Pendrivy od znajomych cd., czyli win32.onlinegames i inne

[Nexie]

Ehh nigdy sam wirusa nie złapałem, a teraz znów od znajomej moja mama "wzięła" trojana na pendrivie. Avast wyrzucał właśnie Win32.OnlineGames. Objawami były ciągłe komunikaty (które już ustały) oraz "Otwieranie za pomocą" dysków. Bardzo proszę o pomoc... Na początek log z HiajckThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:07, on 2010-01-24
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
E:\Programy\avast\aswUpdSv.exe
E:\Programy\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Nero 8\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\Programy\avast\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Programy\Cyberlink PowerDVD 6\PDVDServ.exe
E:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
E:\Programy\avast\ashMaiSv.exe
E:\Programy\avast\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
E:\Programy\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] E:\Programy\avast\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Programy\Cyberlink PowerDVD 6\PDVDServ.exe"
O4 - HKLM\..\Run: [NBKeyScan] "E:\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ALLUpdate] "E:\Programy\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Programy\Office Szajs XP\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programy\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programy\avast\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Nero 8\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6989 bytes


#EDIT
Daję jeszcze log z OTL'a

Kod: Zaznacz wszystko

OTL logfile created on: 2010-01-24 20:05:04 - Run 1
OTL by OldTimer - Version 3.1.26.0     Folder = C:\Documents and Settings\Agnieszka\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 015,00 Mb Total Physical Memory | 405,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,35 Gb Total Space | 4,75 Gb Free Space | 23,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 44,85 Gb Total Space | 33,57 Gb Free Space | 74,84% Space Free | Partition Type: NTFS
Drive F: | 83,85 Gb Total Space | 63,92 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HPLAPTOP
Current User Name: Agnieszka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-01-24 20:03:29 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
PRC - [2010-01-07 21:56:32 | 00,307,672 | ---- | M] (Mozilla Corporation) -- E:\Programy\Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Programy\avast\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Programy\avast\ashServ.exe
PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Programy\avast\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Programy\avast\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Programy\avast\aswUpdSv.exe
PRC - [2009-01-21 11:20:30 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2009-01-21 11:20:12 | 00,166,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2009-01-21 11:18:28 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2009-01-21 11:18:02 | 00,243,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008-06-09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-06-09 09:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008-06-03 16:40:08 | 00,177,456 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-05-01 16:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-04-15 14:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-11 09:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-03 11:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-03-27 18:28:50 | 01,040,384 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-09-20 14:35:40 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-09-20 14:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007-09-20 14:35:10 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007-09-20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- E:\Nero 8\Nero 8\Nero BackItUp\NBService.exe
PRC - [2007-05-08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2007-02-06 15:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-02-06 15:11:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007-02-06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007-01-05 17:36:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005-08-30 19:51:01 | 01,708,032 | ---- | M] (Gadu-Gadu Sp. z oo) -- E:\Programy\Gadu-Gadu\gg.exe
PRC - [2004-11-02 19:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- E:\Programy\Cyberlink PowerDVD 6\PDVDServ.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-01-24 20:03:29 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
MOD - [2008-04-14 18:20:34 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2007-02-06 15:19:44 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2005-05-24 16:46:33 | 00,032,768 | ---- | M] () -- E:\Programy\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- E:\Programy\avast\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Programy\avast\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Programy\avast\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- E:\Programy\avast\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008-06-09 09:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-05-01 16:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008-04-03 11:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2007-09-20 14:35:38 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-09-20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- E:\Nero 8\Nero 8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007-02-06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-05-25 15:50:21 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-03-18 21:18:49 | 01,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009-01-21 11:42:56 | 06,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008-04-28 15:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008-04-24 14:28:08 | 00,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-27 18:14:06 | 00,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-09-24 08:05:58 | 00,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007-07-13 10:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007-04-12 14:26:08 | 00,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007-02-14 14:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007-02-14 14:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007-02-14 14:20:58 | 00,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007-02-14 14:20:58 | 00,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007-02-14 14:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004-05-02 09:47:08 | 00,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Dane aplikacji\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-03-21 14:45:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: E:\Programy\Firefox\components [2010-01-07 21:56:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: E:\Programy\Firefox\plugins [2010-01-07 21:56:37 | 00,000,000 | ---D | M]

