Heur.w32

[mirekg1963]

Znowu mam kłopoty z tym samym farfoclem. Chcę clamwina uruchomić a on się ze mną w kotka i myszke zabawia, znika!
Daje co trzeba z OTListl t2 i proszę o zerknięcie i ewentualną podpowiedź
OTListIt.txt

Kod: Zaznacz wszystko

OTListIt logfile created on: 2009-05-20 17:55:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

447,48 Mb Total Physical Memory | 211,51 Mb Available Physical Memory | 47,27% Memory free
1,03 Gb Paging File | 0,84 Gb Available in Paging File | 81,66% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 65,54 Gb Free Space | 87,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPN21
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-02-22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008-09-30 16:48:18 | 07,493,632 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008-09-30 16:50:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-05-20 17:32:38 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\winpdawh.exe
PRC - [2008-04-14 19:21:19 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-05-20 17:55:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-04-27 11:56:31 | 01,022,800 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - File not found --  -- (asc3360pr [On_Demand | Running])
DRV - [2009-04-15 21:22:30 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009-04-16 17:46:51 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-16 15:12:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-16 15:12:57 | 00,000,000 | ---D | M]

[2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions
[2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-19 17:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions
[2009-05-14 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-05-06 15:07:09 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\l4401bj6.default\searchplugins\ask.xml
[2009-05-11 13:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-04-29 12:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-04-29 12:46:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 12:46:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon (alch)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cab (GameDesire Card Games)
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cab (Ganymede Board Games)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239897967046 (WUWebControl Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-15 21:02:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c8af45c-4458-11de-8d2f-001a4d80ed79}\Shell - "" = AutoRun
O33 - MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-20 17:55:03 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-05-20 17:54:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe
[2009-05-20 17:38:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009-05-20 17:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\.clamwin
[2009-05-20 17:36:05 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ClamWin Antivirus.lnk
[2009-05-20 17:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2009-05-20 17:33:19 | 27,864,708 | ---- | C] (alch                                                        ) -- C:\Documents and Settings\Właściciel\Pulpit\clamwin-0.95.1-setup.exe
[2009-05-19 16:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\DiskTrix
[2009-05-19 16:23:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-05-16 15:12:07 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple
[2009-05-16 15:11:45 | 00,000,000 | ---D | C] -- C:\downloads
[2009-05-16 15:11:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GrabPro
[2009-05-16 15:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Orbit
[2009-05-14 12:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google
[2009-05-13 14:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Help
[2009-05-13 14:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex
[2009-05-13 14:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG
[2009-05-13 13:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2009-05-12 21:19:56 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc1395793746.bin
[2009-05-12 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet
[2009-05-11 20:27:43 | 37,464,624 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi
[2009-05-11 20:25:15 | 20,413,054 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi
[2009-05-11 20:24:34 | 14,883,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13
[2009-05-11 20:23:29 | 24,458,482 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi
[2009-05-11 20:20:52 | 09,646,736 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi
[2009-05-11 20:19:51 | 50,015,052 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi
[2009-05-11 13:47:11 | 14,094,621 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1
[2009-05-11 13:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Desktopicon
[2009-05-11 13:32:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009-05-11 13:31:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Received Files
[2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Music
[2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\BearShare
[2009-05-07 15:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\12399
[2009-05-07 15:55:53 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Smiley.ico
[2009-05-07 14:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-05-07 14:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\WinRAR
[2009-05-07 14:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009-05-07 14:10:36 | 01,382,845 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe
[2009-05-06 18:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Porno Links XP
[2009-05-06 15:42:36 | 00,000,000 | RHSD | C] -- C:\SYSTEM
[2009-05-06 15:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\AskSearch
[2009-05-06 15:06:02 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009-05-06 15:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\DVDVideoSoft
[2009-05-06 15:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009-05-06 14:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto
[2009-04-29 12:27:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-04-28 18:28:17 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-28 18:28:17 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-28 18:27:56 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009-04-28 18:21:57 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-28 18:21:56 | 02,190,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009-04-28 18:21:55 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-28 18:21:55 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-28 18:21:55 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-28 18:21:55 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-28 18:21:55 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-28 18:21:54 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-28 18:21:54 | 00,722,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-28 18:21:54 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-28 18:21:53 | 02,146,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009-04-28 18:21:52 | 02,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009-04-28 18:18:23 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009-04-28 18:18:05 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009-04-28 18:17:00 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009-04-28 18:16:31 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009-04-28 18:15:22 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009-04-28 18:13:15 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009-04-28 18:13:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009-04-24 13:22:44 | 00,000,412 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\spider.sav
[2009-04-24 13:00:19 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Moje dokumenty.lnk
[2009-04-24 13:00:03 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mój komputer.lnk
[2009-04-23 18:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia
[2009-04-23 18:48:03 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2009-04-23 18:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia
[2009-04-23 18:39:27 | 00,001,838 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2009-04-23 18:39:25 | 00,000,000 | ---D | C] -- C:\Program Files\Asprate
[2009-04-22 14:36:04 | 00,011,352 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Nowy OpenDocument Dokument tekstowy.odt
[2009-04-20 19:09:44 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-04-20 19:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2009-04-20 19:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009-04-20 19:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009-04-20 19:03:58 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
[2009-04-20 19:03:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenOffice.org
[2009-04-20 19:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-03-02 14:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 14:00:00 | 00,000,263 | ---- | C] () -- C:\WINDOWS\system.ini

