System Windows - Brak dysku

wyskakuje mi błąd Exception processing message c0000013 system windows - brak dysku.

OTL logfile created on: 2010-04-24 09:39:36 - Run 3

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\as\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 54,25 Gb Total Space | 6,28 Gb Free Space | 11,58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 94,79 Gb Total Space | 43,48 Gb Free Space | 45,87% Space Free | Partition Type: NTFS

Drive F: | 14,75 Gb Total Space | 3,97 Gb Free Space | 26,91% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 27,92 Gb Total Space | 14,09 Gb Free Space | 50,44% Space Free | Partition Type: FAT32

Drive I: | 31,83 Gb Total Space | 14,06 Gb Free Space | 44,17% Space Free | Partition Type: FAT32

Drive J: | 6,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: AS-6FFA5909E11C

Current User Name: as

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-24 09:34:46 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.scr

PRC - [2010-04-24 08:55:05 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\Temp\xq8i.exe

PRC - [2010-04-24 08:54:35 | 000,029,440 | ---- | M] () – C:\WINDOWS\Temp\VRT2.tmp

PRC - [2008-12-15 16:53:52 | 000,041,984 | RHS- | M] () – C:\WINDOWS\system32\csrsc.exe

PRC - [2008-04-14 22:51:44 | 000,139,264 | -H-- | M] () – C:\WINDOWS\Fonts\services.exe

PRC - [2008-04-14 22:51:18 | 001,044,992 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2002-04-12 00:00:00 | 000,069,632 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\system32\brsvc01a.exe

PRC - [2001-12-13 00:01:00 | 000,057,344 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\system32\brss01a.exe

PRC - [2001-10-26 19:27:34 | 000,050,688 | ---- | M] (ifdef sys) – C:\WINDOWS\system32\PereSvc.exe

========== Modules (SafeList) ==========

MOD - [2010-04-24 09:34:46 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.scr

MOD - [2010-04-24 07:29:44 | 000,036,865 | ---- | M] () – C:\WINDOWS\system32\msfazmlf.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-08-12 08:07:28 | 000,664,576 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2008-12-15 16:53:52 | 000,041,984 | RHS- | M] () [Auto | Running] – C:\WINDOWS\System32\csrsc.exe – (WinSpoolSvc)

SRV - [2002-04-12 00:00:00 | 000,069,632 | ---- | M] (brother Industries Ltd) [Auto | Running] – C:\WINDOWS\system32\brsvc01a.exe – (Brother XP spl Service)

SRV - [2001-10-26 19:27:34 | 000,050,688 | ---- | M] (ifdef sys) [Auto | Running] – C:\WINDOWS\system32\PereSvc.exe – (peresvc)

SRV - [2001-10-26 19:27:34 | 000,044,544 | ---- | M] (dreas company) [Auto | Running] – C:\WINDOWS\system32\BtwSvc.dll – (BtwSvc)

========== Driver Services (SafeList) ==========

DRV - [2009-08-13 14:46:42 | 000,005,632 | ---- | M] () [File_System | System | Running] – C:\WINDOWS\system32\drivers\StarOpen.sys – (StarOpen)

DRV - [2009-07-14 20:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\cpuz132_x32.sys – (cpuz132)

DRV - [2008-05-07 20:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2007-05-31 15:19:24 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)

DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\e4usbaw.sys – (e4usbaw)

DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] – C:\WINDOWS\system32\drivers\e4ldr.sys – (E4LOADER) General Purpose USB Driver (e4ldr.sys)

DRV - [2005-12-22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdmdm.sys – (sscdmdm)

DRV - [2005-12-22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdmdfl.sys – (sscdmdfl)

DRV - [2005-12-22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdbus.sys – (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BrScnUsb.sys – (BrScnUsb)

DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\d347prt.sys – (d347prt)

DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\d347bus.sys – (d347bus)

DRV - [2004-04-30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\drivers\a347bus.sys – (a347bus)

DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\a347scsi.sys – (a347scsi)

DRV - [2004-03-01 18:31:14 | 000,062,848 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RT2400.sys – (RT2400)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM…\URLSearchHook: - Reg Error: Key error. File not found

IE - HKLM…\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU.DEFAULT…\URLSearchHook: - Reg Error: Key error. File not found

IE - HKU.DEFAULT…\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18…\URLSearchHook: - Reg Error: Key error. File not found

IE - HKU\S-1-5-18…\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKU\S-1-5-21-1202660629-573735546-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

FF - HKLM\software\mozilla\Firefox\extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.1.0.2080\FF [2009-12-20 17:25:54 | 000,000,000 | —D | M]

FF - HKLM\software\mozilla\Firefox\extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF [2009-12-20 17:26:00 | 000,000,000 | —D | M]

FF - HKLM\software\mozilla\Firefox\extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF [2009-12-20 17:26:08 | 000,000,000 | —D | M]

[2010-02-22 09:03:14 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2010-01-17 12:59:39 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions{800b5000-a755-47e1-992b-48a1c1357f07}

O1 HOSTS File: ([2010-04-24 09:26:11 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.

O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM…\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON’S HOME)

O4 - HKLM…\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [izqtfu] C:\WINDOWS\System32\msfazmlf.DLL ()

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM…\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found

O4 - HKLM…\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()

O4 - HKLM…\Run: [ubxlsw] C:\WINDOWS\System32\msgmcsgf.DLL ()

O4 - HKLM…\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU.DEFAULT…\Run: [syncman] c:\Documents and Settings\as\wuaucldt.exe ()

O4 - HKU\S-1-5-18…\Run: [syncman] c:\Documents and Settings\as\wuaucldt.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

F3 - HKU.DEFAULT WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

F3 - HKU.DEFAULT WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

F3 - HKU\S-1-5-21-1202660629-573735546-682003330-1003 WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

F3 - HKU\S-1-5-21-1202660629-573735546-682003330-1003 WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1202660629-573735546-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O9 - Extra ‘Tools’ menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-08-07 20:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2007-04-09 15:41:24 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-09-11 03:00:10 | 000,419,088 | R— | M] (Electronic Arts) - J:\AutoRun.exe – [CDFS]

O32 - AutoRun File - [2009-10-01 14:59:33 | 000,000,000 | R–D | M] - J:\Autorun – [CDFS]

O32 - AutoRun File - [2009-09-11 03:00:08 | 009,957,376 | R— | M] () - J:\autorun.dat – [CDFS]

O32 - AutoRun File - [2009-09-11 02:38:34 | 000,000,136 | R— | M] () - J:\autorun.inf – [CDFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-24 09:34:38 | 000,571,904 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.scr

[2010-04-24 09:17:03 | 000,571,904 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

[2010-04-24 09:14:21 | 000,000,000 | —D | C] – C:\32788R22FWJFW

[2010-04-24 08:55:05 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\6413,333.exe