[2009-03-21 11:06:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Extensions
[2010-01-23 21:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\y9o9ggrh.default\extensions
[2010-01-22 20:06:05 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\y9o9ggrh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-01-22 20:06:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\y9o9ggrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-10-11 21:27:24 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\y9o9ggrh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

O1 HOSTS File: ([2001-10-26 16:45:16 | 00,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] E:\Programy\avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] E:\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl] E:\Programy\Cyberlink PowerDVD 6\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ALLUpdate] E:\Programy\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] E:\Programy\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = E:\Programy\Office Szajs XP\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.238.255.76 213.241.79.37
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-18 18:22:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-01-22 20:30:25 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-22 20:30:26 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-22 20:30:26 | 00,000,051 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4ccbb028-13dc-11de-96e8-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{4ccbb028-13dc-11de-96e8-806d6172696f}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{8367b6a2-ed93-11de-b390-00210077e77c}\Shell\AutoRun\command - "" = G:\PortableApps\StartPortableApps.exe -- File not found
O33 - MountPoints2\{d4dcbd0f-0616-11df-b3cc-002186c14941}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{d4dcbd0f-0616-11df-b3cc-002186c14941}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{ea50a51c-1540-11de-bfc5-00210077e77c}\Shell - "" = AutoRun
O33 - MountPoints2\{fe764e64-a0fc-11de-b2cb-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{fe764e64-a0fc-11de-b2cb-806d6172696f}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{fe764e65-a0fc-11de-b2cb-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{fe764e65-a0fc-11de-b2cb-806d6172696f}\Shell\open\Command - "" = mh.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-24 20:03:23 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
[2010-01-24 19:48:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-24 19:48:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Agnieszka\Pulpit\HJTInstall.exe
[2010-01-24 09:13:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Agnieszka\Pulpit\zdjecia Poreba
[2010-01-23 23:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Agnieszka\Pulpit\cheerleaders magda
[2010-01-12 09:34:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Agnieszka\Pulpit\muzyka
[2009-12-27 14:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Agnieszka\Pulpit\Daro-Wspolnota
[2009-12-27 11:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Agnieszka\Pulpit\wywolanie 27.12
[2009-05-11 21:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-18 18:26:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-18 18:22:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-03-18 18:22:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-24 20:03:29 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
[2010-01-24 19:48:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.lnk
[2010-01-24 19:48:38 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Agnieszka\Pulpit\HJTInstall.exe
[2010-01-24 12:24:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-24 12:24:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-24 10:48:09 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\NTUSER.DAT
[2010-01-24 10:48:03 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Agnieszka\ntuser.ini
[2010-01-24 09:21:43 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-01-23 21:29:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-22 23:41:58 | 07,491,256 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-22 23:29:51 | 06,494,566 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\lkhoeroeigerngiet.mp3
[2010-01-22 23:16:16 | 02,008,192 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kopia the pussycat dolls - hush hush (dave aude extended mix).mp3
[2010-01-22 20:30:25 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2010-01-22 20:03:05 | 02,998,720 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Patrick Jumpen - The Secret.mp3
[2010-01-21 22:13:10 | 03,378,439 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kat Deluna-Run the show.mp3
[2010-01-21 21:57:13 | 02,730,404 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Aqua - Barbie Girl.mp3
[2010-01-20 23:16:17 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-17 17:23:28 | 05,820,208 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\dluugi - dluugi.mp3
[2010-01-15 23:58:40 | 00,117,640 | ---- | M] () -- C:\test.htm
[2010-01-14 23:26:12 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\ferie.doc
[2010-01-10 22:38:49 | 00,313,856 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HOROSIN.doc
[2010-01-07 22:11:32 | 10,215,302 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Cheerleading Dance Moves.flv
[2010-01-04 21:39:22 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Porz_dek obrad  REJA 19.doc
[2010-01-04 21:39:16 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pełnomocnictwo.doc
[2010-01-04 21:39:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pismo przewodnie reja 19.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-24 19:48:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.lnk
[2010-01-22 23:29:46 | 06,494,566 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\lkhoeroeigerngiet.mp3
[2010-01-22 22:52:45 | 02,008,192 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kopia the pussycat dolls - hush hush (dave aude extended mix).mp3
[2010-01-22 20:04:47 | 00,000,051 | RHS- | C] () -- C:\autorun.inf
[2010-01-22 19:59:36 | 02,998,720 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\Patrick Jumpen - The Secret.mp3
[2010-01-14 23:26:11 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\ferie.doc
[2010-01-07 22:00:00 | 10,215,302 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\Cheerleading Dance Moves.flv
[2010-01-04 21:39:22 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\Porz_dek obrad  REJA 19.doc
[2010-01-04 21:39:16 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\pełnomocnictwo.doc
[2010-01-04 21:39:06 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Pulpit\pismo przewodnie reja 19.doc
[2009-11-15 21:20:17 | 00,000,418 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009-11-15 21:18:27 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-11-15 21:16:56 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009-11-15 21:16:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009-05-25 15:50:21 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-04-05 20:03:32 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-05 19:39:44 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009-04-04 20:03:02 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2009-03-21 13:14:54 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-21 12:51:52 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-21 12:51:49 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-03-21 12:51:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-03-21 12:51:48 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-03-21 12:51:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-03-21 12:51:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-03-21 12:51:45 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-21 12:48:11 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-03-21 12:14:54 | 00,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-03-19 20:54:29 | 00,081,408 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-18 21:23:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\QSwitch.txt