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009-05-20 17:55:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe
[2009-05-20 17:36:05 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ClamWin Antivirus.lnk
[2009-05-20 17:35:34 | 27,864,708 | ---- | M] (alch                                                        ) -- C:\Documents and Settings\Właściciel\Pulpit\clamwin-0.95.1-setup.exe
[2009-05-20 17:29:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-05-20 17:29:09 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\desktop.ini
[2009-05-20 17:29:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-20 17:29:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-19 16:28:09 | 00,000,263 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-05-19 13:54:16 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009-05-18 11:08:53 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-16 15:12:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-05-12 21:19:56 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-05-12 21:19:56 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\proc1395793746.bin
[2009-05-11 20:31:39 | 37,464,624 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi
[2009-05-11 20:27:43 | 14,883,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13
[2009-05-11 20:27:18 | 20,413,054 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi
[2009-05-11 20:25:25 | 24,458,482 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi
[2009-05-11 20:22:41 | 50,015,052 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi
[2009-05-11 20:22:06 | 09,646,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi
[2009-05-11 17:47:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-05-11 16:19:03 | 14,094,621 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1
[2009-05-11 13:38:09 | 00,866,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-05-11 13:38:09 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-05-11 13:38:09 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-11 13:38:09 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-05-11 13:38:09 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-07 14:10:49 | 01,382,845 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe
[2009-04-29 11:11:02 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-04-27 11:57:12 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-04-24 13:22:44 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\spider.sav
[2009-04-24 13:00:19 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Moje dokumenty.lnk
[2009-04-24 13:00:03 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mój komputer.lnk
[2009-04-23 18:48:03 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2009-04-23 18:39:27 | 00,001,838 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2009-04-22 14:35:48 | 00,011,352 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Nowy OpenDocument Dokument tekstowy.odt
[2009-04-20 19:09:44 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-04-20 19:03:58 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk

[color=orange]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317
< End of report >


oraz Extras. txt

Kod: Zaznacz wszystko

OTListIt Extras logfile created on: 2009-05-20 17:55:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

447,48 Mb Total Physical Memory | 211,51 Mb Available Physical Memory | 47,27% Memory free
1,03 Gb Paging File | 0,84 Gb Available in Paging File | 81,66% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 65,54 Gb Free Space | 87,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPN21
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004-02-10 12:30:44 | 00,155,648 | ---- | M] (Valve) -- C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher
[2005-03-31 11:18:49 | 00,790,528 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny
[2009-05-08 10:14:27 | 00,812,544 | ---- | M] () -- C:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2
[2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
File not found -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
[2008-04-14 19:21:19 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Documents and Settings\Właściciel\Pulpit\UltimateDefrag Freeware Edition 1.72\UltimateDefragFREEPublicDomainEditionSetup.exe:*:Enabled:ipsec
[2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rtnqwa.exe:*:Enabled:ipsec
[2006-10-31 08:35:00 | 01,695,744 | ---- | M] () -- C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wintxhx.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpkkre.exe:*:Enabled:ipsec
[2008-09-30 16:48:18 | 07,493,632 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winbwbnjy.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winwnfuh.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winolavtw.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winfflhe.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winostmv.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vnvk.exe:*:Enabled:ipsec
[2009-05-20 17:32:38 | 00,019,456 | ---- | M] () -- C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpdawh.exe:*:Enabled:ipsec

