Problem z Diskrun.exe i sn21c2.exe prosba o spr. loga

Taret · 5 Październik 2009 20:18

Witam

Problem polega na tym, że jak włączam komputer to wyskakuje sam pulpit. Widoczne jest okienko Windowsa

“Konfigurowanie ustawień spersonalizowanych dla C/WINDOWS/ Autostart” lub “snc21c2”. I nic się nie dzieje, muszę wejść w procesy

i wyłączyć sn21c2.exe aby przejść dalej. Kolejny problem, nie mogę wejść na dysk C przez podwójne kliknięcie.

Podczas wyłączania komputera procesy diskrun.exe i snx21c2 nie chcą się wyłączyć muszę z 5 razy kliknąć

na “zakończ teraz” aby komputer się wyłączył.

AVG Anty Virus nic mi nie wykrywa, Avast łapie Diskrun.exe za podejrzany i próbuje naprawić ale to nie pomaga, chwile po tym następuje komunikat o wirusie w pamięci operacyjnej. I tak w kółko.

Defragmentowałem, przywracałem, skanowałem, kasowałem różne programy i nadal nic.

O ! i kolejny problem AVG odmawia posłuszeństwa, nie chce się usunąć bo coś z rejestrem “mu nie pasuje”.

Proszę o pomoc

Tutaj zamieszczam log z hijack’a

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:48:54, on 2009-10-05

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\sn21c2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\sn21c2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Home\Pulpit\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [metupd.exe] C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe

O4 - HKLM\..\Policies\Explorer\Run: [snsrv] C:\WINDOWS\system32\snsrv.exe

O4 - HKLM\..\Policies\Explorer\Run: [Misrosoft SN update] C:\WINDOWS\sn21c2.exe

O4 - HKCU\..\Policies\Explorer\Run: [snsrv] C:\WINDOWS\system32\snsrv.exe

O4 - HKCU\..\Policies\Explorer\Run: [Misrosoft SN update] C:\WINDOWS\sn21c2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230653740490

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--

End of file - 8452 bytes

Od razu mówię, że nie mam pirata wcześniej już ktoś mi to wytykał

jessica · 5 Październik 2009 20:35

Daj raport z >MBAM

Potem log z og z OTL

jessi

Taret · 5 Październik 2009 21:35

MBAM , usunąłem to co się dało z infekcji.

Malwarebytes' Anti-Malware 1.41

Wersja bazy definicji: 2910

Windows 5.1.2600 Dodatek Service Pack 3


2009-10-05 23:21:37

mbam-log-2009-10-05 (23-21-37).txt


Typ skanowania: Pełne skanowanie (C:\|)

Przeskanowane obiekty: 164991

Upłynęło: 29 minute(s), 36 second(s)


Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 1

Zainfekowane klucze rejestru: 6

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 0

Zainfekowane pliki: 8


Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)


Zainfekowane moduły pamięci:

C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.


Zainfekowane klucze rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1w771v2k-un26-h1g8-x61r-bvc0kfriekpv} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{j2a14tt4-t01j-7506-3bcx-j5q1xde454ll} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{lo1m3d13-8c55-fj81-rgrv-pkqln4m7ai5c} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{p441qn04-e88l-yi22-763p-777267g0twcm} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully.


Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)


Zainfekowane pliki rejestru:

(Nie wykryto groźnych plików)


Zainfekowane foldery:

(Nie wykryto groźnych plików)


Zainfekowane pliki:

C:\WINDOWS\sn21c2.exe (Generic.Bot.H) -> Delete on reboot.

