Witam serdecznie,
pozwolę sobie przyłączyć się do wątku.
Mam dokładnie taki sam problem jak opisany powyżej.
Przeprowadziłem 2 zalecane operacje w programie OTL.
Po zakończeniu przeskanowałem system Avastem i okzało, że o pliku “x” jest już czysto ale teraz pokazuje tego samego pasożyta w następującej ścieżce:
D:\System Volume Information_restore{1F3A50D5-1C96-4D1A-995.
To był któryś z rzędu sposób sugerowany na różnych forach aby usunąć to coś, ale za każdym razem problem w jednym miejscu znika ale pojawia się w następnym.
Wklejam poniżej 2 logi powstałe po pierwszej i drugiej czynności w OTL.
Byłbym bardzo wdzięczny za pomoc bo już nie mam pomysłów jak sobie z tym poradzić.
Pozdrawiam,
Arek Ciesielski
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\WINDOWS\System32\x not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Marta i Arek
->Temp folder emptied: 808154 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 60163474 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 367111 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 60,69 mb
D:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.1.6.0 log created on 03152010_214639
Files\Folders moved on Reboot…
File move failed. D:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
D:\WINDOWS\temp\Perflib_Perfdata_ac.dat moved successfully.
Registry entries deleted on Reboot…
…
OTL logfile created on: 2010-03-15 21:52:17 - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = D:\Documents and Settings\Marta i Arek\Moje dokumenty\Pobieranie
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 69,64 Gb Total Space | 17,96 Gb Free Space | 25,79% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 56,63 Gb Free Space | 81,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CIESIELS-8D531D
Current User Name: Marta i Arek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-03-15 21:48:52 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\temp\RtkBtMnt.exe
PRC - [2010-03-15 21:45:13 | 00,529,408 | ---- | M] (OldTimer Tools) – D:\Documents and Settings\Marta i Arek\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2009-11-10 17:22:24 | 00,289,584 | ---- | M] (BitTorrent, Inc.) – D:\Program Files\uTorrent\uTorrent.exe
PRC - [2009-11-03 04:41:11 | 00,908,248 | ---- | M] (Mozilla Corporation) – D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) – D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashDisp.exe
PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashServ.exe
PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashMaiSv.exe
PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashWebSv.exe
PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\aswUpdSv.exe
PRC - [2008-04-04 14:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) – D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007-08-27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) – D:\Program Files\Ad-Aware 2007\aawservice.exe
PRC - [2007-08-08 15:53:16 | 00,088,024 | ---- | M] () – D:\Program Files\Ad-Aware 2007\AAWTray.exe
PRC - [2007-05-29 07:32:00 | 16,132,608 | ---- | M] (Realtek Semiconductor Corp.) – D:\WINDOWS\RTHDCPL.exe
PRC - [2007-04-21 04:57:00 | 00,252,696 | ---- | M] (Intel Corporation) – D:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007-04-21 04:57:00 | 00,162,584 | ---- | M] (Intel Corporation) – D:\WINDOWS\system32\hkcmd.exe
PRC - [2007-04-21 04:57:00 | 00,142,104 | ---- | M] (Intel Corporation) – D:\WINDOWS\system32\igfxtray.exe
PRC - [2007-04-21 04:57:00 | 00,138,008 | ---- | M] (Intel Corporation) – D:\WINDOWS\system32\igfxpers.exe
PRC - [2006-12-19 14:16:20 | 00,079,432 | ---- | M] (Broadcom Corporation) – D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2004-08-04 13:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\explorer.exe