[2010-04-24 08:54:46 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\3435,007.exe

[2010-04-24 08:54:32 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\5413,584.exe

[2010-04-24 08:27:02 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\2618,014.exe

[2010-04-24 08:26:53 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\2089,639.exe

[2010-04-24 08:26:40 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\1267,924.exe

[2010-04-24 08:20:27 | 000,000,000 | -HSD | C] – C:\RECYCLER

[2010-04-24 08:20:10 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2010-04-24 08:07:00 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\9614,321.exe

[2010-04-24 08:06:51 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\6615,701.exe

[2010-04-24 08:06:16 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\6863,322.exe

[2010-04-24 07:56:01 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\5289,218.exe

[2010-04-24 07:55:54 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\2322,336.exe

[2010-04-24 07:55:20 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\4900,278.exe

[2010-04-24 07:38:28 | 000,000,000 | —D | C] – C:\ComboFix

[2010-04-24 07:37:11 | 000,000,000 | RH-D | C] – C:\Documents and Settings\as\Recent

[2010-04-24 07:34:05 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\6626,041.exe

[2010-04-24 07:33:59 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\7710,214.exe

[2010-04-24 07:33:59 | 000,062,496 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\MSWINSCK.OCX

[2010-04-24 07:33:49 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\11,05726.exe

[2010-04-24 07:30:04 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\2444,834.exe

[2010-04-24 07:29:22 | 000,044,544 | ---- | C] (dreas company) – C:\WINDOWS\System32\ms.bin

[2010-04-24 07:29:22 | 000,040,960 | ---- | C] (ifdef sys) – C:\WINDOWS\System32\so.bin

[2010-04-24 07:29:22 | 000,036,864 | ---- | C] (yaeg tkjaup vkutleae) – C:\WINDOWS\System32\d.bin

[2010-04-10 13:17:37 | 000,000,000 | —D | C] – C:\ygoow

[2010-04-03 18:30:41 | 000,000,000 | RH-D | C] – C:\Documents and Settings\as\Dane aplikacji\SecuROM

[2010-03-28 21:08:14 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Silverlight

[2009-10-22 14:52:02 | 000,155,136 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d347bus.sys

[2009-10-22 14:52:02 | 000,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d347prt.sys

[2009-08-07 20:31:32 | 000,160,640 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347bus.sys

[2009-08-07 20:31:32 | 000,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347scsi.sys

[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) – C:\WINDOWS\System32\drvc.dll

[3 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2010-04-24 09:37:00 | 000,001,120 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-573735546-682003330-1003UA.job

[2010-04-24 09:34:46 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.scr

[2010-04-24 09:26:11 | 000,000,029 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hosts

[2010-04-24 09:17:09 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

[2010-04-24 09:06:44 | 044,089,904 | ---- | M] () – C:\Documents and Settings\as\Pulpit\avira_antivir_personal_en.exe

[2010-04-24 08:55:05 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\6413,333.exe

[2010-04-24 08:55:01 | 000,000,001 | ---- | M] () – C:\Documents and Settings\as\oashdihasidhasuidhiasdhiashdiuasdhasd

[2010-04-24 08:54:46 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\3435,007.exe

[2010-04-24 08:54:35 | 000,038,912 | ---- | M] () – C:\WINDOWS\System32\wuaucldt.exe

[2010-04-24 08:54:35 | 000,038,912 | ---- | M] () – C:\Documents and Settings\as\wuaucldt.exe

[2010-04-24 08:54:32 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\5413,584.exe

[2010-04-24 08:54:29 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\6982,32.exe

[2010-04-24 08:54:29 | 000,000,120 | ---- | M] () – C:\WINDOWS\System32\132312.BAT

[2010-04-24 08:54:26 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\1317,255.exe

[2010-04-24 08:52:38 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-04-24 08:52:37 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-04-24 08:51:41 | 008,912,896 | -H-- | M] () – C:\Documents and Settings\as\NTUSER.DAT

[2010-04-24 08:51:41 | 000,000,188 | -HS- | M] () – C:\Documents and Settings\as\ntuser.ini

[2010-04-24 08:51:28 | 000,000,573 | ---- | M] () – C:\WINDOWS\win.ini

[2010-04-24 08:51:28 | 000,000,281 | RHS- | M] () – C:\boot.ini

[2010-04-24 08:51:28 | 000,000,227 | ---- | M] () – C:\WINDOWS\system.ini

[2010-04-24 08:39:59 | 000,000,850 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk

[2010-04-24 08:27:02 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\2618,014.exe

[2010-04-24 08:26:53 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\2089,639.exe

[2010-04-24 08:26:40 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\1267,924.exe

[2010-04-24 08:26:36 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\314,6869.exe

[2010-04-24 08:26:36 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\254328.BAT

[2010-04-24 08:26:33 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\5543,177.exe

[2010-04-24 08:23:43 | 000,002,596 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT

[2010-04-24 08:22:44 | 000,243,457 | ---- | M] () – C:\WINDOWS\System32\NvApps.xml

[2010-04-24 08:07:00 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\9614,321.exe

[2010-04-24 08:06:51 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\6615,701.exe

[2010-04-24 08:06:16 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\6863,322.exe

[2010-04-24 08:06:13 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\7736,257.exe

[2010-04-24 08:06:13 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\151546.BAT

[2010-04-24 08:05:43 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\7688,868.exe

[2010-04-24 08:05:40 | 000,000,154 | ---- | M] () – C:\Documents and Settings\as\118671.BAT

[2010-04-24 07:56:40 | 000,000,130 | ---- | M] () – C:\WINDOWS\System32\418859.BAT

[2010-04-24 07:56:01 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\5289,218.exe

[2010-04-24 07:55:54 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\2322,336.exe

[2010-04-24 07:55:20 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\4900,278.exe

[2010-04-24 07:55:17 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\9944,356.exe

[2010-04-24 07:55:17 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\335875.BAT

[2010-04-24 07:55:13 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\7871,82.exe

[2010-04-24 07:37:43 | 003,923,062 | R— | M] () – C:\Documents and Settings\as\Pulpit\ComboFix.exe

[2010-04-24 07:37:00 | 000,001,068 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-573735546-682003330-1003Core.job

[2010-04-24 07:35:06 | 000,036,865 | ---- | M] () – C:\WINDOWS\System32\msgmcsgf.dll

[2010-04-24 07:34:05 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\6626,041.exe

[2010-04-24 07:33:59 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\7710,214.exe

[2010-04-24 07:33:59 | 000,062,496 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\MSWINSCK.OCX

[2010-04-24 07:33:49 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\11,05726.exe

[2010-04-24 07:33:43 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\2661,554.exe

[2010-04-24 07:30:04 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\2444,834.exe