[2009-03-18 21:23:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DSwitch.txt
[2009-03-18 21:23:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\AtStart.txt
[2007-02-06 15:20:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007-02-06 14:55:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-02-17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001-07-06 15:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-05-25 15:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\DAEMON Tools Lite
[2009-04-03 20:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Publish Providers
[2009-06-24 10:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Sierra
[2009-03-21 12:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Sony
[2009-05-25 15:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-04-05 20:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2009-03-21 14:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[2010-01-24 20:03:29 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
[2010-01-24 19:48:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.lnk
[2010-01-24 19:48:52 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010-01-24 19:48:38 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Agnieszka\Pulpit\HJTInstall.exe
[2010-01-24 12:24:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-24 12:24:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-24 10:48:09 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\NTUSER.DAT
[2010-01-24 10:48:03 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Agnieszka\ntuser.ini
[2010-01-24 09:21:43 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-01-23 21:29:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-22 23:41:58 | 07,491,256 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-22 23:29:51 | 06,494,566 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\lkhoeroeigerngiet.mp3
[2010-01-22 23:16:16 | 02,008,192 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kopia the pussycat dolls - hush hush (dave aude extended mix).mp3
[2010-01-22 20:03:05 | 02,998,720 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Patrick Jumpen - The Secret.mp3
[2010-01-21 22:13:10 | 03,378,439 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kat Deluna-Run the show.mp3
[2010-01-21 21:57:13 | 02,730,404 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Aqua - Barbie Girl.mp3
[2010-01-21 08:54:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Microsoft
[2010-01-20 23:16:17 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-17 17:23:28 | 05,820,208 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\dluugi - dluugi.mp3
[2010-01-14 23:26:12 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\ferie.doc
[2010-01-10 22:38:49 | 00,313,856 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HOROSIN.doc
[2010-01-07 22:11:32 | 10,215,302 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Cheerleading Dance Moves.flv
[2010-01-04 21:39:22 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Porz_dek obrad  REJA 19.doc
[2010-01-04 21:39:16 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pełnomocnictwo.doc
[2010-01-04 21:39:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pismo przewodnie reja 19.doc
[2009-11-15 21:30:50 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-05-11 21:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-04-29 20:05:21 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-03-21 12:48:11 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-03-21 12:14:54 | 00,064,200 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-03-18 21:23:39 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-03-18 21:23:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\QSwitch.txt
[2009-03-18 21:23:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DSwitch.txt
[2009-03-18 21:23:39 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\AtStart.txt
[2009-03-18 18:26:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-18 18:22:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-03-18 18:22:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-03-18 18:03:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2009-03-18 18:03:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Agnieszka\Dane aplikacji\desktop.ini
[2006-07-02 22:37:12 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-07-02 22:37:10 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-19 20:21:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-19 20:21:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-24 20:03:29 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Agnieszka\Pulpit\OTL.exe
[2010-01-24 19:48:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.lnk
[2010-01-24 19:48:38 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Agnieszka\Pulpit\HJTInstall.exe
[2010-01-24 12:24:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-24 12:24:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-24 10:48:09 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\NTUSER.DAT
[2010-01-24 10:48:03 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Agnieszka\ntuser.ini
[2010-01-24 09:21:43 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-01-24 09:02:12 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-01-23 21:29:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-22 23:41:58 | 07,491,256 | -H-- | M] () -- C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-22 23:29:51 | 06,494,566 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\lkhoeroeigerngiet.mp3
[2010-01-22 23:16:16 | 02,008,192 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kopia the pussycat dolls - hush hush (dave aude extended mix).mp3
[2010-01-22 20:30:25 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2010-01-22 20:03:05 | 02,998,720 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Patrick Jumpen - The Secret.mp3
[2010-01-21 22:13:10 | 03,378,439 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Kat Deluna-Run the show.mp3
[2010-01-21 21:57:13 | 02,730,404 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Aqua - Barbie Girl.mp3
[2010-01-20 23:16:17 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-17 17:23:28 | 05,820,208 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\dluugi - dluugi.mp3
[2010-01-15 23:58:40 | 00,117,640 | ---- | M] () -- C:\test.htm
[2010-01-14 23:26:12 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\ferie.doc
[2010-01-10 22:38:49 | 00,313,856 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\HOROSIN.doc
[2010-01-07 22:11:32 | 10,215,302 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Cheerleading Dance Moves.flv
[2010-01-04 21:39:22 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\Porz_dek obrad  REJA 19.doc
[2010-01-04 21:39:16 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pełnomocnictwo.doc
[2010-01-04 21:39:06 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Agnieszka\Pulpit\pismo przewodnie reja 19.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== LOP Check ==========[/color]