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.1
"Gadu-Gadu" = Gadu-Gadu 6.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 11.3_is1" = Odkurzacz 11.3
"SkanerOnline" = Skaner on-line mks_vir
"Tibia_is1" = Tibia
"TibiaBot NG_is1" = TibiaBot NG 4.8.8
"TMIPC" = Tibia MULTI-ip changer
"UltimateDefrag V1 FREE Public Domain Version" = UltimateDefrag V1 FREE Public Domain Version
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2009-05-07 08:20:00 | Computer Name = XPN21 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tibia.exe, wersja 8.4.2.0, moduł powodujący
błąd hook.dll, wersja 0.0.0.0, adres błędu 0x0008efd1.

Error - 2009-05-07 09:12:14 | Computer Name = XPN21 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tibia.exe, wersja 8.4.2.0, moduł powodujący
błąd hook.dll, wersja 0.0.0.0, adres błędu 0x0008efd1.

Error - 2009-05-08 06:40:47 | Computer Name = XPN21 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.5512, moduł
powodujący błąd acroiehelper.dll, wersja 9.1.0.163, adres błędu 0x00001387.

Error - 2009-05-08 07:40:05 | Computer Name = XPN21 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x01490644.

Error - 2009-05-11 07:43:37 | Computer Name = XPN21 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 dt.exe, P2 3.0.0.3, P3 48b37ee9, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 32f8, P8 21c, P9 system.io.ioexception, P10 NIL.


< End of report >


[wojtas]

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Reg Error: Key error. File not found
O33 - MountPoints2\{0c8af45c-4458-11de-8d2f-001a4d80ed79}\Shell - "" = AutoRun
O33 - MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\Shell\open\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell - "" = AutoRun

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .



1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

Malwarebytes Anti-Malware.

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

[mirekg1963]

kochaniutki to mi się rodzi na trzecim kompie już. Clamwin nie chce wogóle się odpalić po prostu znika. Wykonałem wszystko co mi zaordynowałeś a raczej próbowałem bo : Dr Web Curelt kiedy tylko go chlasnę w link wyłącza przeglądarkę a
http://www.kaspersky.pl/virusscanner.html oznajmia że nie ma takiej strony. Także nie bardzo Ci mam co pokazać. Jedynie to co zostało po fix-ie OTlist It2 ? Nie wiem ale dam a co tam

Kod: Zaznacz wszystko

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c8af45c-4458-11de-8d2f-001a4d80ed79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c8af45c-4458-11de-8d2f-001a4d80ed79}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\ not found.
File D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ce4683f-3a38-11de-8d02-001a4d80ed79}\ not found.
File D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8988c65e-421a-11de-8d29-001a4d80ed79}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8988c65e-421a-11de-8d29-001a4d80ed79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8988c65e-421a-11de-8d29-001a4d80ed79}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\gjkjj.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05202009_202144

Files moved on Reboot...
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\gjkjj.exe moved successfully.

Registry entries deleted on Reboot...


[wojtas]

to daj loga z combofixa jeszcze

[mirekg1963]

Log ostatniej szansy co?? Zasyłam i ozdrawiam!

Kod: Zaznacz wszystko

ComboFix 09-05-20.A1 - Właściciel 2009-05-21 19:22.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.447.202 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-21 do 2009-05-21  )))))))))))))))))))))))))))))))
.

