Proszę o sprawdzenie loga

Redd · 9 Lipiec 2009 14:21

Witam. Przed chwilą Avast wykrył mi rootkita q1alx.exe. Poczytałem kilka wątków tu na forum i własnoręcznie spróbowałem go usunąć. Plików exe na dyskach aktualnie mi nie znajduje, ale boję się, że może jednak coś zostało. Bardzo proszę więc o sprawdzenie loga z Hijack i OTL.

Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:35, on 2009-07-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\iolo\common\lib\ioloServiceManager.exe

D:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\SOUNDMAN.EXE

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://galleries.payserve.com/1/30476/12276/index.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Kamil\USTAWI~1\Temp\olhrwef.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{494CA0F9-F304-4E78-9A93-F2D09FEDBA73}: NameServer = 194.204.159.1,194.204.159.32

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe


--

End of file - 7789 bytes

OTL:

OTL logfile created on: 2009-07-09 16:18:58 - Run 4

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Kamil\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,75 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 68,37% Memory free

3,60 Gb Paging File | 3,08 Gb Available in Paging File | 85,55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 9,77 Gb Total Space | 3,25 Gb Free Space | 33,26% Space Free | Partition Type: NTFS

Drive D: | 12,06 Gb Total Space | 6,32 Gb Free Space | 52,41% Space Free | Partition Type: NTFS

Drive E: | 127,22 Gb Total Space | 24,60 Gb Free Space | 19,34% Space Free | Partition Type: NTFS

Drive F: | 3,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 465,75 Gb Total Space | 16,80 Gb Free Space | 3,61% Space Free | Partition Type: NTFS


Computer Name: RAZOR

Current User Name: Kamil

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2008-06-11 04:01:50 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2008-06-11 04:01:50 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

PRC - [2008-02-26 13:31:16 | 00,628,584 | ---- | M] () -- D:\Program Files\iolo\common\lib\ioloServiceManager.exe

PRC - [2008-12-22 01:40:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2005-08-08 14:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared files\RichVideo.exe

PRC - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2007-07-17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

PRC - [2008-06-18 12:01:56 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2009-02-05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2005-02-17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2008-12-22 01:40:43 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2007-03-11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

PRC - [2007-03-11 22:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2008-03-19 02:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

PRC - [2007-07-17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

PRC - [2008-03-19 02:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

PRC - [2008-03-19 02:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

PRC - [2007-03-11 22:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

PRC - [2009-06-12 22:19:13 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009-07-09 16:07:26 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamil\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2008-06-11 04:01:50 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007-06-04 23:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])

SRV - [2007-06-04 23:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])

SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])

SRV - [2008-02-26 13:31:16 | 00,628,584 | ---- | M] () -- D:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])

SRV - [2008-02-26 13:31:16 | 00,628,584 | ---- | M] () -- D:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloProductUpdate [Auto | Running])

SRV - [2008-02-26 13:31:16 | 00,628,584 | ---- | M] () -- D:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])

SRV - [2008-12-22 01:40:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2006-11-08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])

SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-08-03 13:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2006-11-08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])

SRV - [2005-08-08 14:54:00 | 00,167,936 | ---- | M] () -- D:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-02-05 23:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])

DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009-02-05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])

DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])

DRV - [2008-06-11 06:34:20 | 03,225,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])

DRV - [2009-01-03 04:22:21 | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])

DRV - [2009-05-17 09:29:02 | 00,024,944 | ---- | M] () -- C:\WINDOWS\System32\Drivers\GVTDrv.sys -- (GVTDrv [On_Demand | Stopped])

DRV - [2008-10-26 09:35:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007-03-07 07:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - [2007-03-07 07:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - [2007-03-07 07:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2008-07-03 11:03:14 | 04,745,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])

DRV - [2003-03-05 06:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])

DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])

DRV - [2008-06-18 05:23:38 | 03,692,288 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtHDMI.sys -- (RTHDMIAzAudService [On_Demand | Running])

DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2008-01-04 08:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2008-10-26 23:17:18 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2008-10-18 09:26:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2006-06-01 14:15:20 | 00,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\xnacc.sys -- (xnacc [On_Demand | Stopped])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/

IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\System32\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.66311

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.9.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-22 01:40:44 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009-06-12 22:19:19 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009-06-12 22:19:19 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2009-06-27 22:08:24 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins


[2008-10-17 23:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Extensions

[2008-10-17 23:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-07-09 01:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Firefox\Profiles\jec17fq4.default\extensions