C:\WINDOWS\system32\SB3Upd.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\ComboFix\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DC84673F-4C9C-47F7-98E4-0049DEC64490}\RP283\A0056901.sys (Worm.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Home\Ustawienia lokalne\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Home\Ustawienia lokalne\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Home\Dane aplikacji\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

OTL

OTL logfile created on: 2009-10-05 23:30:22 - Run 1

OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Home\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,34% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 107,61 Gb Free Space | 36,10% Space Free | Partition Type: NTFS

Drive D: | 7,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: HOME-34CDA90491

Current User Name: Home

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009-08-29 15:07:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009-08-29 15:07:21 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009-08-29 15:07:24 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-01-16 17:41:45 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008-06-13 15:50:30 | 16,871,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2004-04-13 06:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2005-12-10 16:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

PRC - [2009-10-03 10:32:21 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2007-07-18 18:55:20 | 00,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2007-03-12 14:49:26 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2008-12-07 23:08:50 | 00,204,800 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe

PRC - [2007-03-12 14:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2009-09-10 16:39:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])

SRV - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007-01-15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])

DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])

DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])

DRV - [2008-12-31 17:07:29 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])

DRV - [2009-08-29 15:07:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])

DRV - [2009-08-29 15:07:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])

DRV - [2008-12-07 16:05:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])

DRV - [2003-07-08 09:22:18 | 00,004,911 | R--- | M] () -- C:\WINDOWS\Cmudau.ini -- (cmudau [On_Demand | Stopped])

DRV - [2009-05-03 10:07:13 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])

DRV - [2009-09-02 22:08:00 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])

DRV - [2009-09-02 22:08:00 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

DRV - [2005-01-08 07:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008-06-13 18:11:16 | 04,754,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2008-12-31 13:36:16 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])

DRV - [2004-08-13 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-10-07 07:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-08-07 11:40:38 | 00,098,944 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2009-05-03 09:41:17 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2007-07-11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

DRV - [2007-07-11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])

DRV - [2007-07-11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Free_Lunch_Design Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://google.pl"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.3.0.4

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-01-16 17:41:50 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-08-29 16:58:38 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009-10-03 20:34:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-14 18:49:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-15 06:59:26 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-11 07:21:10 | 00,000,000 | ---D | M]


[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions

[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-10-05 22:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions

[2006-08-14 19:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-09-21 17:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2008-12-02 12:34:50 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\conduit.xml

[2009-01-08 14:48:13 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\daemon-search.xml

[2009-07-05 18:58:58 | 00,001,330 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\wikipedia-en.xml

[2009-09-21 17:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-05-26 18:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2009-09-10 16:39:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-09-10 16:39:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-09-10 16:39:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-09-10 16:39:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003-05-15 11:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-01-16 17:41:48 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009-01-16 17:41:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2009-01-16 17:41:47 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-08-03 02:00:41 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-12-07 16:10:49 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009-01-14 22:36:01 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-01-14 22:36:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-01-14 22:36:01 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-01-14 22:36:01 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-01-14 22:36:01 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-01-14 22:36:01 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe File not found

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [metupd.exe] C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230653740490 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - File not found

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-30 17:25:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2009-09-07 16:35:36 | 00,000,037 | RHS- | M] () - C:\Autorun.inf -- [NTFS]

O32 - AutoRun File - [2009-06-25 16:12:52 | 01,307,912 | R--- | M] (Rocksteady) - D:\autorun.exe -- [UDF]

O32 - AutoRun File - [2009-05-23 23:12:16 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [UDF]

O33 - MountPoints2\{edd0d7d1-4e93-11de-ba10-001e8c7a3be8}\Shell\AutoRun\command - "" = G:\

O33 - MountPoints2\{edd0d7d1-4e93-11de-ba10-001e8c7a3be8}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[6 C:\WINDOWS\*.tmp files]

[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-10-05 22:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dane aplikacji\Malwarebytes

[2009-10-03 17:23:31 | 00,000,000 | ---D | C] -- C:\Program Files\Eidos

[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-10-05 23:30:01 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 22:48:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-10-05 22:48:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-10-05 22:46:56 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:13:10 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:13:10 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-10-05 22:11:34 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:11:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009-10-05 22:10:38 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-10-05 21:41:22 | 00,405,504 | RHS- | C] (Microsoft Corporation) -- C:\Diskrun.exe