[2010-04-24 07:29:44 | 000,036,865 | ---- | M] () – C:\WINDOWS\System32\msfazmlf.dll

[2010-04-24 07:29:22 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\2006,952.exe

[2010-04-23 19:55:34 | 002,637,184 | -H-- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-23 18:22:19 | 000,316,640 | ---- | M] () – C:\WINDOWS\WMSysPr9.prx

[2010-04-23 16:30:46 | 000,000,000 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2010-04-23 13:52:29 | 000,000,679 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk

[2010-04-23 13:52:29 | 000,000,660 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk

[2010-04-23 10:16:43 | 000,036,864 | ---- | M] (yaeg tkjaup vkutleae) – C:\WINDOWS\System32\d.bin

[2010-04-23 10:15:02 | 000,076,288 | ---- | M] () – C:\WINDOWS\System32\w.exe

[2010-04-23 10:14:38 | 000,044,544 | ---- | M] (dreas company) – C:\WINDOWS\System32\ms.bin

[2010-04-23 10:14:36 | 000,040,960 | ---- | M] (ifdef sys) – C:\WINDOWS\System32\so.bin

[2010-04-23 06:43:18 | 000,010,752 | ---- | M] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (7).doc

[2010-04-21 20:30:53 | 000,002,592 | ---- | M] () – C:\Documents and Settings\as\Moje dokumenty\HIsta.rtf

[2010-04-18 19:03:31 | 000,014,848 | ---- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-12 21:28:15 | 000,000,592 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-04-12 16:54:57 | 000,019,968 | ---- | M] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (6).doc

[2010-04-11 21:24:53 | 001,663,786 | ---- | M] () – C:\Documents and Settings\as\Pulpit\arkusz_pytan.pdf

[2010-04-11 08:40:59 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-04-07 07:20:49 | 003,011,096 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2010-04-06 18:49:06 | 000,076,656 | ---- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-03-28 08:30:23 | 001,074,588 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-28 08:30:23 | 000,484,634 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2010-03-28 08:30:23 | 000,427,592 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2010-03-28 08:30:23 | 000,082,010 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2010-03-28 08:30:23 | 000,066,376 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

[2010-04-24 09:00:37 | 044,089,904 | ---- | C] () – C:\Documents and Settings\as\Pulpit\avira_antivir_personal_en.exe

[2010-04-24 08:54:29 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\6982,32.exe

[2010-04-24 08:54:29 | 000,000,120 | ---- | C] () – C:\WINDOWS\System32\132312.BAT

[2010-04-24 08:54:26 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\1317,255.exe

[2010-04-24 08:54:26 | 000,076,288 | ---- | C] () – C:\WINDOWS\System32\w.exe

[2010-04-24 08:51:34 | 000,000,836 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

[2010-04-24 08:51:34 | 000,000,610 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk

[2010-04-24 08:39:59 | 000,000,850 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk

[2010-04-24 08:30:39 | 000,000,001 | ---- | C] () – C:\Documents and Settings\as\oashdihasidhasuidhiasdhiashdiuasdhasd

[2010-04-24 08:26:36 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\314,6869.exe

[2010-04-24 08:26:36 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\254328.BAT

[2010-04-24 08:26:33 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\5543,177.exe

[2010-04-24 08:06:13 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\7736,257.exe

[2010-04-24 08:06:13 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\151546.BAT

[2010-04-24 08:05:43 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\7688,868.exe

[2010-04-24 08:05:40 | 000,000,154 | ---- | C] () – C:\Documents and Settings\as\118671.BAT

[2010-04-24 07:56:40 | 000,000,130 | ---- | C] () – C:\WINDOWS\System32\418859.BAT

[2010-04-24 07:55:17 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\9944,356.exe

[2010-04-24 07:55:17 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\335875.BAT

[2010-04-24 07:55:13 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\7871,82.exe

[2010-04-24 07:37:13 | 003,923,062 | R— | C] () – C:\Documents and Settings\as\Pulpit\ComboFix.exe

[2010-04-24 07:35:06 | 000,036,865 | ---- | C] () – C:\WINDOWS\System32\msgmcsgf.dll

[2010-04-24 07:33:43 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\2661,554.exe

[2010-04-24 07:29:44 | 000,036,865 | ---- | C] () – C:\WINDOWS\System32\msfazmlf.dll

[2010-04-24 07:29:24 | 000,038,912 | ---- | C] () – C:\WINDOWS\System32\wuaucldt.exe

[2010-04-24 07:29:24 | 000,038,912 | ---- | C] () – C:\Documents and Settings\as\wuaucldt.exe

[2010-04-24 07:29:22 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\2006,952.exe

[2010-04-24 07:28:40 | 000,041,984 | RHS- | C] () – C:\WINDOWS\System32\csrsc.exe

[2010-04-23 06:43:18 | 000,010,752 | ---- | C] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (7).doc

[2010-04-21 20:30:51 | 000,002,592 | ---- | C] () – C:\Documents and Settings\as\Moje dokumenty\HIsta.rtf

[2010-04-15 17:19:44 | 000,054,272 | ---- | C] () – C:\Documents and Settings\as\Pulpit\opis i analiza 2.doc

[2010-04-12 21:28:15 | 000,000,592 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-04-11 21:24:53 | 001,663,786 | ---- | C] () – C:\Documents and Settings\as\Pulpit\arkusz_pytan.pdf

[2010-04-07 21:35:18 | 000,019,968 | ---- | C] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (6).doc

[2010-02-03 08:04:23 | 000,000,169 | ---- | C] () – C:\WINDOWS\adidsl.ini

[2010-02-03 08:04:23 | 000,000,021 | ---- | C] () – C:\WINDOWS\Fast800.ini

[2010-02-03 08:04:19 | 000,200,704 | ---- | C] () – C:\WINDOWS\System32\coclassfast.dll

[2010-02-03 08:04:18 | 000,046,892 | ---- | C] () – C:\WINDOWS\System32\ADADIX16.DLL

[2009-09-10 20:34:59 | 000,031,767 | ---- | C] () – C:\WINDOWS\maxlink.ini

[2009-08-26 15:48:14 | 000,000,806 | ---- | C] () – C:\WINDOWS\BRWMARK.INI

[2009-08-26 15:48:14 | 000,000,027 | ---- | C] () – C:\WINDOWS\BRPP2KA.INI

[2009-08-26 15:48:13 | 000,000,030 | ---- | C] () – C:\WINDOWS\System32\brss01a.ini

[2009-08-23 20:17:35 | 000,000,151 | ---- | C] () – C:\WINDOWS\PhotoSnapViewer.INI

[2009-08-23 09:53:10 | 000,000,116 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-08-13 14:32:56 | 000,005,632 | ---- | C] () – C:\WINDOWS\System32\drivers\StarOpen.sys