PRC - [2004-08-04 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004-08-04 13:00:00 | 00,196,608 | ---- | M] () – \?\D:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2004-08-04 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-04 00:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) – D:\Program Files\Messenger\msmsgs.exe
========== Modules (SafeList) ==========
MOD - [2010-03-15 21:45:13 | 00,529,408 | ---- | M] (OldTimer Tools) – D:\Documents and Settings\Marta i Arek\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2004-08-04 13:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 13:00:00 | 00,245,760 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\netui1.dll
MOD - [2004-08-04 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004-08-04 13:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\netui0.dll
MOD - [2004-08-04 13:00:00 | 00,043,520 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\ntlanman.dll
MOD - [2004-08-04 13:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\davclnt.dll
MOD - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\drprov.dll
MOD - [2004-08-04 13:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\netrap.dll
========== Win32 Services (SafeList) ==========
SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashServ.exe – (avast! Antivirus)
SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashMaiSv.exe – (avast! Mail Scanner)
SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\ashWebSv.exe – (avast! Web Scanner)
SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) – D:\Program Files\Avast4\aswUpdSv.exe – (aswUpdSv)
SRV - [2008-04-04 14:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) – D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe – (Diskeeper)
SRV - [2007-08-27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) – D:\Program Files\Ad-Aware 2007\aawservice.exe – (aawservice)
SRV - [2006-12-19 14:16:20 | 00,079,432 | ---- | M] (Broadcom Corporation) – D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe – (ASFIPmon)
SRV - [2004-08-04 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll – (helpsvc)
SRV - [2004-08-04 01:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) – D:\WINDOWS\system32\irmon.dll – (Irmon)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) – D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose)
========== Driver Services (SafeList) ==========
DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aswmon2.sys – (aswMon2)
DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aswSP.sys – (aswSP)
DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aswTdi.sys – (aswTdi)
DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aswRdr.sys – (aswRdr)
DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) – D:\WINDOWS\system32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2007-05-31 11:04:00 | 04,424,192 | ---- | M] (Realtek Semiconductor Corp.) – D:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)
DRV - [2007-04-17 05:16:00 | 05,760,096 | ---- | M] (Intel Corporation) – D:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)
DRV - [2007-02-16 15:46:00 | 00,160,256 | R— | M] (Broadcom Corporation) – D:\WINDOWS\system32\drivers\b57xp32.sys – (b57w2k)
DRV - [2007-01-25 05:44:00 | 00,290,304 | ---- | M] (Texas Instruments) – D:\WINDOWS\system32\drivers\tifm21.sys – (tifm21)
DRV - [2006-12-23 02:56:00 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) – D:\WINDOWS\system32\drivers\HSF_DPV.sys – (HSF_DPV)
DRV - [2006-12-23 02:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) – D:\WINDOWS\system32\drivers\HSFHWAZL.sys – (HSFHWAZL)
DRV - [2006-12-23 02:55:00 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) – D:\WINDOWS\system32\drivers\HSF_CNXT.sys – (winachsf)
DRV - [2006-12-19 14:16:24 | 00,010,480 | ---- | M] (Broadcom Corporation) – D:\Program Files\Broadcom\ASFIPMon\BASFND.sys – (BASFND)
DRV - [2006-10-12 15:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) – D:\WINDOWS\system32\drivers\bcmwl5.sys – (BCM43XX)