[2009-10-04 20:30:30 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-10-04 20:30:29 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-10-04 20:30:29 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-10-04 20:30:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-10-04 20:30:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-10-04 20:30:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-10-04 20:30:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-10-04 20:30:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-10-04 20:30:12 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-10-04 16:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\Nowy folder (3)

[2009-10-04 13:54:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\integral

[2009-10-03 17:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Moje dokumenty\Eidos

[2009-09-10 16:40:55 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[1 C:\WINDOWS\System32\*.tmp files]

[6 C:\WINDOWS\*.tmp files]

[2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 23:25:40 | 00,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 23:24:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-10-05 23:24:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-10-05 23:22:17 | 05,327,646 | -H-- | M] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-10-05 22:53:19 | 01,023,887 | -H-- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

[2009-10-05 22:48:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:47:40 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:12:34 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:10:35 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:09:29 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-05 16:08:05 | 42,285,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009-10-04 20:30:30 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:26 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-10-04 20:29:32 | 38,898,248 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-10-02 19:16:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009-10-02 19:16:11 | 00,004,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009-09-27 10:27:53 | 00,000,031 | ---- | M] () -- C:\WINDOWS\progress

[2009-09-27 00:46:55 | 09,035,892 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-09-25 17:25:05 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Nazywam się Krzysztof Siedlecki.doc

[2009-09-15 12:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-09-15 12:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-09-15 12:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-09-12 21:16:25 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-10 17:32:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-09-07 16:35:36 | 00,000,037 | RHS- | M] () -- C:\Autorun.inf

[2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\Diskrun.exe


[color=#E56717]========== Files - No Company Name ==========[/color]

[2009-10-05 23:25:33 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 22:48:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:08:25 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-04 20:30:30 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009-10-04 20:16:50 | 38,898,248 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-09-27 00:44:35 | 09,035,892 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-09-07 16:35:36 | 00,000,037 | RHS- | C] () -- C:\Autorun.inf

[2009-09-06 11:52:56 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Nazywam się Krzysztof Siedlecki.doc

[2009-08-07 00:05:41 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-07-14 17:15:00 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-05-18 20:54:39 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-05-18 20:37:37 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\PnkBstrK.sys

[2009-05-03 10:07:13 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2009-04-10 22:10:46 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009-02-26 00:26:40 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-02-25 17:28:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-02-03 20:46:08 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-01-17 18:16:43 | 05,327,646 | -H-- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-01-07 21:12:04 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-01-04 01:07:05 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2009-01-04 01:07:05 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-04 01:07:04 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-04 01:07:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-04 01:07:02 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-01-02 00:03:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-02 00:03:56 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-31 13:53:11 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll

[2008-12-31 13:53:02 | 00,004,911 | R--- | C] () -- C:\WINDOWS\Cmudau.ini

[2008-12-31 13:36:16 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-31 13:36:16 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-30 18:19:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini

[2008-12-30 17:47:34 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008-12-30 17:47:31 | 00,009,034 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008-12-30 17:47:21 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-12-30 17:30:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\desktop.ini

[2008-10-07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-10-07 07:33:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-10-07 07:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-10-07 07:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-10-07 07:33:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-10-07 07:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-06-05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2006-03-02 14:00:00 | 00,000,516 | ---- | C] () -- C:\WINDOWS\win.ini

[2006-03-02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2005-04-08 04:16:43 | 01,023,887 | -H-- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

< End of report >

jessica · 5 Październik 2009 22:57

Sprawdź go na --> JOTTI/

albo na VIRUSTOTAL.

albo na VIRSCAN

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


:Files

C:\Autorun.inf 

D:\Autorun.inf 

C:\Diskrun.exe


:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Internet Connection Wizard Setup Tool"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]



:Commands

[emptytemp]

[start explorer]

[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

jessi

Taret · 6 Październik 2009 11:45

JOTTI

Rozmiar pliku: 204800 bajtów

Typ pliku: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: 4d27b0280b95499db09f9ba7e30443b7

SHA1: 26e7d883e2494cd41ee4684a6c0a6b08e46e8509

A-squared 2009-10-06 Riskware.Win32.VBInject!IK

AntiVir 2009-10-06 TR/Dropper.Gen

Bitdefender 2009-10-06 Gen:Trojan.Heur.mq0@v1DcE2aGx

G data 2009-10-06 Gen:Trojan.Heur.mq0@v1DcE2aGx

IKARUS 2009-10-06 VirTool.Win32.VBInject

Reszta nic nie wykryła.