2009-05-20 18:44 . 2009-04-06 13:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-20 18:44 . 2009-04-06 13:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 18:44 . 2009-05-20 18:44   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-05-20 18:44 . 2009-05-21 17:08   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-19 14:35 . 2009-05-19 14:35   --------   d-----w   c:\program files\DiskTrix
2009-05-16 13:12 . 2009-05-16 13:12   --------   d-----w   c:\program files\Apple Software Update
2009-05-16 13:12 . 2009-05-16 13:12   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple
2009-05-16 13:11 . 2009-05-16 13:32   --------   d-----w   C:\downloads
2009-05-13 12:52 . 2009-05-15 07:36   --------   d-----w   c:\program files\WinHex
2009-05-13 12:50 . 2009-05-13 12:51   --------   d-----w   c:\program files\TibiaBot NG
2009-05-13 11:26 . 2009-05-20 15:47   --------   d-----w   c:\program files\SkanerOnline
2009-05-12 19:19 . 2009-05-12 19:19   4   ----a-w   c:\windows\system32\proc1395793746.bin
2009-05-07 13:56 . 2009-05-07 13:56   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\12399
2009-05-07 12:18 . 2009-05-18 17:10   --------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-05-06 16:07 . 2009-05-11 10:30   --------   d-----w   c:\program files\Porno Links XP
2009-05-06 13:42 . 2009-05-20 18:55   --------   d-sh--r   C:\SYSTEM
2009-05-06 13:06 . 2009-05-06 13:06   --------   d-----w   c:\program files\AskSearch
2009-05-06 13:06 . 2002-01-05 13:37   344064   ----a-w   c:\windows\system32\msvcr70.dll
2009-05-06 13:05 . 2009-05-11 10:29   --------   d-----w   c:\program files\Common Files\DVDVideoSoft
2009-05-06 12:13 . 2009-05-19 14:23   --------   d-----w   c:\program files\Tibia Auto
2009-04-28 16:28 . 2008-04-21 21:16   218112   -c----w   c:\windows\system32\dllcache\wordpad.exe
2009-04-28 16:27 . 2008-06-14 17:36   273024   -c----w   c:\windows\system32\dllcache\bthport.sys
2009-04-28 16:21 . 2009-02-06 10:10   227840   -c----w   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 16:21 . 2009-02-09 11:26   2190336   -c----w   c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 16:21 . 2009-03-06 14:22   285696   -c----w   c:\windows\system32\dllcache\pdh.dll
2009-04-28 16:21 . 2009-02-09 11:25   111104   -c----w   c:\windows\system32\dllcache\services.exe
2009-04-28 16:21 . 2009-02-09 10:53   401408   -c----w   c:\windows\system32\dllcache\rpcss.dll
2009-04-28 16:21 . 2009-02-09 10:53   473600   -c----w   c:\windows\system32\dllcache\fastprox.dll
2009-04-28 16:21 . 2009-02-09 10:53   686592   -c----w   c:\windows\system32\dllcache\advapi32.dll
2009-04-28 16:21 . 2009-02-09 10:53   731136   -c----w   c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 16:21 . 2009-02-09 10:53   453120   -c----w   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 16:21 . 2009-02-09 10:53   722944   -c----w   c:\windows\system32\dllcache\ntdll.dll
2009-04-28 16:21 . 2009-02-09 11:26   2146816   -c----w   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 16:21 . 2009-02-09 11:26   2025472   -c----w   c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 16:18 . 2008-05-08 14:02   203136   -c----w   c:\windows\system32\dllcache\rmcast.sys
2009-04-28 16:18 . 2008-10-24 11:21   455296   -c----w   c:\windows\system32\dllcache\mrxsmb.sys
2009-04-28 16:17 . 2008-12-11 10:57   333952   -c----w   c:\windows\system32\dllcache\srv.sys
2009-04-28 16:16 . 2008-05-01 14:37   331776   -c----w   c:\windows\system32\dllcache\msadce.dll
2009-04-28 16:15 . 2008-04-11 19:06   691712   -c----w   c:\windows\system32\dllcache\inetcomm.dll
2009-04-28 16:13 . 2008-10-15 16:36   337408   -c----w   c:\windows\system32\dllcache\netapi32.dll
2009-04-28 16:13 . 2008-09-04 17:17   1106944   -c----w   c:\windows\system32\dllcache\msxml3.dll
2009-04-27 10:00 . 2009-04-27 10:00   --------   d-----w   c:\documents and settings\LocalService\Pulpit
2009-04-23 16:48 . 2009-05-19 14:23   --------   d-----w   c:\program files\Tibia
2009-04-23 16:39 . 2009-04-23 16:39   --------   d-----w   c:\program files\Asprate