[2009-08-08 07:55:15 | 000,000,990 | ---- | C] () – C:\WINDOWS\adiras.ini

[2009-08-07 20:34:25 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-08-07 20:27:33 | 000,168,448 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-08-07 20:27:33 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini

[2009-08-07 20:27:32 | 000,795,648 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2009-08-07 20:27:32 | 000,130,048 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2009-08-07 20:27:31 | 003,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2009-08-07 20:23:34 | 000,000,971 | ---- | C] () – C:\WINDOWS\wincmd.ini

[2009-08-07 20:23:07 | 000,086,016 | ---- | C] () – C:\WINDOWS\System32\install.dll

[2009-08-07 20:23:07 | 000,045,056 | ---- | C] () – C:\WINDOWS\System32\DEDriverDLL.dll

[2009-08-07 20:23:07 | 000,032,768 | ---- | C] () – C:\WINDOWS\System32\SmartInstallCfg2.dll

[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () – C:\WINDOWS\System32\libavcodec.dll

[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () – C:\WINDOWS\System32\ff_x264.dll

[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () – C:\WINDOWS\System32\ff_wmv9.dll

[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () – C:\WINDOWS\System32\ff_theora.dll

[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () – C:\WINDOWS\System32\libmplayer.dll

[2008-12-11 12:27:02 | 000,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll

[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll

[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () – C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004-08-22 17:04:56 | 000,069,120 | ---- | C] () – C:\WINDOWS\daemon.dll

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI

[2002-03-04 10:16:34 | 000,110,592 | R— | C] () – C:\WINDOWS\System32\Jpeg32.dll

[2001-10-26 19:27:34 | 000,000,008 | ---- | C] () – C:\WINDOWS\System32\FInstall.sys

========== LOP Check ==========

[2010-04-24 08:23:47 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2010-02-26 11:34:52 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-01-17 12:59:40 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ICQ

[2010-02-27 13:11:29 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-09-10 20:34:59 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft

[2009-08-07 20:29:06 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Synetic

[2009-08-16 09:57:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

[2010-01-01 12:01:04 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\BESTplayer

[2009-08-07 20:33:51 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Gadu-Gadu

[2010-02-26 11:34:49 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Gadu-Gadu 10

[2010-02-02 18:19:54 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\GetRightToGo

[2009-10-22 15:06:28 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Leadertech

[2009-08-08 09:35:48 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Nowe Gadu-Gadu

[2009-08-08 10:59:56 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\OpenFM

[2009-12-22 17:15:50 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Opera

[2009-08-13 14:48:14 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Samsung

[2009-09-16 16:46:02 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Thinstall

[2009-08-16 09:57:35 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\Ubisoft

[2009-10-24 13:32:45 | 000,000,000 | —D | M] – C:\Documents and Settings\as\Dane aplikacji\VitySoft

========== Purity Check ==========

< End of report >

co jest :?:

Usuń tego Combofixa którego masz na dysku Pobierz Combofix z tego linku http://rapidshare.com/files/379564376/123.com.html (nazwa specjalnie zmieniona) Instrukcja do Combofixa http://www.searchengines.pl/index.php?s … t&p=395642 Uruchom przeskanuj system i daj log na forum Dokładnie zapoznaj się z instrukcją

nie da się odpalić tego combofixa przeją zielone kreski i koniec …

Spróbuj SDFix Instrukcja i program tutaj Usuwanie przeprowadzasz w trybie awaryjnym windows http://www.searchengines.pl/index.php?s … ntry511908 Zobaczymy czy się uda

po co używać SDFIXA jeśli nie jest aktualizowany juz prawie 2 lata ?

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera + log z Gmera

SDFix nie dziła

Wykonaj powyższy skrypt do OTLa

All processes killed

========== OTL ==========

Error: No service named WinSpoolSvc was found to stop!

No service named WinSpoolSvc was found to delete!

File move failed. C:\WINDOWS\system32\csrsc.exe scheduled to be moved on reboot.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.

Registry value HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E63605FC-D583-4C81-867F-9457BDB3EA1B}\ not found.

C:\Program Files\Web Search Operator\4.1.0.2080\FF\components folder moved successfully.

C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content folder moved successfully.

C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome folder moved successfully.

C:\Program Files\Web Search Operator\4.1.0.2080\FF folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{8141440E-08F0-4339-9959-5C31C6A69F23}\ not found.

C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components folder moved successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content folder moved successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome folder moved successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E889F097-B0BE-471B-89AD-B86B6F04B506}\ not found.

C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components folder moved successfully.

C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content folder moved successfully.

C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome folder moved successfully.

C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\izqtfu deleted successfully.

C:\WINDOWS\system32\msfazmlf.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\syncman deleted successfully.

C:\WINDOWS\system32\wuaucldt.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ubxlsw deleted successfully.

C:\WINDOWS\system32\msgmcsgf.dll moved successfully.

Registry value HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\syncman deleted successfully.

c:\Documents and Settings\as\wuaucldt.exe moved successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\syncman not found.

File c:\Documents and Settings\as\wuaucldt.exe not found.

C:\WINDOWS\Fonts\services.exe moved successfully.

Registry value HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load:C:\WINDOWS\fonts\services.exe deleted successfully.

File C:\WINDOWS\Fonts\services.exe not found.

Registry value HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run:C:\WINDOWS\fonts\services.exe deleted successfully.

File C:\WINDOWS\Fonts\services.exe not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load:C:\WINDOWS\fonts\services.exe deleted successfully.

File C:\WINDOWS\Fonts\services.exe not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run:C:\WINDOWS\fonts\services.exe deleted successfully.

File C:\WINDOWS\Fonts\services.exe not found.

Registry value HKEY_USERS\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load:C:\WINDOWS\fonts\services.exe deleted successfully.

File C:\WINDOWS\Fonts\services.exe not found.

Registry value HKEY_USERS\S-1-5-21-1202660629-573735546-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run:C:\WINDOWS\fonts\services.exe deleted successfully.

========== FILES ==========

C:\WINDOWS\Temp\xq8i.exe moved successfully.

C:\WINDOWS\Temp\VRT2.tmp moved successfully.

File move failed. C:\WINDOWS\system32\csrsc.exe scheduled to be moved on reboot.

File\Folder C:\WINDOWS\Fonts\services.exe not found.

File\Folder C:\WINDOWS\system32\msfazmlf.dll not found.

File\Folder C:\32788R22FWJFW not found.

C:\WINDOWS\System32\6413,333.exe moved successfully.

C:\WINDOWS\System32\3435,007.exe moved successfully.

C:\WINDOWS\System32\5413,584.exe moved successfully.

C:\WINDOWS\System32\2618,014.exe moved successfully.

C:\WINDOWS\System32\2089,639.exe moved successfully.