OTL

po fixie taki log wyskoczył

All processes killed

========== OTL ==========

Process explorer.exe killed successfully!

File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.

File EY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] not found.

File KEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] not found.

File KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] not found.

File ptytemp] not found.

File art explorer] not found.

File boot] not found.


OTL by OldTimer - Version 3.0.18.4 log created on 10062009_134654


Files\Folders moved on Reboot...


Registry entries deleted on Reboot...

a tu świeży skan z OTL

OTL logfile created on: 2009-10-06 13:52:18 - Run 2

OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Home\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,52% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 107,65 Gb Free Space | 36,12% Space Free | Partition Type: NTFS

Drive D: | 7,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: HOME-34CDA90491

Current User Name: Home

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008-04-14 19:21:32 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

PRC - [2009-09-10 16:39:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2009-08-29 15:07:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009-08-29 15:07:21 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009-08-29 15:07:24 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\sn21c2.exe

PRC - [2009-01-16 17:41:45 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008-06-13 15:50:30 | 16,871,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2004-04-13 06:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2005-12-10 16:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

PRC - [2009-10-03 10:32:21 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\sn21c2.exe

PRC - [2007-07-18 18:55:20 | 00,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2007-03-12 14:49:26 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2007-03-12 14:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2008-12-07 23:08:50 | 00,204,800 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe

PRC - [2009-09-10 16:39:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])

SRV - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007-01-15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])

DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])

DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])

DRV - [2008-12-31 17:07:29 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])

DRV - [2009-08-29 15:07:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])

DRV - [2009-08-29 15:07:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])

DRV - [2008-12-07 16:05:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])

DRV - [2003-07-08 09:22:18 | 00,004,911 | R--- | M] () -- C:\WINDOWS\Cmudau.ini -- (cmudau [On_Demand | Stopped])

DRV - [2009-05-03 10:07:13 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])

DRV - [2009-09-02 22:08:00 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])

DRV - [2009-09-02 22:08:00 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

DRV - [2005-01-08 07:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008-06-13 18:11:16 | 04,754,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2008-12-31 13:36:16 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])

DRV - [2004-08-13 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-10-07 07:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-08-07 11:40:38 | 00,098,944 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2009-05-03 09:41:17 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2007-07-11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

DRV - [2007-07-11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])

DRV - [2007-07-11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Free_Lunch_Design Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://google.pl"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.3.0.4

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-01-16 17:41:50 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-08-29 16:58:38 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009-10-03 20:34:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-14 18:49:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-15 06:59:26 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-11 07:21:10 | 00,000,000 | ---D | M]


[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions

[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-10-05 22:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions

[2006-08-14 19:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-09-21 17:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2008-12-02 12:34:50 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\conduit.xml

[2009-01-08 14:48:13 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\daemon-search.xml

[2009-07-05 18:58:58 | 00,001,330 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\wikipedia-en.xml

[2009-09-21 17:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-05-26 18:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2009-09-10 16:39:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-09-10 16:39:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-09-10 16:39:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-09-10 16:39:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003-05-15 11:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-01-16 17:41:48 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009-01-16 17:41:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2009-01-16 17:41:47 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-08-03 02:00:41 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-12-07 16:10:49 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009-01-14 22:36:01 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-01-14 22:36:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-01-14 22:36:01 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-01-14 22:36:01 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-01-14 22:36:01 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-01-14 22:36:01 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe File not found

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [metupd.exe] C:\Documents and Settings\Home\Dane aplikacji\Microsoft\metupd.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230653740490 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - File not found