DRV - [2006-06-20 05:26:00 | 00,012,672 | ---- | M] (Conexant) – D:\WINDOWS\system32\drivers\mdmxsdk.sys – (mdmxsdk)
DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) – D:\WINDOWS\system32\drivers\Hdaudbus.sys – (HDAudBus)
DRV - [2004-08-04 13:00:00 | 00,027,440 | ---- | M] () – D:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)
DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – D:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)
DRV - [2004-08-04 00:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) – D:\WINDOWS\system32\drivers\nscirda.sys – (NSCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl … ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…browser.startup.homepage: “www.gazeta.pl”
FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\Components: D:\Program Files\Mozilla Firefox\components [2010-03-15 16:53:56 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-03-15 16:53:47 | 00,000,000 | —D | M]
[2010-03-15 16:54:13 | 00,000,000 | —D | M] – D:\Documents and Settings\Marta i Arek\Dane aplikacji\Mozilla\Extensions
[2010-03-15 16:54:13 | 00,000,000 | —D | M] – D:\Documents and Settings\Marta i Arek\Dane aplikacji\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-03-15 16:54:13 | 00,000,000 | —D | M] – D:\Documents and Settings\Marta i Arek\Dane aplikacji\Mozilla\Firefox\Profiles\qf1m0xfk.default\extensions
[2010-03-15 16:53:48 | 00,000,000 | —D | M] – D:\Program Files\Mozilla Firefox\extensions
[2010-03-15 16:53:48 | 00,000,000 | —D | M] – D:\Program Files\Mozilla Firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-03 04:41:11 | 00,023,512 | ---- | M] (Mozilla Foundation) – D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-03 04:41:11 | 00,137,176 | ---- | M] (Mozilla Foundation) – D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009-11-03 04:41:11 | 00,064,984 | ---- | M] (mozilla.org) – D:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009-11-03 02:54:10 | 00,002,767 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-03 02:54:10 | 00,001,406 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-03 02:54:10 | 00,002,371 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-11-03 02:54:10 | 00,000,917 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-03 02:54:10 | 00,000,858 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-03 02:54:10 | 00,001,183 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-03 02:54:10 | 00,001,683 | ---- | M] () – D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: (98 bytes) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM…\Run: [AAWTray] D:\Program Files\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM…\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [avast!] D:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM…\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM…\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM…\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM…\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKCU…\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU…\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh … wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-08 13:38:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] – “%1” %* File not found
O35 - exefile [open] – “%1” %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2010-03-15 21:51:04 | 00,000,000 | —D | C] – D:\WINDOWS\System32\x
[2010-03-15 21:49:18 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Pulpit\otl
[2010-03-15 21:49:18 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Pulpit\Nowy folder
[2010-03-15 21:46:39 | 00,000,000 | —D | C] – D:_OTL
[2010-03-15 20:48:37 | 00,052,368 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswTdi.sys
[2010-03-15 20:48:37 | 00,023,152 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswRdr.sys