C:\WINDOWS\System32\1267,924.exe moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc34 folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc33\License folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc33\EN-US folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc33 folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc31\apps\Replace\xp folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc31\apps\Replace\w2k folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc31\apps\Replace folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc31\apps folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc31 folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc27\apps\Replace\xp folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc27\apps\Replace\w2k folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc27\apps\Replace folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc27\apps folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003\Dc27 folder moved successfully.

C:\RECYCLER\S-1-5-21-1202660629-573735546-682003330-1003 folder moved successfully.

C:\RECYCLER folder moved successfully.

C:\WINDOWS\System32\9614,321.exe moved successfully.

C:\WINDOWS\System32\6615,701.exe moved successfully.

C:\WINDOWS\System32\6863,322.exe moved successfully.

C:\WINDOWS\System32\5289,218.exe moved successfully.

C:\WINDOWS\System32\2322,336.exe moved successfully.

C:\WINDOWS\System32\4900,278.exe moved successfully.

C:\WINDOWS\System32\6626,041.exe moved successfully.

C:\WINDOWS\System32\7710,214.exe moved successfully.

C:\WINDOWS\System32\11,05726.exe moved successfully.

C:\WINDOWS\System32\2444,834.exe moved successfully.

C:\WINDOWS\System32\ms.bin moved successfully.

C:\WINDOWS\System32\so.bin moved successfully.

C:\WINDOWS\System32\d.bin moved successfully.

C:\ygoow\Downloads folder moved successfully.

C:\ygoow folder moved successfully.

C:\WINDOWS\System32\w.exe moved successfully.

C:\WINDOWS\System32\132312.BAT moved successfully.

C:\WINDOWS\System32\6982,32.exe moved successfully.

C:\WINDOWS\System32\1317,255.exe moved successfully.

C:\Documents and Settings\as\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.

C:\WINDOWS\System32\314,6869.exe moved successfully.

C:\WINDOWS\System32\254328.BAT moved successfully.

C:\WINDOWS\System32\5543,177.exe moved successfully.

C:\WINDOWS\System32\7736,257.exe moved successfully.

C:\WINDOWS\System32\151546.BAT moved successfully.

C:\WINDOWS\System32\7688,868.exe moved successfully.

C:\Documents and Settings\as\118671.BAT moved successfully.

C:\WINDOWS\System32\418859.BAT moved successfully.

C:\WINDOWS\System32\9944,356.exe moved successfully.

C:\WINDOWS\System32\335875.BAT moved successfully.

C:\WINDOWS\System32\7871,82.exe moved successfully.

File\Folder C:\Documents and Settings\as\Pulpit\ComboFix.exe not found.

File\Folder C:\WINDOWS\System32\msgmcsgf.dll not found.

C:\WINDOWS\System32\2661,554.exe moved successfully.

File\Folder C:\WINDOWS\System32\msfazmlf.dll not found.

File\Folder C:\WINDOWS\System32\wuaucldt.exe not found.

File\Folder C:\Documents and Settings\as\wuaucldt.exe not found.

C:\WINDOWS\System32\2006,952.exe moved successfully.

File move failed. C:\WINDOWS\System32\csrsc.exe scheduled to be moved on reboot.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: as

->Temp folder emptied: 1134635 bytes

->Temporary Internet Files folder emptied: 1551630 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 4788592 bytes

->Flash cache emptied: 6303 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 169161 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352022 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1067967 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,00 mb

OTL by OldTimer - Version 3.2.2.0 log created on 04242010_135932

Files\Folders moved on Reboot…

C:\WINDOWS\system32\csrsc.exe moved successfully.

C:\WINDOWS\temp\mta13187.dll moved successfully.

Registry entries deleted on Reboot…

Dodane 24.04.2010 (So) 14:06

OTL logfile created on: 2010-04-24 14:03:15 - Run 4

OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\as\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 54,25 Gb Total Space | 6,36 Gb Free Space | 11,72% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 94,79 Gb Total Space | 43,42 Gb Free Space | 45,81% Space Free | Partition Type: NTFS

Drive F: | 14,75 Gb Total Space | 3,97 Gb Free Space | 26,91% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 27,92 Gb Total Space | 14,09 Gb Free Space | 50,44% Space Free | Partition Type: FAT32

Drive I: | 31,83 Gb Total Space | 14,06 Gb Free Space | 44,17% Space Free | Partition Type: FAT32

Drive J: | 6,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: AS-6FFA5909E11C

Current User Name: as

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-24 14:02:51 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\Temp\xq8i.exe

PRC - [2010-04-24 14:02:34 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\system32\8634,257.exe

PRC - [2010-04-24 09:17:09 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

PRC - [2010-03-18 01:43:38 | 000,835,952 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe

PRC - [2009-07-01 18:37:06 | 000,047,616 | ---- | M] () – C:\Program Files\Winamp\winampa.exe

PRC - [2009-01-19 08:37:10 | 001,163,264 | R— | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

PRC - [2008-11-26 10:25:36 | 000,233,472 | ---- | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2008-10-24 11:44:34 | 000,884,736 | ---- | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2008-07-09 23:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) – C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2008-05-02 06:15:46 | 000,025,600 | ---- | M] () – C:\Program Files\Unlocker\UnlockerAssistant.exe

PRC - [2008-04-14 22:51:44 | 000,139,264 | -H-- | M] () – C:\WINDOWS\Fonts\services.exe

PRC - [2008-04-14 22:51:18 | 001,044,992 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-02-13 17:20:50 | 001,205,840 | ---- | M] () – C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

PRC - [2004-08-22 17:05:02 | 000,094,208 | ---- | M] (DAEMON’S HOME) – C:\Program Files\D-Tools\daemon.exe

PRC - [2002-04-12 00:00:00 | 000,069,632 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\system32\brsvc01a.exe

PRC - [2001-12-13 00:01:00 | 000,057,344 | ---- | M] (brother Industries Ltd) – C:\WINDOWS\system32\brss01a.exe

PRC - [2001-10-26 19:27:34 | 000,050,688 | ---- | M] (ifdef sys) – C:\WINDOWS\system32\PereSvc.exe

========== Modules (SafeList) ==========

MOD - [2010-04-24 14:02:28 | 000,036,865 | ---- | M] () – C:\WINDOWS\system32\msfazmlf.dll

MOD - [2010-04-24 09:17:09 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

MOD - [2008-05-02 06:15:35 | 000,004,608 | ---- | M] () – C:\Program Files\Unlocker\UnlockerHook.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] – -- (WinSpoolSvc)

SRV - [2009-08-12 08:07:28 | 000,664,576 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2002-04-12 00:00:00 | 000,069,632 | ---- | M] (brother Industries Ltd) [Auto | Running] – C:\WINDOWS\system32\brsvc01a.exe – (Brother XP spl Service)