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-30 17:25:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2009-09-07 16:35:36 | 00,000,037 | RHS- | M] () - C:\Autorun.inf -- [NTFS]

O32 - AutoRun File - [2009-06-25 16:12:52 | 01,307,912 | R--- | M] (Rocksteady) - D:\autorun.exe -- [UDF]

O32 - AutoRun File - [2009-05-23 23:12:16 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [UDF]

O33 - MountPoints2\{edd0d7d1-4e93-11de-ba10-001e8c7a3be8}\Shell\AutoRun\command - "" = G:\

O33 - MountPoints2\{edd0d7d1-4e93-11de-ba10-001e8c7a3be8}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[6 C:\WINDOWS\*.tmp files]

[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-10-05 22:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dane aplikacji\Malwarebytes

[2009-10-03 17:23:31 | 00,000,000 | ---D | C] -- C:\Program Files\Eidos

[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-10-06 13:46:54 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-10-06 13:37:37 | 00,405,504 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\sn21c2.exe

[2009-10-05 23:30:01 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 22:48:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-10-05 22:48:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-10-05 22:46:56 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:13:10 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:13:10 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-10-05 22:11:34 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:11:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009-10-05 22:10:38 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-10-05 21:41:22 | 00,405,504 | RHS- | C] (Microsoft Corporation) -- C:\Diskrun.exe

[2009-10-04 20:30:30 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-10-04 20:30:29 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-10-04 20:30:29 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-10-04 20:30:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-10-04 20:30:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-10-04 20:30:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-10-04 20:30:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-10-04 20:30:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-10-04 20:30:12 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-10-04 16:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\Nowy folder (3)

[2009-10-04 13:54:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\integral

[2009-10-03 17:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Moje dokumenty\Eidos

[2009-09-10 16:40:55 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[1 C:\WINDOWS\System32\*.tmp files]

[6 C:\WINDOWS\*.tmp files]

[2009-10-06 13:52:14 | 01,030,077 | -H-- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

[2009-10-06 13:50:15 | 00,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-10-06 13:49:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-10-06 13:48:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-10-06 13:37:57 | 03,001,023 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Skillet - hero.mp3

[2009-10-06 13:31:28 | 42,354,011 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009-10-06 13:31:28 | 00,005,991 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009-10-06 07:17:05 | 06,913,634 | -H-- | M] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-10-06 06:10:45 | 02,850,512 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Skillet - monster.mp3

[2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 22:48:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:47:40 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:12:34 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:10:35 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:09:29 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-04 20:30:30 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:26 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-10-04 20:29:32 | 38,898,248 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-10-02 19:16:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009-09-27 10:27:53 | 00,000,031 | ---- | M] () -- C:\WINDOWS\progress

[2009-09-27 00:46:55 | 09,035,892 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-09-25 17:25:05 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Nazywam się Krzysztof Siedlecki.doc

[2009-09-15 12:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-09-15 12:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-09-15 12:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-09-12 21:16:25 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-10 17:32:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-09-07 16:35:36 | 00,000,037 | RHS- | M] () -- C:\Autorun.inf

[2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\sn21c2.exe

[2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\Diskrun.exe


[color=#E56717]========== Files - No Company Name ==========[/color]

[2009-10-06 07:13:22 | 02,850,512 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Skillet - monster.mp3

[2009-10-06 07:13:17 | 03,001,023 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Skillet - hero.mp3

[2009-10-05 23:25:33 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 22:48:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:08:25 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-04 20:30:30 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009-10-04 20:16:50 | 38,898,248 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-09-27 00:44:35 | 09,035,892 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-09-07 16:35:36 | 00,000,037 | RHS- | C] () -- C:\Autorun.inf

[2009-08-07 00:05:41 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-07-14 17:15:00 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-05-18 20:54:39 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-05-18 20:37:37 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\PnkBstrK.sys

