Trojan x3. Proszę o sprawdzenie


(Poccnr) #1

Witam!

Antivir wykrył mi 3 trojany, więc wklejam log z prośbą o sprawdzenie :slight_smile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:04:52, on 2010-01-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Filipuś\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\E_S1C.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{6EEE58C5-5950-47BD-92F3-0D3F1FD06416}: NameServer = 10.0.0.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE65A6EF-2A0D-44CA-BCA1-B43E6A874DC6}: NameServer = 208.67.220.220,208.67.222.222 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: karina.dat

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


--

End of file - 6337 bytes

Pozdrawiam!


(Leon$) #2

Pobierz OTListIt2: http://www.searchengines.pl/index.php?s ... =392369 przeskanuj daj log OTListIT.txt oraz Extras.txt.

:slight_smile:


(Poccnr) #3

OTL

OTL logfile created on: 2010-01-13 19:38:26 - Run 1

OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,00 Mb Total Physical Memory | 192,00 Mb Available Physical Memory | 38,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,28 Gb Total Space | 8,75 Gb Free Space | 22,87% Space Free | Partition Type: NTFS

Drive D: | 151,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 974,91 Mb Total Space | 2,95 Mb Free Space | 0,30% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: RYGUSOWI-C3CADC

Current User Name: Administrator

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-01-13 19:37:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

PRC - [2010-01-07 09:03:43 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-11-13 10:48:53 | 00,654,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe

PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009-01-17 15:48:08 | 05,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe

PRC - [2007-12-17 05:00:00 | 00,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE

PRC - [2007-12-13 07:00:00 | 00,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE

PRC - [2007-11-03 05:48:26 | 00,779,776 | ---- | M] () -- C:\Program Files\Ad Muncher\AdMunch.exe

PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-01-11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE

PRC - [2005-09-22 15:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2004-08-03 23:44:30 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-01-13 19:37:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

MOD - [2008-06-19 13:20:08 | 00,017,408 | ---- | M] () -- C:\Program Files\Tlen.pl\hook.dll

MOD - [2007-11-03 05:26:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Ad Muncher\AM28140.dll

MOD - [2006-08-25 16:51:13 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2006-05-03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (WinRoute)

SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007-12-17 05:00:00 | 00,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)

SRV - [2007-01-11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

SRV - [2005-09-22 15:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-01-02 16:59:12 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-11-04 19:19:10 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-07-19 18:46:38 | 00,004,445 | ---- | M] (Esac) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\XKBFILTR.SYS -- (Xkbfiltr)

DRV - [2008-07-19 15:37:42 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008-07-19 15:37:21 | 00,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2008-07-19 15:35:18 | 00,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2008-07-19 15:33:42 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2008-07-19 15:32:36 | 00,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2008-07-19 15:32:15 | 00,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2006-11-03 23:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID)

DRV - [2006-08-16 10:37:30 | 00,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2006-07-24 16:05:00 | 00,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2005-08-06 04:06:32 | 00,028,704 | R--- | M] (USB World) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)

DRV - [2004-08-04 01:35:04 | 00,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2004-08-03 22:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2001-08-18 00:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2001-08-18 00:54:18 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001-08-18 00:54:18 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001-08-17 21:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)

DRV - [2001-08-17 21:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"

FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {aab35b56-0206-4472-9993-9cb5c09bb722}:1.5


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-07 09:03:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-13 19:12:48 | 00,000,000 | ---D | M]


[2010-01-01 17:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions

[2010-01-01 17:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions\MediaCoder

[2010-01-01 17:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions\MediaCoder-MCEX

[2010-01-13 09:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\extensions

[2009-12-22 19:28:58 | 00,000,000 | ---D | M] (Snip It! Button) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}

[2008-02-19 09:14:46 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2009-10-27 18:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\extensions\fastdial@telega.phpnet.us

[2010-01-07 18:23:08 | 00,001,355 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\searchplugins\slownik-alternatywny.xml

[2008-08-21 10:52:11 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nzye9bav.default\searchplugins\youtube-video-search.xml

[2010-01-13 06:13:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-01-23 07:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

[2009-01-09 08:34:24 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2007-07-03 12:13:00 | 00,659,456 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMARBLES.dll

[2009-10-16 19:45:02 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-10-16 19:45:02 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-10-16 19:45:02 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-10-16 19:45:02 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-10-16 19:45:02 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-10-16 19:45:02 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Filipuś\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.