[2009-07-09 01:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Firefox\Profiles\jec17fq4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009-04-18 00:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Firefox\Profiles\jec17fq4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009-07-06 16:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kamil\Dane aplikacji\mozilla\Firefox\Profiles\jec17fq4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009-07-09 01:30:18 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions

[2009-06-12 22:19:19 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008-10-18 13:02:17 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[2008-10-18 18:24:10 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008-12-22 01:40:52 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009-07-02 23:05:37 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

[2009-06-12 22:19:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-06-12 22:19:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008-12-22 01:40:43 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-06-12 22:19:17 | 00,065,528 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2008-10-14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2008-09-06 12:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009-01-02 03:13:56 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2008-09-06 12:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2007-03-10 01:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2008-10-19 20:35:50 | 00,000,896 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-10-19 20:35:50 | 00,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-10-19 20:35:50 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml

[2008-10-19 20:35:50 | 00,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2008-10-19 20:35:50 | 00,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-10-19 20:35:50 | 00,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2008-10-19 20:35:50 | 00,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\Kamil\USTAWI~1\Temp\olhrwef.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-01-04 20:33:40 | 00,007,036 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [NTFS]

O32 - AutoRun File - [2007-10-23 20:33:15 | 00,000,066 | R--- | M] () - F:\autorun.inf -- [CDFS]

O33 - MountPoints2\{8d91e95a-d71d-11dd-8b9b-00064f01de15}\Shell\AutoRun\command - "" = I:\q1alx.exe -- File not found

O33 - MountPoints2\{8d91e95a-d71d-11dd-8b9b-00064f01de15}\Shell\open\Command - "" = I:\q1alx.exe -- File not found

O33 - MountPoints2\{ea65f16c-6bdd-11de-aea9-001fd0a196c0}\Shell\AutoRun\command - "" = H:\q1alx.exe -- File not found

O33 - MountPoints2\{ea65f16c-6bdd-11de-aea9-001fd0a196c0}\Shell\open\Command - "" = H:\q1alx.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2009-07-09 16:07:22 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamil\Pulpit\OTL.exe

[2009-07-09 15:54:57 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-07-09 15:32:18 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\HijackThis.lnk

[2009-07-09 15:31:14 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kamil\Pulpit\HJTInstall.exe

[2009-07-09 05:53:25 | 00,031,384 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.pk

[2009-07-09 05:53:24 | 02,007,758 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.wav

[2009-07-09 05:49:20 | 04,300,462 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.mp3

[2009-07-08 12:09:11 | 20,391,710 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\deinferno.dem

[2009-07-08 12:08:48 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\opengl32.dll

[2009-07-07 11:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009-07-06 19:59:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Aspyr

[2009-07-06 19:59:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kamil\Moje dokumenty\Aspyr

[2009-07-06 19:59:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kamil\Dane aplikacji\SecuROM

[2009-07-06 19:49:17 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Play Guitar Hero III.lnk

[2009-07-06 17:01:09 | 00,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Creative Product Registration.lnk

[2009-07-06 17:01:06 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomct2.ocx

[2009-07-06 17:01:06 | 00,041,984 | ---- | C] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe

[2009-07-06 16:59:42 | 00,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\Updreg.EXE

[2009-07-06 16:59:31 | 00,084,992 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\SFCVRT32.DLL

[2009-07-06 16:59:31 | 00,053,552 | ---- | C] (Creative® Technology Ltd.) -- C:\WINDOWS\CTCCW.DLL

[2009-07-06 16:59:31 | 00,040,960 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AC3API.DLL

[2009-07-06 16:59:31 | 00,024,976 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\CTRES.DLL

[2009-07-06 16:59:31 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2009-07-06 16:59:30 | 00,082,432 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTWFLT32.DLL

[2009-07-06 16:59:30 | 00,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL

[2009-07-06 16:59:30 | 00,026,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CTL3D.DLL

[2009-07-06 16:59:29 | 01,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT

[2009-07-06 16:59:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults

[2009-07-06 16:59:06 | 00,172,032 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\sfms32.dll

[2009-07-06 16:59:06 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2009-07-06 16:59:06 | 00,036,864 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\sfman32.dll

[2009-07-06 16:59:06 | 00,024,576 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL

[2009-07-06 16:59:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009-07-06 16:59:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data

[2009-07-06 16:59:05 | 00,840,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys

[2009-07-06 16:59:05 | 00,136,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P17res.dll

[2009-07-06 16:59:05 | 00,130,192 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys

[2009-07-06 16:59:05 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2009-07-06 16:59:05 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2009-07-06 16:59:04 | 00,178,672 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys

[2009-07-06 16:59:04 | 00,177,488 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\CTOSS9X.SYS