[2009-05-03 10:07:13 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2009-04-10 22:10:46 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009-02-26 00:26:40 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-02-25 17:28:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-02-03 20:46:08 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-01-17 18:16:43 | 06,913,634 | -H-- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-01-07 21:12:04 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-01-04 01:07:05 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2009-01-04 01:07:05 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-04 01:07:04 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-04 01:07:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-04 01:07:02 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-01-02 00:03:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-02 00:03:56 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-31 13:53:11 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll

[2008-12-31 13:53:02 | 00,004,911 | R--- | C] () -- C:\WINDOWS\Cmudau.ini

[2008-12-31 13:36:16 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-31 13:36:16 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-30 18:19:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini

[2008-12-30 17:47:34 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008-12-30 17:47:31 | 00,009,034 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008-12-30 17:47:21 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-12-30 17:30:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\desktop.ini

[2008-10-07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-10-07 07:33:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-10-07 07:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-10-07 07:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-10-07 07:33:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-10-07 07:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-06-05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2006-03-02 14:00:00 | 00,000,516 | ---- | C] () -- C:\WINDOWS\win.ini

[2006-03-02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2005-04-08 04:16:43 | 01,030,077 | -H-- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

< End of report >

Nadal jest ten sam problem.

Co mam z tym zrobić ? pls help

jessica · 10 Październik 2009 10:12

Usuwanie się nie udało, bo gdzieś po drodze mój Script usuwający został zniekształcony.

Od nowa:

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL PRC - [2009-09-07 16:35:34 | 00,405,504 | RHS- | M] (Microsoft Corporation) – C:\WINDOWS\sn21c2.exe :Files C:\Autorun.inf d:\Autorun.inf C:\WINDOWS\sn21c2.exe C:\Diskrun.exe :Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “metupd.exe”=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Internet Connection Wizard Setup Tool”=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{32099AAC-C132-4136-9E9A-4E364A424E17}”=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

jessi

Taret · 11 Październik 2009 08:38

Po run fixie

All processes killed

========== OTL ==========

No active process named sn21c2.exe was found!

========== FILES ==========

C:\Autorun.inf moved successfully.

File move failed. d:\autorun.inf scheduled to be moved on reboot.

C:\WINDOWS\sn21c2.exe moved successfully.

C:\Diskrun.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\metupd.exe deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Connection Wizard Setup Tool deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa\ deleted successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Home

->Temp folder emptied: 391061311 bytes

File delete failed. C:\Documents and Settings\Home\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 474374071 bytes

->FireFox cache emptied: 49375936 bytes


User: LocalService

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Cookies\index.dat scheduled to be deleted on reboot.

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 247144 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes


%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 2148726 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_57c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 236819846 bytes

RecycleBin emptied: 0 bytes


Total Files Cleaned = 1100,69 mb



OTL by OldTimer - Version 3.0.18.4 log created on 10112009_102337


Files\Folders moved on Reboot...

File move failed. d:\autorun.inf scheduled to be moved on reboot.

File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!

File move failed. C:\WINDOWS\temp\Perflib_Perfdata_57c.dat scheduled to be moved on reboot.


Registry entries deleted on Reboot...

Po skanie

OTL logfile created on: 2009-10-11 10:29:31 - Run 3

OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Home\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,51% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 107,11 Gb Free Space | 35,93% Space Free | Partition Type: NTFS

Drive D: | 7,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: HOME-34CDA90491

Current User Name: Home

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-01-16 17:41:45 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008-06-13 15:50:30 | 16,871,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2004-04-13 06:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2005-12-10 16:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe

PRC - [2009-10-03 10:32:21 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2007-07-18 18:55:20 | 00,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2007-03-12 14:49:26 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009-09-10 16:39:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2009-08-29 15:07:24 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009-08-29 15:07:21 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009-08-29 15:07:24 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2007-03-12 14:49:46 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2009-08-29 15:07:17 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

SRV - [2009-08-29 15:07:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])

SRV - [2007-07-25 16:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007-01-15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-03-12 14:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2008-10-07 07:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2009-05-18 17:04:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])

DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])

DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])

DRV - [2008-12-31 17:07:29 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])

DRV - [2009-08-29 15:07:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])

DRV - [2009-08-29 15:07:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])

DRV - [2008-12-07 16:05:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])

DRV - [2003-07-08 09:22:18 | 00,004,911 | R--- | M] () -- C:\WINDOWS\Cmudau.ini -- (cmudau [On_Demand | Stopped])

DRV - [2009-05-03 10:07:13 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])

DRV - [2009-09-02 22:08:00 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])

DRV - [2009-09-02 22:08:00 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

DRV - [2005-01-08 07:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008-06-13 18:11:16 | 04,754,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2008-12-31 13:36:16 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])

DRV - [2004-08-13 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-10-07 07:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-08-07 11:40:38 | 00,098,944 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2009-05-03 09:41:17 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2007-07-11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

DRV - [2007-07-11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])

DRV - [2007-07-11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Free_Lunch_Design Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://google.pl"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.3.0.4

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-01-16 17:41:50 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-08-29 16:58:38 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009-10-03 20:34:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-14 18:49:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-15 06:59:26 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-11 07:21:10 | 00,000,000 | ---D | M]


[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions

[2009-01-14 22:36:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-10-10 23:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions

[2006-08-14 19:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-09-21 17:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dane aplikacji\mozilla\Firefox\Profiles\dizce0he.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2008-12-02 12:34:50 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\conduit.xml

[2009-01-08 14:48:13 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\daemon-search.xml

[2009-07-05 18:58:58 | 00,001,330 | ---- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\Mozilla\FireFox\Profiles\dizce0he.default\searchplugins\wikipedia-en.xml

[2009-09-21 17:35:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-05-26 18:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}

[2009-09-10 16:39:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-09-10 16:39:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-09-10 16:39:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-09-10 16:39:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003-05-15 11:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-01-16 17:41:48 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009-01-16 17:41:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2009-01-16 17:41:47 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-08-03 02:00:41 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-12-07 16:10:49 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009-01-14 22:36:01 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-01-14 22:36:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-01-14 22:36:01 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-01-14 22:36:01 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-01-14 22:36:01 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-01-14 22:36:01 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230653740490 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-30 17:25:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2009-06-25 16:12:52 | 01,307,912 | R--- | M] (Rocksteady) - D:\autorun.exe -- [UDF]

O32 - AutoRun File - [2009-05-23 23:12:16 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [UDF]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-10-05 22:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dane aplikacji\Malwarebytes

[2009-10-03 17:23:31 | 00,000,000 | ---D | C] -- C:\Program Files\Eidos

[2009-10-05 22:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-10-06 13:46:54 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-10-05 23:30:01 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 22:48:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-10-05 22:48:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-10-05 22:46:56 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:13:10 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:13:10 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-10-05 22:11:34 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:11:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009-10-05 22:10:38 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-10-04 20:30:30 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-10-04 20:30:29 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-10-04 20:30:29 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-10-04 20:30:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-10-04 20:30:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-10-04 20:30:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-10-04 20:30:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-10-04 20:30:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-10-04 20:30:12 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-10-04 16:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\Nowy folder (3)

[2009-10-04 13:54:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Pulpit\integral

[2009-10-03 17:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Moje dokumenty\Eidos


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2009-10-11 10:27:46 | 00,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-10-11 10:27:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-10-11 10:27:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-10-11 10:26:24 | 06,911,332 | -H-- | M] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-10-11 10:21:52 | 42,619,516 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009-10-10 12:12:54 | 03,393,905 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Skillet - Awake And Alive.mp3

[2009-10-10 10:56:41 | 00,019,248 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Risen [PL].torrent

[2009-10-10 10:52:58 | 00,023,211 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009-10-09 23:24:13 | 01,258,401 | -H-- | M] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

[2009-10-07 07:09:58 | 05,081,997 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\limp bizkit - take a look around.mp3