O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (karina.dat) - File not found

O20 - AppInit_DLLs: (FILES\SAM) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-09-04 18:19:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-01-13 19:37:32 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2010-01-13 18:52:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-01-13 18:52:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Pulpit\HJTInstall.exe

[2010-01-12 16:37:25 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity

[2010-01-11 16:12:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010-01-09 01:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje książki elektroniczne

[2010-01-08 14:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\GoodEng

[2010-01-03 13:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\FreeTime

[2010-01-03 13:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2010-01-02 12:11:09 | 00,073,728 | ---- | C] ( ) -- C:\WINDOWS\System\vdremote.dll

[2010-01-02 12:11:09 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System\vdsvrlnk.dll

[2010-01-01 17:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Broad Intelligence

[2010-01-01 17:00:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Broad Intelligence

[2010-01-01 16:57:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010-01-01 16:57:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010-01-01 16:57:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010-01-01 16:57:09 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010-01-01 16:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2010-01-01 16:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira

[2010-01-01 13:13:55 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009-12-30 19:31:47 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomct2.ocx

[2009-12-30 19:31:47 | 00,041,984 | ---- | C] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe

[2009-12-30 19:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Creative

[2009-12-30 19:30:40 | 00,126,976 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Vfw.dll

[2009-12-30 19:30:40 | 00,032,874 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\V0260Cfg.exe

[2009-12-30 19:30:38 | 00,178,913 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Vid.sys

[2009-12-30 19:30:38 | 00,094,208 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Ext.ax

[2009-12-30 19:30:38 | 00,036,864 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Pin.dll

[2009-12-30 19:30:38 | 00,036,864 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamMgr.dll

[2009-12-30 19:30:38 | 00,028,672 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Hwx.dll

[2009-12-30 19:30:38 | 00,024,872 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Cmd.sys

[2009-12-30 19:30:38 | 00,024,576 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamPin.crl

[2009-12-30 19:30:38 | 00,020,480 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Ext.crl

[2009-12-30 19:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Skype

[2009-12-30 19:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009-12-30 19:08:27 | 00,000,000 | R--D | C] -- C:\Program Files\Skype

[2009-12-26 15:31:46 | 00,000,000 | ---D | C] -- C:\fifa99

[2009-12-26 15:31:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder

[2009-12-24 10:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ad Muncher

[2009-12-22 19:53:36 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy

[2008-12-14 18:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia

[2008-12-14 18:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe

[2008-12-14 18:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Mozilla

[2008-12-14 18:12:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Mozilla

[2008-11-20 22:14:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2008-10-10 05:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2007-09-04 18:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2007-09-04 18:18:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-01-13 19:37:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2010-01-13 19:32:04 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-01-13 19:00:38 | 09,437,184 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010-01-13 18:52:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk

[2010-01-13 18:52:32 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Pulpit\HJTInstall.exe

[2010-01-13 18:05:49 | 00,000,100 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Czy ładne..Piękne.url

[2010-01-13 17:42:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-01-13 17:42:00 | 53,590,4256 | -HS- | M] () -- C:\hiberfil.sys

[2010-01-13 14:33:32 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010-01-13 14:33:28 | 03,310,320 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-01-13 11:58:50 | 00,000,147 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\sekr.url

[2010-01-12 21:37:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job

[2010-01-12 16:35:27 | 03,813,536 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\onerepublic - all the right moves.mp3

[2010-01-11 15:42:23 | 00,138,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-10 17:40:27 | 00,020,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\3.jpg

[2010-01-10 14:42:16 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Administrator.acl

[2010-01-09 02:02:58 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls

[2010-01-04 12:32:06 | 00,762,620 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-01-04 12:32:06 | 00,355,820 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-01-04 12:32:06 | 00,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-01-04 12:32:06 | 00,049,608 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-01-04 12:32:06 | 00,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-01-02 16:59:12 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009-12-31 09:08:55 | 00,000,596 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-12-31 09:08:55 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-12-31 09:08:55 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009-12-27 23:44:57 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2009-12-24 19:57:06 | 00,073,728 | ---- | M] ( ) -- C:\WINDOWS\System\vdremote.dll

[2009-12-24 19:56:42 | 00,065,536 | ---- | M] ( ) -- C:\WINDOWS\System\vdsvrlnk.dll

[2009-12-16 12:56:33 | 00,000,346 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\;o-90i00.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-01-13 18:52:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk

[2010-01-13 18:05:22 | 00,000,100 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Czy ładne..Piękne.url

[2010-01-13 11:58:43 | 00,000,147 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\sekr.url

[2010-01-12 16:11:52 | 03,813,536 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\onerepublic - all the right moves.mp3

[2010-01-11 21:36:46 | 00,050,847 | ---- | C] () -- C:\WINDOWS\System32\drvcom64.ocx

[2010-01-10 17:25:25 | 00,020,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\3.jpg