[2009-07-06 16:59:04 | 00,131,072 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CtDvInst.dll

[2009-07-06 16:59:02 | 02,167,684 | ---- | C] () -- C:\WINDOWS\System32\ct2mgm.sf2

[2009-07-06 16:59:02 | 00,139,264 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\EAX.DLL

[2009-07-06 16:59:02 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll

[2009-07-06 16:59:02 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2009-07-06 16:59:02 | 00,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE

[2009-07-06 16:59:02 | 00,020,480 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\P17DEF.EXE

[2009-07-06 16:59:02 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT8.SFM

[2009-07-06 16:59:02 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT4.SFM

[2009-07-06 16:59:02 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT.SFM

[2009-07-06 16:58:59 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2

[2009-07-06 16:58:59 | 01,048,576 | ---- | C] () -- C:\WINDOWS\System32\CT1MGM.ROM

[2009-07-06 16:58:49 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2009-07-06 16:58:36 | 00,062,976 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTDetres.dll

[2009-07-06 16:58:36 | 00,017,350 | ---- | C] () -- C:\WINDOWS\System32\CTDetect.hlp

[2009-07-06 16:58:36 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\CTDetect.cnt

[2009-07-06 16:58:34 | 00,044,032 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSVCCDA.EXE

[2009-07-06 16:58:34 | 00,025,088 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSVCCTL.EXE

[2009-07-06 16:58:32 | 00,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTMEDENG.DLL

[2009-07-06 16:58:31 | 00,139,264 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Video.skn

[2009-07-06 16:58:31 | 00,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTMERes.DLL

[2009-07-06 16:57:02 | 00,176,128 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\USBAudio.cpl

[2009-07-06 16:57:02 | 00,135,168 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\USBAudio.crl

[2009-07-06 16:57:02 | 00,045,390 | ---- | C] () -- C:\WINDOWS\System32\usbaudio.chm

[2009-07-06 16:57:02 | 00,000,692 | ---- | C] () -- C:\WINDOWS\System32\USBAudio.cpl.manifest

[2009-07-06 16:56:22 | 00,015,840 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Pfmodnt.sys

[2009-07-06 16:56:22 | 00,000,000 | ---D | C] -- D:\Program Files\Creative

[2009-07-04 21:24:51 | 00,001,089 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\2 lista.hls

[2009-07-03 22:10:51 | 00,024,309 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\Crossing.Over.RERIP.LiMiTED.DVDRip.XviD-DoNE.2.001.bak

[2009-07-03 14:38:13 | 01,669,510 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\Mando Diao - Dance With Somebody.wav

[2009-07-02 23:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kamil\Moje dokumenty\My Received Files

[2009-07-02 23:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kamil\Moje dokumenty\BearShare

[2009-07-02 23:05:13 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx

[2009-07-02 23:05:10 | 00,000,000 | ---D | C] -- D:\Program Files\BearShare Applications

[2009-07-02 14:50:04 | 19,048,389 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\dust21.dem

[2009-07-02 14:49:45 | 03,976,051 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\0907011347-de_dust2.dem.bz2

[2009-07-02 14:49:37 | 03,572,640 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\0907011012-de_dust2.dem.bz2

[2009-07-02 14:05:08 | 01,718,414 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\Scarface Soundtrack - Push It to the Limit.wav

[2009-07-02 14:05:08 | 00,026,928 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\Scarface Soundtrack - Push It to the Limit.pk

[2009-07-01 17:04:42 | 00,050,939 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\672084214.jpeg

[2009-07-01 15:13:44 | 01,748,304 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\- Mickael Jackson - Billie Jean.wav

[2009-06-30 01:34:35 | 03,781,206 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\0906282224-de_kabul.dem.bz2

[2009-06-30 00:43:12 | 01,390,670 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\mcob1.wav

[2009-06-29 00:21:20 | 00,275,656 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\rapget141.rar

[2009-06-27 01:12:57 | 00,002,274 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\ok.hls

[2009-06-24 22:50:36 | 00,004,848 | ---- | C] () -- C:\Documents and Settings\Kamil\Moje dokumenty\hi all.pk

[2009-06-24 22:49:53 | 00,305,400 | ---- | C] () -- C:\Documents and Settings\Kamil\Moje dokumenty\hi all.wav

[2009-06-18 19:13:07 | 00,240,022 | ---- | C] () -- C:\Documents and Settings\Kamil\Moje dokumenty\witam all.wav

[2009-06-16 21:11:20 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk

[2009-06-13 20:51:12 | 04,223,980 | ---- | C] () -- C:\Documents and Settings\Kamil\Pulpit\lech_walesa.mp3