[2010-03-15 20:48:36 | 00,027,408 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aavmker4.sys
[2010-03-15 20:48:35 | 00,097,480 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\AvastSS.scr
[2010-03-15 20:48:34 | 00,114,768 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswSP.sys
[2010-03-15 20:48:34 | 00,094,160 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswmon2.sys
[2010-03-15 20:48:34 | 00,093,424 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswmon.sys
[2010-03-15 20:48:34 | 00,020,560 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-03-15 20:48:15 | 01,279,968 | ---- | C] (ALWIL Software) – D:\WINDOWS\System32\aswBoot.exe
[2010-03-15 20:01:21 | 00,212,480 | ---- | C] (SteelWerX) – D:\WINDOWS\SWXCACLS.exe
[2010-03-15 20:01:21 | 00,161,792 | ---- | C] (SteelWerX) – D:\WINDOWS\SWREG.exe
[2010-03-15 20:01:21 | 00,136,704 | ---- | C] (SteelWerX) – D:\WINDOWS\SWSC.exe
[2010-03-15 20:01:21 | 00,031,232 | ---- | C] (NirSoft) – D:\WINDOWS\NIRCMD.exe
[2010-03-15 20:01:14 | 00,000,000 | —D | C] – D:\WINDOWS\ERDNT
[2010-03-15 20:00:20 | 00,000,000 | —D | C] – D:\Qoobox
[2010-03-15 19:58:30 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Pulpit\Combo
[2010-03-15 19:12:02 | 00,000,000 | —D | C] – D:\Program Files\Ad-Aware 2007
[2010-03-15 19:12:02 | 00,000,000 | —D | C] – D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
[2010-03-15 19:11:28 | 00,000,000 | —D | C] – D:\Program Files\Common Files\Wise Installation Wizard
[2010-03-15 18:40:04 | 00,208,744 | ---- | C] (Microsoft Corporation) – D:\WINDOWS\System32\muweb.dll
[2010-03-15 18:40:04 | 00,027,496 | ---- | C] (Microsoft Corporation) – D:\WINDOWS\System32\mucltui.dll.mui
[2010-03-15 18:40:03 | 00,268,648 | ---- | C] (Microsoft Corporation) – D:\WINDOWS\System32\mucltui.dll
[2010-03-15 18:31:08 | 00,000,000 | —D | C] – D:\WINDOWS\ERUNT
[2010-03-15 18:28:02 | 00,000,000 | —D | C] – D:\SDFix
[2010-03-15 18:26:35 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Moje dokumenty\Pobieranie
[2010-03-15 16:53:54 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\Mozilla
[2010-03-15 16:53:54 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Dane aplikacji\Mozilla
[2010-03-15 16:53:46 | 00,000,000 | —D | C] – D:\Program Files\Mozilla Firefox
[2010-03-11 22:50:29 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-03-11 22:49:56 | 00,000,000 | —D | C] – D:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2010-03-11 22:49:46 | 00,000,000 | —D | C] – D:\Program Files\Common Files\Adobe
[2010-03-11 22:49:46 | 00,000,000 | —D | C] – D:\Program Files\Adobe
[2010-03-11 18:53:57 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Pulpit\Tax
[2010-03-09 21:48:01 | 01,060,864 | ---- | C] (Microsoft Corporation) – D:\WINDOWS\System32\MFC71.dll
[2010-03-09 21:47:59 | 00,000,000 | —D | C] – D:\Program Files\Avast4
[2010-03-09 21:39:54 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\Temp
[2010-03-09 21:39:51 | 00,000,000 | —D | C] – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\Google
========== Files - Modified Within 30 Days ==========
[2010-03-15 21:52:21 | 00,763,990 | ---- | M] () – D:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-15 21:52:21 | 00,356,068 | ---- | M] () – D:\WINDOWS\System32\perfh015.dat
[2010-03-15 21:52:21 | 00,311,938 | ---- | M] () – D:\WINDOWS\System32\perfh009.dat
[2010-03-15 21:52:21 | 00,049,910 | ---- | M] () – D:\WINDOWS\System32\perfc015.dat
[2010-03-15 21:52:21 | 00,040,326 | ---- | M] () – D:\WINDOWS\System32\perfc009.dat
[2010-03-15 21:48:09 | 00,000,006 | -H-- | M] () – D:\WINDOWS\tasks\SA.DAT
[2010-03-15 21:48:04 | 00,002,048 | --S- | M] () – D:\WINDOWS\bootstat.dat
[2010-03-15 21:46:54 | 02,359,296 | -H-- | M] () – D:\Documents and Settings\Marta i Arek\NTUSER.DAT
[2010-03-15 21:46:54 | 00,000,188 | -HS- | M] () – D:\Documents and Settings\Marta i Arek\ntuser.ini
[2010-03-15 21:46:47 | 00,000,098 | ---- | M] () – D:\WINDOWS\System32\drivers\etc\Hosts