SRV - [2001-10-26 19:27:34 | 000,050,688 | ---- | M] (ifdef sys) [Auto | Running] – C:\WINDOWS\system32\PereSvc.exe – (peresvc)

SRV - [2001-10-26 19:27:34 | 000,044,544 | ---- | M] (dreas company) [Auto | Running] – C:\WINDOWS\system32\BtwSvc.dll – (BtwSvc)

========== Driver Services (SafeList) ==========

DRV - [2009-08-13 14:46:42 | 000,005,632 | ---- | M] () [File_System | System | Running] – C:\WINDOWS\system32\drivers\StarOpen.sys – (StarOpen)

DRV - [2009-07-14 20:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\cpuz132_x32.sys – (cpuz132)

DRV - [2008-05-07 20:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)

DRV - [2007-05-31 15:19:24 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)

DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\e4usbaw.sys – (e4usbaw)

DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] – C:\WINDOWS\system32\drivers\e4ldr.sys – (E4LOADER) General Purpose USB Driver (e4ldr.sys)

DRV - [2005-12-22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdmdm.sys – (sscdmdm)

DRV - [2005-12-22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdmdfl.sys – (sscdmdfl)

DRV - [2005-12-22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\sscdbus.sys – (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BrScnUsb.sys – (BrScnUsb)

DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\d347prt.sys – (d347prt)

DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\d347bus.sys – (d347bus)

DRV - [2004-04-30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\drivers\a347bus.sys – (a347bus)

DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\a347scsi.sys – (a347scsi)

DRV - [2004-03-01 18:31:14 | 000,062,848 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RT2400.sys – (RT2400)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

[2010-02-22 09:03:14 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2010-01-17 12:59:39 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions{800b5000-a755-47e1-992b-48a1c1357f07}

O1 HOSTS File: ([2010-04-24 14:02:53 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM…\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON’S HOME)

O4 - HKLM…\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [izqtfu] C:\WINDOWS\System32\msfazmlf.DLL ()

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM…\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found

O4 - HKLM…\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM…\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: exec = C:\WINDOWS\fonts\services.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: zh5l = C:\WINDOWS\TEMP\xq8i.exe ( )

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O9 - Extra ‘Tools’ menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_18)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-04-09 15:41:24 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-09-11 03:00:10 | 000,419,088 | R— | M] (Electronic Arts) - J:\AutoRun.exe – [CDFS]

O32 - AutoRun File - [2009-10-01 14:59:33 | 000,000,000 | R–D | M] - J:\Autorun – [CDFS]

O32 - AutoRun File - [2009-09-11 03:00:08 | 009,957,376 | R— | M] () - J:\autorun.dat – [CDFS]

O32 - AutoRun File - [2009-09-11 02:38:34 | 000,000,136 | R— | M] () - J:\autorun.inf – [CDFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-24 14:02:51 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\1390,597.exe

[2010-04-24 14:02:46 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\4296,06.exe

[2010-04-24 14:02:34 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\8634,257.exe

[2010-04-24 14:02:24 | 000,044,544 | ---- | C] (dreas company) – C:\WINDOWS\System32\ms.bin

[2010-04-24 14:02:24 | 000,040,960 | ---- | C] (ifdef sys) – C:\WINDOWS\System32\so.bin

[2010-04-24 14:02:24 | 000,036,864 | ---- | C] (yaeg tkjaup vkutleae) – C:\WINDOWS\System32\d.bin

[2010-04-24 13:59:38 | 000,000,000 | -HSD | C] – C:\RECYCLER

[2010-04-24 13:59:32 | 000,000,000 | —D | C] – C:_OTL

[2010-04-24 13:55:47 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\8721,225.exe

[2010-04-24 13:55:41 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\424,2951.exe

[2010-04-24 13:55:29 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\1734,537.exe

[2010-04-24 13:46:09 | 000,000,000 | —D | C] – C:\SDFix

[2010-04-24 13:31:16 | 000,000,000 | -H-D | C] – C:\WINDOWS\PIF

[2010-04-24 13:20:42 | 000,066,560 | ---- | C] ( ) – C:\WINDOWS\System32\7585,971.exe

[2010-04-24 13:20:35 | 000,181,760 | ---- | C] (-) – C:\WINDOWS\System32\7118,631.exe

[2010-04-24 13:20:25 | 000,007,680 | ---- | C] (微软中国) – C:\WINDOWS\System32\4514,079.exe

[2010-04-24 09:17:03 | 000,571,904 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

[2010-04-24 08:20:10 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2010-04-24 07:37:11 | 000,000,000 | RH-D | C] – C:\Documents and Settings\as\Recent

[2010-04-24 07:33:59 | 000,062,496 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\MSWINSCK.OCX

[2010-04-03 18:30:41 | 000,000,000 | RH-D | C] – C:\Documents and Settings\as\Dane aplikacji\SecuROM

[2010-03-28 21:08:14 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Silverlight

[2009-10-22 14:52:02 | 000,155,136 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d347bus.sys

[2009-10-22 14:52:02 | 000,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d347prt.sys

[2009-08-07 20:31:32 | 000,160,640 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347bus.sys

[2009-08-07 20:31:32 | 000,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347scsi.sys

[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) – C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010-04-24 14:02:53 | 000,000,029 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hosts

[2010-04-24 14:02:52 | 000,000,100 | ---- | M] () – C:\psfhreg4v108.bat

[2010-04-24 14:02:51 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\1390,597.exe

[2010-04-24 14:02:46 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\4296,06.exe

[2010-04-24 14:02:34 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\8634,257.exe

[2010-04-24 14:02:31 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\84343.BAT

[2010-04-24 14:02:28 | 000,036,865 | ---- | M] () – C:\WINDOWS\System32\msfazmlf.dll

[2010-04-24 14:02:27 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\5124,257.exe

[2010-04-24 14:02:24 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\2142,298.exe

[2010-04-24 14:01:30 | 000,243,457 | ---- | M] () – C:\WINDOWS\System32\NvApps.xml

[2010-04-24 14:01:28 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-04-24 14:01:26 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-04-24 14:00:33 | 008,912,896 | -H-- | M] () – C:\Documents and Settings\as\NTUSER.DAT

[2010-04-24 13:55:47 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\8721,225.exe

[2010-04-24 13:55:41 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\424,2951.exe

[2010-04-24 13:55:29 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\1734,537.exe

[2010-04-24 13:55:26 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\5781,301.exe

[2010-04-24 13:55:26 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\153984.BAT

[2010-04-24 13:55:03 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\812,6467.exe

[2010-04-24 13:52:08 | 000,000,188 | -HS- | M] () – C:\Documents and Settings\as\ntuser.ini