[2009-06-09 21:39:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2009-06-09 21:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kamil\Pulpit\Nuance.PDF.Converter.Professional.v5.0-AGAiN

[2009-06-09 20:31:31 | 00,527,360 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\stdvcl40.dll

[2009-06-09 20:31:28 | 00,000,000 | ---D | C] -- D:\Program Files\Neevia.Com

[2009-06-09 20:23:10 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\pdfdoc2.dll

[2009-06-09 20:23:04 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini

[2009-06-09 20:23:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\psconv

[2009-06-09 20:23:02 | 00,000,000 | ---D | C] -- D:\Program Files\psconvert

[2009-06-09 20:22:46 | 03,301,897 | ---- | C] ( ) -- C:\Documents and Settings\Kamil\Pulpit\psconvert_setup.exe

[2009-06-09 20:21:09 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll

[2009-06-09 20:20:33 | 03,376,393 | ---- | C] (PDF-Convert, Inc. ) -- C:\Documents and Settings\Kamil\Pulpit\doc2pdf2_setup.exe

[2009-01-10 18:34:41 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009-01-02 00:15:23 | 00,000,575 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008-11-13 13:13:21 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-11-12 21:33:34 | 00,000,066 | ---- | C] () -- C:\WINDOWS\pccuo.ini

[2008-10-29 00:56:48 | 00,000,157 | ---- | C] () -- C:\WINDOWS\CIV.INI

[2008-10-26 23:10:49 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-10-19 22:19:44 | 00,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008-10-19 22:19:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\~PLKSTP.ini

[2008-10-19 21:42:50 | 00,001,871 | ---- | C] () -- C:\WINDOWS\~~~runcd.ini

[2008-10-19 21:18:20 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008-10-19 21:18:15 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[2008-10-19 21:18:15 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2008-10-19 20:31:17 | 00,000,250 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI

[2008-10-18 09:26:37 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-10-18 08:53:31 | 00,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2008-10-17 23:45:58 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2008-10-17 23:44:13 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-10-17 23:44:13 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2008-10-17 23:44:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008-10-17 23:44:11 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008-10-17 23:44:11 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008-10-17 23:44:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008-10-17 23:44:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-10-17 23:43:39 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys

[2006-07-18 16:12:24 | 00,028,672 | ---- | C] () -- C:\WINDOWS\pccuo.dll

[2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2001-07-22 02:16:20 | 00,000,540 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 02:15:52 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2009-07-09 16:07:26 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamil\Pulpit\OTL.exe

[2009-07-09 16:02:21 | 01,074,588 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-07-09 16:02:21 | 00,484,634 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-07-09 16:02:21 | 00,427,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-07-09 16:02:21 | 00,082,010 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-07-09 16:02:21 | 00,066,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-07-09 15:58:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-07-09 15:57:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-07-09 15:32:18 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\HijackThis.lnk

[2009-07-09 15:31:44 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kamil\Pulpit\HJTInstall.exe

[2009-07-09 15:21:24 | 00,001,204 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-606747145-725345543-1004.job

[2009-07-09 05:53:25 | 00,031,384 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.pk

[2009-07-09 05:53:24 | 02,007,758 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.wav

[2009-07-09 05:51:16 | 00,000,540 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-07-09 05:51:16 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-07-09 05:50:01 | 04,300,462 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\David_Hasselhoff_-_Jump_In_My_Car.mp3

[2009-07-09 04:16:09 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-07-08 12:09:13 | 20,391,710 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\deinferno.dem

[2009-07-08 12:08:12 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\opengl32.dll

[2009-07-06 23:54:22 | 00,190,464 | ---- | M] () -- C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-07-06 19:49:17 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Play Guitar Hero III.lnk

[2009-07-06 17:01:09 | 00,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Creative Product Registration.lnk

[2009-07-06 16:58:49 | 00,000,072 | ---- | M] () -- C:\WINDOWS\SBWIN.INI

[2009-07-06 16:36:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-07-06 01:15:33 | 00,001,089 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\2 lista.hls

[2009-07-05 09:40:31 | 05,300,050 | -H-- | M] () -- C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-07-04 00:19:11 | 00,002,274 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\ok.hls

[2009-07-03 14:45:56 | 01,669,510 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\Mando Diao - Dance With Somebody.wav

[2009-07-02 14:50:06 | 19,048,389 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\dust21.dem

[2009-07-02 14:49:57 | 03,976,051 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\0907011347-de_dust2.dem.bz2

[2009-07-02 14:49:48 | 03,572,640 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\0907011012-de_dust2.dem.bz2

[2009-07-02 14:05:08 | 01,718,414 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\Scarface Soundtrack - Push It to the Limit.wav