[2010-03-15 20:49:48 | 05,873,518 | -H-- | M] () – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-15 20:48:37 | 00,001,528 | ---- | M] () – D:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2010-03-15 20:48:34 | 00,002,636 | ---- | M] () – D:\WINDOWS\System32\CONFIG.NT
[2010-03-15 20:14:24 | 00,000,227 | ---- | M] () – D:\WINDOWS\system.ini
[2010-03-15 18:30:21 | 00,000,162 | -H-- | M] () – D:\Documents and Settings\Marta i Arek\Pulpit~$bierz program SDFix.doc
[2010-03-15 16:53:59 | 00,000,000 | ---- | M] () – D:\WINDOWS\nsreg.dat
[2010-03-14 22:57:30 | 00,020,480 | ---- | M] () – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-14 22:54:56 | 00,000,701 | ---- | M] () – D:\Documents and Settings\Marta i Arek\Pulpit\Skrót do Downloads.lnk
[2010-03-13 20:22:45 | 00,002,300 | ---- | M] () – D:\WINDOWS\System32\wpa.dbl
[2010-03-12 21:02:08 | 00,020,480 | ---- | M] () – D:\Documents and Settings\Marta i Arek\Pulpit\praca Marta.doc
========== Files Created - No Company Name ==========
[2010-03-15 20:48:37 | 00,001,528 | ---- | C] () – D:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2010-03-15 20:48:15 | 00,380,928 | ---- | C] () – D:\WINDOWS\System32\actskin4.ocx
[2010-03-15 20:01:21 | 00,260,608 | ---- | C] () – D:\WINDOWS\PEV.exe
[2010-03-15 20:01:21 | 00,098,816 | ---- | C] () – D:\WINDOWS\sed.exe
[2010-03-15 20:01:21 | 00,080,412 | ---- | C] () – D:\WINDOWS\grep.exe
[2010-03-15 20:01:21 | 00,077,312 | ---- | C] () – D:\WINDOWS\MBR.exe
[2010-03-15 20:01:21 | 00,068,096 | ---- | C] () – D:\WINDOWS\zip.exe
[2010-03-15 18:30:21 | 00,000,162 | -H-- | C] () – D:\Documents and Settings\Marta i Arek\Pulpit~$bierz program SDFix.doc
[2010-03-15 16:53:59 | 00,000,000 | ---- | C] () – D:\WINDOWS\nsreg.dat
[2010-03-14 22:54:56 | 00,000,701 | ---- | C] () – D:\Documents and Settings\Marta i Arek\Pulpit\Skrót do Downloads.lnk
[2010-03-12 20:59:22 | 00,020,480 | ---- | C] () – D:\Documents and Settings\Marta i Arek\Pulpit\praca Marta.doc
[2009-11-10 17:09:33 | 00,017,464 | ---- | C] () – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-09 19:33:42 | 00,000,421 | ---- | C] () – D:\WINDOWS\ODBC.INI
[2009-11-08 15:17:46 | 00,178,176 | ---- | C] () – D:\WINDOWS\System32\unrar.dll
[2009-11-08 15:17:45 | 00,000,038 | ---- | C] () – D:\WINDOWS\avisplitter.ini
[2009-11-08 15:17:44 | 00,881,664 | ---- | C] () – D:\WINDOWS\System32\xvidcore.dll
[2009-11-08 15:17:44 | 00,205,824 | ---- | C] () – D:\WINDOWS\System32\xvidvfw.dll
[2009-11-08 15:17:43 | 03,596,288 | ---- | C] () – D:\WINDOWS\System32\qt-dx331.dll
[2009-11-08 15:17:41 | 00,085,504 | ---- | C] () – D:\WINDOWS\System32\ff_vfw.dll
[2009-11-08 15:17:41 | 00,000,547 | ---- | C] () – D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-11-08 14:36:39 | 05,873,518 | -H-- | C] () – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-08 14:32:01 | 00,910,464 | ---- | C] () – D:\WINDOWS\System32\igmedkrn.dll
[2009-11-08 14:32:01 | 00,204,800 | ---- | C] () – D:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009-11-08 14:11:12 | 00,000,062 | -HS- | C] () – D:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2009-11-08 13:50:33 | 00,020,480 | ---- | C] () – D:\Documents and Settings\Marta i Arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-08 13:43:37 | 00,000,062 | -HS- | C] () – D:\Documents and Settings\Marta i Arek\Dane aplikacji\desktop.ini
[2004-08-04 13:00:00 | 00,081,920 | ---- | C] () – D:\WINDOWS\System32\ieencode.dll
[2004-08-04 13:00:00 | 00,027,440 | ---- | C] () – D:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-04 13:00:00 | 00,000,477 | ---- | C] () – D:\WINDOWS\win.ini
[2004-08-04 13:00:00 | 00,000,227 | ---- | C] () – D:\WINDOWS\system.ini
========== Custom Scans ==========
< :OTL >
< >
< :Files >
< C:\WINDOWS\System32\x >
< >
< :Commands >
< [emptytemp] >
< [resethosts] >
< [Reboot] >
< End of report >