[2010-04-24 13:52:04 | 000,000,573 | ---- | M] () – C:\WINDOWS\win.ini

[2010-04-24 13:52:04 | 000,000,435 | ---- | M] () – C:\WINDOWS\system.ini

[2010-04-24 13:52:04 | 000,000,281 | RHS- | M] () – C:\boot.ini

[2010-04-24 13:38:29 | 000,008,628 | -H-- | M] () – C:\WINDOWS\System32\RaConfig.GID

[2010-04-24 13:37:06 | 000,001,120 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-573735546-682003330-1003UA.job

[2010-04-24 13:34:03 | 001,529,241 | ---- | M] () – C:\Documents and Settings\as\Pulpit\SDFix.exe

[2010-04-24 13:30:05 | 003,923,062 | ---- | M] () – C:\Documents and Settings\as\Pulpit\123.com

[2010-04-24 13:22:51 | 003,923,062 | ---- | M] () – C:\Documents and Settings\as\Moje dokumenty\123.com

[2010-04-24 13:20:42 | 000,066,560 | ---- | M] ( ) – C:\WINDOWS\System32\7585,971.exe

[2010-04-24 13:20:35 | 000,181,760 | ---- | M] (-) – C:\WINDOWS\System32\7118,631.exe

[2010-04-24 13:20:25 | 000,007,680 | ---- | M] (微软中国) – C:\WINDOWS\System32\4514,079.exe

[2010-04-24 13:20:22 | 000,048,128 | ---- | M] () – C:\WINDOWS\System32\9281,057.exe

[2010-04-24 13:20:22 | 000,000,122 | ---- | M] () – C:\WINDOWS\System32\108078.BAT

[2010-04-24 13:20:17 | 000,169,603 | ---- | M] () – C:\WINDOWS\System32\9444,238.exe

[2010-04-24 09:17:09 | 000,571,904 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\as\Pulpit\OTL.exe

[2010-04-24 08:23:43 | 000,002,596 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT

[2010-04-24 07:37:00 | 000,001,068 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-573735546-682003330-1003Core.job

[2010-04-24 07:33:59 | 000,062,496 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\MSWINSCK.OCX

[2010-04-23 19:55:34 | 002,637,184 | -H-- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-23 18:22:19 | 000,316,640 | ---- | M] () – C:\WINDOWS\WMSysPr9.prx

[2010-04-23 16:30:46 | 000,000,000 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2010-04-23 13:52:29 | 000,000,679 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk

[2010-04-23 13:52:29 | 000,000,660 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk

[2010-04-23 10:16:43 | 000,036,864 | ---- | M] (yaeg tkjaup vkutleae) – C:\WINDOWS\System32\d.bin

[2010-04-23 10:15:02 | 000,076,288 | ---- | M] () – C:\WINDOWS\System32\w.exe

[2010-04-23 10:14:38 | 000,044,544 | ---- | M] (dreas company) – C:\WINDOWS\System32\ms.bin

[2010-04-23 10:14:36 | 000,040,960 | ---- | M] (ifdef sys) – C:\WINDOWS\System32\so.bin

[2010-04-23 06:43:18 | 000,010,752 | ---- | M] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (7).doc

[2010-04-21 20:30:53 | 000,002,592 | ---- | M] () – C:\Documents and Settings\as\Moje dokumenty\HIsta.rtf

[2010-04-18 19:03:31 | 000,014,848 | ---- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-12 21:28:15 | 000,000,592 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-04-12 16:54:57 | 000,019,968 | ---- | M] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (6).doc

[2010-04-11 21:24:53 | 001,663,786 | ---- | M] () – C:\Documents and Settings\as\Pulpit\arkusz_pytan.pdf

[2010-04-11 08:40:59 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-04-07 07:20:49 | 003,011,096 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2010-04-06 18:49:06 | 000,076,656 | ---- | M] () – C:\Documents and Settings\as\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-03-28 08:30:23 | 001,074,588 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-28 08:30:23 | 000,484,634 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2010-03-28 08:30:23 | 000,427,592 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2010-03-28 08:30:23 | 000,082,010 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2010-03-28 08:30:23 | 000,066,376 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010-04-24 14:02:31 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\84343.BAT

[2010-04-24 14:02:28 | 000,036,865 | ---- | C] () – C:\WINDOWS\System32\msfazmlf.dll

[2010-04-24 14:02:27 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\5124,257.exe

[2010-04-24 14:02:24 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\2142,298.exe

[2010-04-24 14:02:24 | 000,076,288 | ---- | C] () – C:\WINDOWS\System32\w.exe

[2010-04-24 13:55:48 | 000,000,100 | ---- | C] () – C:\psfhreg4v108.bat

[2010-04-24 13:55:26 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\5781,301.exe

[2010-04-24 13:55:26 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\153984.BAT

[2010-04-24 13:55:03 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\812,6467.exe

[2010-04-24 13:33:50 | 001,529,241 | ---- | C] () – C:\Documents and Settings\as\Pulpit\SDFix.exe

[2010-04-24 13:29:35 | 003,923,062 | ---- | C] () – C:\Documents and Settings\as\Pulpit\123.com

[2010-04-24 13:22:20 | 003,923,062 | ---- | C] () – C:\Documents and Settings\as\Moje dokumenty\123.com

[2010-04-24 13:20:22 | 000,048,128 | ---- | C] () – C:\WINDOWS\System32\9281,057.exe

[2010-04-24 13:20:22 | 000,000,122 | ---- | C] () – C:\WINDOWS\System32\108078.BAT

[2010-04-24 13:20:17 | 000,169,603 | ---- | C] () – C:\WINDOWS\System32\9444,238.exe

[2010-04-24 13:19:34 | 000,008,628 | -H-- | C] () – C:\WINDOWS\System32\RaConfig.GID

[2010-04-24 08:51:34 | 000,000,836 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

[2010-04-24 08:51:34 | 000,000,610 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk

[2010-04-23 06:43:18 | 000,010,752 | ---- | C] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (7).doc

[2010-04-21 20:30:51 | 000,002,592 | ---- | C] () – C:\Documents and Settings\as\Moje dokumenty\HIsta.rtf

[2010-04-15 17:19:44 | 000,054,272 | ---- | C] () – C:\Documents and Settings\as\Pulpit\opis i analiza 2.doc

[2010-04-12 21:28:15 | 000,000,592 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-04-11 21:24:53 | 001,663,786 | ---- | C] () – C:\Documents and Settings\as\Pulpit\arkusz_pytan.pdf

[2010-04-07 21:35:18 | 000,019,968 | ---- | C] () – C:\Documents and Settings\as\Pulpit\Nowy Dokument programu Microsoft Word (6).doc

[2010-02-03 08:04:23 | 000,000,169 | ---- | C] () – C:\WINDOWS\adidsl.ini

[2010-02-03 08:04:23 | 000,000,021 | ---- | C] () – C:\WINDOWS\Fast800.ini

[2010-02-03 08:04:19 | 000,200,704 | ---- | C] () – C:\WINDOWS\System32\coclassfast.dll