[2009-07-02 14:05:08 | 00,026,928 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\Scarface Soundtrack - Push It to the Limit.pk

[2009-07-01 17:04:43 | 00,050,939 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\672084214.jpeg

[2009-07-01 15:13:44 | 01,748,304 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\- Mickael Jackson - Billie Jean.wav

[2009-06-30 01:34:46 | 03,781,206 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\0906282224-de_kabul.dem.bz2

[2009-06-30 00:43:12 | 01,390,670 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\mcob1.wav

[2009-06-29 00:21:20 | 00,275,656 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\rapget141.rar

[2009-06-24 22:50:45 | 00,305,400 | ---- | M] () -- C:\Documents and Settings\Kamil\Moje dokumenty\hi all.wav

[2009-06-24 22:50:45 | 00,004,848 | ---- | M] () -- C:\Documents and Settings\Kamil\Moje dokumenty\hi all.pk

[2009-06-22 14:25:50 | 00,001,358 | ---- | M] () -- C:\Documents and Settings\Kamil\Moje dokumenty\OKI.hls

[2009-06-18 19:13:35 | 00,240,022 | ---- | M] () -- C:\Documents and Settings\Kamil\Moje dokumenty\witam all.wav

[2009-06-16 21:11:20 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk

[2009-06-13 20:51:19 | 04,223,980 | ---- | M] () -- C:\Documents and Settings\Kamil\Pulpit\lech_walesa.mp3

[2009-06-10 07:58:28 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\pdfdoc2.dll

[2009-06-09 21:39:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-06-09 20:23:04 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\psconv.ini

[2009-06-09 20:22:57 | 03,301,897 | ---- | M] ( ) -- C:\Documents and Settings\Kamil\Pulpit\psconvert_setup.exe

[2009-06-09 20:20:45 | 03,376,393 | ---- | M] (PDF-Convert, Inc. ) -- C:\Documents and Settings\Kamil\Pulpit\doc2pdf2_setup.exe

< End of report >

Z góry dziękuję. Pozdrawiam!

Borys123 · 9 Lipiec 2009 14:31

Fixuj w HJT:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKCU…\Run: [cdoosoft] C:\DOCUME~1\Kamil\USTAWI~1\Temp\olhrwef.exe

deFco247 · 9 Lipiec 2009 14:33

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link. Tak wklejanych logów się nie da sprawdzać.

HiJackThis niepotrzebny, OTL pokazuje to samo i dużo więcej.

Usuń infekcje z pendrive lub kart pamięci za pomocą Flash Disinfector lub tych narzędzi.

Lub format.

W Custom Scans/Fixes w OTL wklej:

:OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ FF - prefs.js…browser.search.selectedEngine: “DAEMON Search” O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU…\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKCU…\Run: [cdoosoft] C:\DOCUME~1\Kamil\USTAWI~1\Temp\olhrwef.exe File not found O33 - MountPoints2{8d91e95a-d71d-11dd-8b9b-00064f01de15}\Shell\AutoRun\command - “” = I:\q1alx.exe – File not found O33 - MountPoints2{8d91e95a-d71d-11dd-8b9b-00064f01de15}\Shell\open\Command - “” = I:\q1alx.exe – File not found O33 - MountPoints2{ea65f16c-6bdd-11de-aea9-001fd0a196c0}\Shell\AutoRun\command - “” = H:\q1alx.exe – File not found O33 - MountPoints2{ea65f16c-6bdd-11de-aea9-001fd0a196c0}\Shell\open\Command - “” = H:\q1alx.exe – File not found :Commands [emptytemp] [start explorer] [Reboot]

Klikasz Run Fix. Zgadzasz się na restart.

Po restarcie klikasz w OTL CleanUp.

Przeczyść system CCleanerem.

Usuń zbędniki z autostartu.

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.

Redd · 9 Lipiec 2009 17:45

Wybacz za to wklejenie loga deFco247. Zrobiłem wszystko tak jak napisałeś. Tu jest raport ze skanowania Malwarebytes’ Anti-Malware: http://wklej.org/id/118710/ . I jeszcze raz nowy log z OTL: http://wklej.org/id/118714/ .

I jeszcze chciałem zapytać: już dwa razy po skanowaniu OTLem skasował się on sam z dysku. To jest normalne?

deFco247 · 9 Lipiec 2009 17:51

Czysto. :))

Po kliknięciu CleanUp , OTL usuwa się z dysku razem z usuniętymi objektami.

Redd · 9 Lipiec 2009 18:15

Dzięki wielkie za pomoc.

Pozdrawiam!