[2009-10-07 07:03:36 | 03,690,611 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Skillet - Believe.mp3

[2009-10-05 23:30:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Pulpit\OTL.exe

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-10-05 23:25:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 22:48:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:47:40 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Home\Pulpit\mbam-setup.exe

[2009-10-05 22:12:34 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11329.exe

[2009-10-05 22:10:35 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF10221.exe

[2009-10-05 22:09:29 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-04 20:30:30 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:26 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-10-04 20:29:32 | 38,898,248 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-10-02 19:16:11 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009-09-27 10:27:53 | 00,000,031 | ---- | M] () -- C:\WINDOWS\progress

[2009-09-27 00:46:55 | 09,035,892 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-09-25 17:25:05 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Home\Pulpit\Nazywam się Krzysztof Siedlecki.doc

[2009-09-15 12:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009-09-15 12:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009-09-15 12:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009-09-12 21:16:25 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini


[color=#E56717]========== Files - No Company Name ==========[/color]

[2009-10-10 10:56:43 | 00,019,248 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Risen [PL].torrent

[2009-10-09 07:04:42 | 03,393,905 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Skillet - Awake And Alive.mp3

[2009-10-07 07:05:49 | 05,081,997 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\limp bizkit - take a look around.mp3

[2009-10-07 07:00:29 | 03,690,611 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\Skillet - Believe.mp3

[2009-10-05 23:25:33 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak

[2009-10-05 22:48:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-10-05 22:08:25 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Home\Pulpit\ComboFix.exe

[2009-10-04 20:30:30 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2009-10-04 20:30:12 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009-10-04 20:16:50 | 38,898,248 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\setuppol.exe

[2009-10-03 17:35:18 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Zagraj w Batman Arkham Asylum .lnk

[2009-09-27 00:44:35 | 09,035,892 | ---- | C] () -- C:\Documents and Settings\Home\Pulpit\The_Witcher-Wiedzmin-Poradnik.pdf

[2009-08-07 00:05:41 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-07-14 17:15:00 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009-05-18 20:54:39 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-05-18 20:37:37 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-05-18 17:05:08 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\PnkBstrK.sys

[2009-05-03 10:07:13 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2009-04-10 22:10:46 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009-02-26 00:26:40 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-02-25 17:28:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-02-03 20:46:08 | 00,016,640 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-01-17 18:16:43 | 06,911,332 | -H-- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-01-07 21:12:04 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-01-04 01:07:05 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2009-01-04 01:07:05 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-04 01:07:04 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-04 01:07:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-04 01:07:02 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-01-02 00:03:58 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-02 00:03:56 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-31 13:53:11 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll

[2008-12-31 13:53:02 | 00,004,911 | R--- | C] () -- C:\WINDOWS\Cmudau.ini

[2008-12-31 13:36:16 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-31 13:36:16 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-30 18:19:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini

[2008-12-30 17:47:34 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008-12-30 17:47:31 | 00,009,034 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008-12-30 17:47:21 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-12-30 17:30:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\desktop.ini

[2008-10-07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-10-07 07:33:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-10-07 07:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-10-07 07:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-10-07 07:33:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-10-07 07:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-06-05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2006-03-02 14:00:00 | 00,000,516 | ---- | C] () -- C:\WINDOWS\win.ini

[2006-03-02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2005-04-08 04:16:43 | 01,258,401 | -H-- | C] () -- C:\Documents and Settings\Home\Dane aplikacji\logs.dat

< End of report >

jessica · 11 Październik 2009 09:21

Ten log jest już czysty.

Teraz w OTL kliknij na przycisk “CleanUp”.

Usuń ręcznie C:/ Qoobox

Usuń kopie szkodników z folderu “System Volume Information” poprzez chwilowe wyłączenie “Przywracania Systemu”:

jessi

Kaka2 · 11 Październik 2009 09:50

Taret ,

Proszę dostosować swoje logi do panujących tutaj zasad: zasady-wklejania-logow-forum-t253052.html