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 14:58 . 2009-04-17 07:22   --------   d-----w   c:\program files\Metin2_PL
2009-05-11 11:38 . 2006-03-02 12:00   74450   ----a-w   c:\windows\system32\perfc015.dat
2009-05-11 11:38 . 2006-03-02 12:00   448348   ----a-w   c:\windows\system32\perfh015.dat
2009-05-09 11:45 . 2009-04-17 07:08   --------   d-----w   c:\program files\Valve
2009-04-27 09:57 . 2009-04-16 16:02   15688   ----a-w   c:\windows\system32\lsdelete.exe
2009-04-20 17:09 . 2009-04-20 17:08   --------   d-----w   c:\program files\Common Files\Adobe
2009-04-20 17:01 . 2009-04-20 17:01   --------   d-----w   c:\program files\OpenOffice.org 3
2009-04-18 09:50 . 2009-04-18 09:29   --------   d-----w   c:\program files\Odkurzacz
2009-04-17 07:27 . 2009-04-17 07:27   0   ----a-w   c:\windows\nsreg.dat
2009-04-17 07:08 . 2009-04-15 19:17   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-16 17:05 . 2009-04-15 19:01   76487   ----a-w   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-16 15:54 . 2009-04-16 15:54   --------   d-----w   c:\program files\Gadu-Gadu
2009-04-16 15:46 . 2009-04-16 15:47   64160   ----a-w   c:\windows\system32\drivers\Lbd.sys
2009-04-16 15:42 . 2009-04-16 15:42   --------   d-----w   c:\program files\Lavasoft
2009-04-16 15:39 . 2009-04-16 15:39   --------   d-----w   c:\program files\Java
2009-04-16 15:36 . 2009-04-16 15:36   --------   d-----w   c:\program files\Common Files\Java
2009-04-15 19:22 . 2009-04-15 19:13   14656   ----a-w   c:\windows\gdrv.sys
2009-04-15 19:17 . 2009-04-15 19:17   --------   d-----w   c:\program files\Realtek
2009-04-15 19:17 . 2009-04-15 19:17   315392   ----a-w   c:\windows\HideWin.exe
2009-04-15 19:16 . 2009-04-15 19:16   --------   d-----w   c:\program files\DIFX
2009-04-15 19:15 . 2009-04-15 19:15   --------   d-----w   c:\program files\Common Files\InstallShield
2009-04-15 19:13 . 2009-04-15 19:13   --------   d-----w   c:\program files\Yahoo!
2009-04-15 19:02 . 2009-04-15 19:02   --------   d-----w   c:\program files\microsoft frontpage
2009-04-15 19:01 . 2006-03-02 12:00   67   --sha-w   c:\windows\Fonts\desktop.ini
2009-04-15 19:01 . 2009-04-15 19:01   --------   d-----w   c:\program files\Usługi online
2009-04-15 19:00 . 2009-04-15 19:00   21856   ----a-w   c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2006-03-02 12:00   285696   ----a-w   c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 214416]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-16 64160]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1022800]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - ASC3360PR
.
Zawartość folderu 'Zaplanowane zadania'

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:56]

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\l4401bj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 19:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-21 19:26 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-21 17:26

Przed: 72 931 430 400 bajtów wolnych
Po: 72 866 652 160 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

169   --- E O F ---   2009-05-21 17:02


[wojtas]

poczytaj jeszcze tu o czyszczeniu z zewnatrz:

http://www.searchengines.pl/Infekcje-plikow-wykonywalnych-exe-dll-scr-t122692.html

[mirekg1963]

To ja wiem juz przepatrzałem to. Problem bo u mnie nie ma kieszeni i czy z pendriva to można robić. Zresztą byłem na tym forum zarejestrowałem się , napracowałem się jak głupi żeby wszystkie aspekty wyjaśnić i wysyłam a tu pusty post idzie, drugi raz to samo...pewnie nie wiem jak wysyłać a niestyety nie jest to wyjasnione. Poprostu w co kliknąć, ale tak jest na większości forum, bufonada do kowadratu. W każdym razie dzięki trzeba formatować nie ma rady z nikąd pomocy.