[2010-02-03 08:04:18 | 000,046,892 | ---- | C] () – C:\WINDOWS\System32\ADADIX16.DLL

[2009-09-10 20:34:59 | 000,031,767 | ---- | C] () – C:\WINDOWS\maxlink.ini

[2009-08-26 15:48:14 | 000,000,806 | ---- | C] () – C:\WINDOWS\BRWMARK.INI

[2009-08-26 15:48:14 | 000,000,027 | ---- | C] () – C:\WINDOWS\BRPP2KA.INI

[2009-08-26 15:48:13 | 000,000,030 | ---- | C] () – C:\WINDOWS\System32\brss01a.ini

[2009-08-23 20:17:35 | 000,000,151 | ---- | C] () – C:\WINDOWS\PhotoSnapViewer.INI

[2009-08-23 09:53:10 | 000,000,116 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-08-13 14:32:56 | 000,005,632 | ---- | C] () – C:\WINDOWS\System32\drivers\StarOpen.sys

[2009-08-08 07:55:15 | 000,000,990 | ---- | C] () – C:\WINDOWS\adiras.ini

[2009-08-07 20:34:25 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-08-07 20:27:33 | 000,168,448 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-08-07 20:27:33 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini

[2009-08-07 20:27:32 | 000,795,648 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2009-08-07 20:27:32 | 000,130,048 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2009-08-07 20:27:31 | 003,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2009-08-07 20:23:34 | 000,000,971 | ---- | C] () – C:\WINDOWS\wincmd.ini

[2009-08-07 20:23:07 | 000,086,016 | ---- | C] () – C:\WINDOWS\System32\install.dll

[2009-08-07 20:23:07 | 000,045,056 | ---- | C] () – C:\WINDOWS\System32\DEDriverDLL.dll

[2009-08-07 20:23:07 | 000,032,768 | ---- | C] () – C:\WINDOWS\System32\SmartInstallCfg2.dll

[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () – C:\WINDOWS\System32\libavcodec.dll

[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () – C:\WINDOWS\System32\ff_x264.dll

[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () – C:\WINDOWS\System32\ff_wmv9.dll

[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () – C:\WINDOWS\System32\ff_theora.dll

[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () – C:\WINDOWS\System32\libmplayer.dll

[2008-12-11 12:27:02 | 000,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll

[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll

[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () – C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004-08-22 17:04:56 | 000,069,120 | ---- | C] () – C:\WINDOWS\daemon.dll

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI

[2002-03-04 10:16:34 | 000,110,592 | R— | C] () – C:\WINDOWS\System32\Jpeg32.dll

[2001-10-26 19:27:34 | 000,000,008 | ---- | C] () – C:\WINDOWS\System32\FInstall.sys

< End of report >

Dodane 24.04.2010 (So) 14:10

juz nie wyskakuje to

Dodane 24.04.2010 (So) 14:12

ale google chrome nie chce mi sie właczyć

pisze ze została zle zainicanowana

Nie wiem czy OTL to wszystko usunie Wiem, że SDFix jest nie aktualizowany Jego zadaniem było usunąć podstawowe pliki tej infekcji. Nawet teraz powinien część usunąć, a reszta i tak miała zostać usunięta innymi narzędziami Niestety program się nie uruchomił. Aktualny Combofix zresztą też.

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

W okno Custom Scans/Fixes w OTL wklej:

Klikasz na Run Fix. Jeśli zajdzie taka potrzeba restartujesz komputer. Log z usuwania na forum

Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Run Scan i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu. Loga wklej na http://www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

http://www.wklej.org/id/322404/

http://www.wklej.org/id/322406/

Zrób tak pobierz ponownie Combofixa z tego linku http://rapidshare.com/files/379987384/123.com.html (nazwę specjalnie zmieniłem) Następnie wejdź w tryb awaryjny windows (F8 przed bootem windowsa) Uruchom program dwuklikiem Jak się uda po skanie podaj log na forum Jak nie to pisz spróbujemy jeszcze inaczej

nie da się go odpalić w trybie awaryjnym ładuje sie tylko zielony pasek i koniec

Pobierz The Avenger zaznacz poniższy tekst

kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

Instrukcja obsługi programu http://cybertrash.pl/images/tata/Avenger/Avenger.html

Po usunięciu Od razu wejdź w tryb awaryjny windows i spróbuj uruchomić ponownie Combofixa

http://www.wklejto.pl/65164

Jeśli nie udało się ponownie uruchomić Combofixa to podaj nowy log OTL

http://www.wklejto.pl/65168

nie dało sie combofixa właczyc

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Pobierz The Avenger zaznacz poniższy tekst

kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

Instrukcja obsługi programu http://cybertrash.pl/images/tata/Avenger/Avenger.html

Po tym koniecznie nowy log OTL

ten

Files to delete:

C:\WINDOWS\System32\8605,311.exe

C:\WINDOWS\System32\8740,656.exe

C:\WINDOWS\System32\3480,325.exe

C:\WINDOWS\System32\4437,167.exe

C:\WINDOWS\System32\5557,81.exe

C:\WINDOWS\System32\8605,311.exe

C:\Documents and Settings\as\156718.BAT

C:\Documents and Settings\as\Pulpit\123.com

C:\WINDOWS\System32\8740,656.exe

C:\WINDOWS\System32\126609.BAT

C:\WINDOWS\System32\3480,325.exe

C:\WINDOWS\System32\9750,59.exe

C:\WINDOWS\System32\8991,75.exe

C:\WINDOWS\System32\115796.BAT

C:\WINDOWS\System32\9266,626.exe

C:\WINDOWS\System32\4437,167.exe

C:\WINDOWS\System32\5557,81.exe

C:\WINDOWS\System32\2154,307.exe

C:\WINDOWS\System32\5081,075.exe

C:\WINDOWS\System32\109500.BAT

C:\WINDOWS\System32\6519,892.exe

C:\Documents and Settings\as\156718.BAT

C:\Documents and Settings\as\Pulpit\123.com

C:\WINDOWS\System32\126609.BAT

C:\WINDOWS\System32\9750,59.exe

C:\WINDOWS\System32\8991,75.exe

C:\WINDOWS\System32\115796.BAT

C:\WINDOWS\System32\9266,626.exe

C:\WINDOWS\System32\2154,307.exe

C:\WINDOWS\System32\5081,075.exe

C:\WINDOWS\System32\109500.BAT

C:\WINDOWS\System32\6519,892.exe

Folders to delete:

C:\32788R22FWJFW

jest coś zle bo mi error wyskakuje

Wszystko dobrze wkleiłeś? Jeśli tak to Uruchom OTL klikasz CleanUp

Pobierz Avengera ponownie Skrypt jest OK