[2009-05-25 15:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\DAEMON Tools Lite
[2009-04-03 20:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Publish Providers
[2009-06-24 10:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Sierra
[2009-03-21 12:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Agnieszka\Dane aplikacji\Sony
[2009-05-25 15:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-04-05 20:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2009-03-21 14:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Pozdrawiam i z góry dziękuję
NEXIE

[wojtas]

Podepnij dysk przenośny (pendrive, karta pamięci). Wejdź w Start >>> Uruchom >>> CMD i wpisz polecenie:

X:

(za X podstaw literę pod jaką jest widoczny dysk przenośny)

Następnie wpisz polecenie tworzenia raportu:

DIR /A:H >C:\LOG.TXT & start notepad C:\LOG.TXT

Wklejasz zawartość pliku log.txt na forum

[Nexie]

Tylko ja nie mam teraz pendrive'a tego. Oddałem go.

[wojtas]

no to pamiętaj nie podczepiaj go jak jest zainfekowany

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\herss.exe File not found
O32 - AutoRun File - [2010-01-22 20:30:25 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-22 20:30:26 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-22 20:30:26 | 00,000,051 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4ccbb028-13dc-11de-96e8-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{4ccbb028-13dc-11de-96e8-806d6172696f}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{8367b6a2-ed93-11de-b390-00210077e77c}\Shell\AutoRun\command - "" = G:\PortableApps\StartPortableApps.exe -- File not found
O33 - MountPoints2\{d4dcbd0f-0616-11df-b3cc-002186c14941}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{d4dcbd0f-0616-11df-b3cc-002186c14941}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{ea50a51c-1540-11de-bfc5-00210077e77c}\Shell - "" = AutoRun
O33 - MountPoints2\{fe764e64-a0fc-11de-b2cb-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{fe764e64-a0fc-11de-b2cb-806d6172696f}\Shell\open\Command - "" = mh.exe
O33 - MountPoints2\{fe764e65-a0fc-11de-b2cb-806d6172696f}\Shell\AutoRun\command - "" = mh.exe
O33 - MountPoints2\{fe764e65-a0fc-11de-b2cb-806d6172696f}\Shell\open\Command - "" = mh.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdz reset kompa .

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i daj raport ze skanu

Zabezpiecz się przed infekcją z pendriva

[Nexie]

Zastosowałem twoje rady i wielkie dzięki, ale uruchamianie dysków nie działa, a po próbie akcji na OTL'u po reboocie znika on z folderu, w którym jest.

[NieWiem]

No bo temu służy opcja "CleanUp"

Co znaczy że uruchamianie dysków nie działa? Nie da się na nie wejść?

Wykonałeś dany wyżej skrypt??