,000,116 | ---- | C] () – C:\windows\NeroDigital.ini

[2009-10-04 14:53:11 | 00,000,421 | ---- | C] () – C:\windows\ODBC.INI

[2009-09-16 23:03:08 | 00,015,360 | ---- | C] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-15 04:08:59 | 00,000,972 | ---- | C] () – C:\windows\wincmd.ini

[2009-09-15 04:05:44 | 00,164,352 | ---- | C] () – C:\windows\System32\unrar.dll

[2009-09-15 04:05:43 | 00,000,038 | ---- | C] () – C:\windows\avisplitter.ini

[2009-09-15 04:05:40 | 00,755,027 | ---- | C] () – C:\windows\System32\xvidcore.dll

[2009-09-15 04:05:40 | 00,159,839 | ---- | C] () – C:\windows\System32\xvidvfw.dll

[2009-09-15 04:05:39 | 03,596,288 | ---- | C] () – C:\windows\System32\qt-dx331.dll

[2009-09-15 04:05:38 | 00,007,680 | ---- | C] () – C:\windows\System32\ff_vfw.dll

[2009-09-15 04:05:38 | 00,000,547 | ---- | C] () – C:\windows\System32\ff_vfw.dll.manifest

[2009-09-15 00:14:39 | 07,103,236 | -H-- | C] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-15 00:14:39 | 00,038,304 | ---- | C] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-09-15 00:14:39 | 00,000,135 | ---- | C] () – C:\Documents and Settings\Ivan\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-09-15 00:14:39 | 00,000,062 | -HS- | C] () – C:\Documents and Settings\Ivan\Dane aplikacji\desktop.ini

[2009-05-27 06:56:27 | 00,000,061 | ---- | C] () – C:\windows\smscfg.ini

[2009-05-27 04:25:01 | 00,000,062 | -HS- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini

[2009-05-27 04:18:26 | 00,005,312 | ---- | C] () – C:\windows\System32\OEMINFO.INI

[2009-05-27 04:18:18 | 00,000,507 | ---- | C] () – C:\windows\win.ini

[2009-05-27 04:18:17 | 00,000,231 | ---- | C] () – C:\windows\system.ini

[2009-05-27 04:08:23 | 00,021,864 | ---- | C] () – C:\windows\AsAcpiSvrLang.ini

[2009-05-27 04:08:23 | 00,012,208 | ---- | C] () – C:\windows\AsTrayLang.ini

[2009-05-27 04:01:54 | 00,147,456 | ---- | C] () – C:\windows\System32\igfxCoIn_v4906.dll

[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () – C:\windows\Fonts\GlobalUserInterface.CompositeFont

[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () – C:\windows\Fonts\GlobalSansSerif.CompositeFont

[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () – C:\windows\Fonts\GlobalSerif.CompositeFont

[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () – C:\windows\Fonts\GlobalMonospace.CompositeFont

========== LOP Check ==========

[2009-10-09 08:31:21 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\G DATA

[2009-10-18 23:21:59 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\karta

[2009-10-28 18:20:54 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-10-03 16:12:06 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\TomTom

[2009-05-27 04:07:09 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Wireless LAN Card

[2009-10-22 12:23:13 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\GanymedeNet

[2009-10-06 16:51:56 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\My Games

[2009-09-15 04:01:26 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\Opera

[2009-10-03 16:11:38 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\TomTom

[2009-11-17 18:43:16 | 00,000,000 | —D | M] – C:\Documents and Settings\Ivan\Dane aplikacji\uTorrent

[2008-04-15 13:00:00 | 00,000,065 | RH-- | M] () – C:\windows\Tasks\desktop.ini

[2009-11-17 18:42:30 | 00,000,006 | -H-- | M] () – C:\windows\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >

krzysiekx · 17 Listopad 2009 18:53

Na przyszłość wklejaj logi na http://www.wklej.org

Temat powinien być w dziale Bezpieczeństwo i logi HijackThis

deFco247 · 17 Listopad 2009 19:00

Zastosuj Combofix, już podczas pobierania zmień mu nazwę na losową z rozszerzeniem .com

Pokaż log.

Podczas pobierania i skanowania Combofixem należy wyłączyć wszelkie antywirusy i firewalle.