[2009-12-30 19:33:09 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd

[2009-12-30 19:30:40 | 00,004,352 | R--- | C] () -- C:\WINDOWS\VF0260.uns

[2009-12-30 19:30:37 | 00,197,522 | R--- | C] () -- C:\WINDOWS\System32\V0260530.set

[2009-11-28 10:19:12 | 00,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI

[2009-11-04 11:24:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI

[2009-01-31 16:15:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008-12-17 18:27:19 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008-12-17 18:22:20 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDE SX200EXPORT.ini

[2008-07-31 16:47:17 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-07-23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008-07-23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008-07-23 17:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2008-07-09 08:32:26 | 00,000,089 | ---- | C] () -- C:\WINDOWS\MediaManager.INI

[2008-07-08 11:12:17 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI

[2008-07-07 15:12:04 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2008-02-15 16:13:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2008-02-15 16:09:36 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2008-02-02 11:14:26 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

[2007-10-31 13:47:54 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\addr_file.html

[2007-09-16 09:25:26 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-09-09 21:50:09 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2007-09-07 16:53:03 | 00,138,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\Administrator\Moje dokumenty\3.jpg:VsoSummaryInformation

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E00596C

< End of report >

Extras

OTL Extras logfile created on: 2010-01-13 19:38:26 - Run 1

OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,00 Mb Total Physical Memory | 192,00 Mb Available Physical Memory | 38,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,28 Gb Total Space | 8,75 Gb Free Space | 22,87% Space Free | Partition Type: NTFS

Drive D: | 151,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 974,91 Mb Total Space | 2,95 Mb Free Space | 0,30% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: RYGUSOWI-C3CADC

Current User Name: Administrator

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1

"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.0.140

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"Ad Muncher" = Ad Muncher

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitTorrent" = BitTorrent

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall

"HijackThis" = HijackThis 2.0.2

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"Nvu_is1" = Nvu 1.0

"Tlen.pl" = Tlen.pl

"WinRAR archiver" = Archiwizator WinRAR

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0


[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]


[HKEY_USERS\S-1-5-21-1343024091-1060284298-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2010-01-11 10:58:59 | Computer Name = RYGUSOWI-C3CADC | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3642, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-11 10:58:59 | Computer Name = RYGUSOWI-C3CADC | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3642, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-11 11:12:43 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 11:17:46 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 11:27:27 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 11:43:56 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 11:44:32 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 11:45:07 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd speed2.exe, wersja 0.0.0.0, moduł powodujący

 błąd speed2.exe, wersja 0.0.0.0, adres błędu 0x001794f7.


Error - 2010-01-11 16:16:59 | Computer Name = RYGUSOWI-C3CADC | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca fifa99.exe, wersja 0.0.0.0, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-01-12 11:20:19 | Computer Name = RYGUSOWI-C3CADC | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.3156, moduł

 powodujący błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x00011a5e.


[System Events]

Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842784

Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFCLOC; ostatni

 błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.  


Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.MFCLOC.

Odpowiedni

 komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .


Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Generate Activation Context nie powiodło się dla C:\Program Files\FreeTime\FormatFactory\MFC80U.DLL.

Odpowiedni

 komunikat o błędzie: Operacja ukończona pomyślnie. .


Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842784

Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFCLOC; ostatni

 błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.  


Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.MFCLOC.

Odpowiedni

 komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .


Error - 2010-01-03 08:42:30 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Generate Activation Context nie powiodło się dla C:\Program Files\FreeTime\FormatFactory\MFC80U.DLL.

Odpowiedni

 komunikat o błędzie: Operacja ukończona pomyślnie. .


Error - 2010-01-04 07:29:57 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842784

Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.MFCLOC; ostatni

 błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.  


Error - 2010-01-04 07:29:57 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.MFCLOC.

Odpowiedni

 komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .


Error - 2010-01-04 07:29:57 | Computer Name = RYGUSOWI-C3CADC | Source = SideBySide | ID = 16842811

Description = Generate Activation Context nie powiodło się dla C:\Program Files\FreeTime\FormatFactory\MFC80U.DLL.

Odpowiedni

 komunikat o błędzie: Operacja ukończona pomyślnie. .


Error - 2010-01-06 15:58:52 | Computer Name = RYGUSOWI-C3CADC | Source = System Error | ID = 1003

Description = Kod błędu 10000050, parametr 1 e4aff328, parametr 2 00000000, parametr

 3 bf9d7ec7, parametr 4 00000002.



< End of report >

tak dobrze?

-- Dodane 13.01.2010 (Śr) 22:53 --

[-o<

-- Dodane 14.01.2010 (Cz) 18:08 --

nadal bez odp.? ;(

:roll: