Psw.onlinegames.nnu

[konik157]

nod32 pokazuje ze jest wirus trojan "psw.onlinegames.nnu" w plikach autorun.inf na dyskach C: E: H: prosze o pomoc a i jeszcze jedno nie moge przestawic opcji zeby mi pokazywalo pliki ukryte tak sie stalo ostatnio jak kumpel przyniosl pendriva wiec pewno wiruski z pena

Kod: Zaznacz wszystko

OTListIt logfile created on: 2009-05-28 13:29:38 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = E:\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 60,90% Memory free
3,85 Gb Paging File | 3,22 Gb Available in Paging File | 83,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,30 Gb Total Space | 5,95 Gb Free Space | 36,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 216,58 Gb Total Space | 11,32 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 465,76 Gb Total Space | 37,48 Gb Free Space | 8,05% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: QQQ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-01-28 18:39:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-02-26 15:03:02 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-09-26 15:05:56 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006-11-16 19:04:20 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-11-16 18:58:32 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-01-05 16:39:54 | 00,336,896 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2007-06-06 15:50:42 | 00,657,168 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2009-04-20 16:08:38 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-09-26 15:05:55 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007-09-04 20:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009-01-05 16:39:52 | 00,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009-04-29 15:03:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-01-28 18:40:12 | 03,265,864 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2009-05-28 13:28:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-01-28 18:39:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-04-28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-04-14 23:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-09-26 15:05:55 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2007-09-04 20:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009-01-05 16:39:52 | 00,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-09-26 15:05:56 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2009-04-29 05:30:44 | 03,643,904 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008-07-30 04:30:37 | 00,093,696 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2007-05-22 11:04:54 | 00,018,088 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
DRV - [2009-05-21 14:37:26 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2007-05-11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007-03-05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007-05-23 04:21:12 | 00,016,272 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007-05-23 04:20:58 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
DRV - [2007-03-05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007-03-05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2002-07-19 08:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2004-10-25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008-04-13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-03-01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009-05-21 14:37:26 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-08-01 11:36:00 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008-08-18 18:54:00 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008-08-01 11:36:00 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007-09-04 20:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2001-08-10 08:00:00 | 00,003,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv [System | Running])
DRV - [2002-09-29 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002-09-29 00:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009-01-05 16:39:52 | 00,103,936 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004-10-13 11:56:10 | 00,462,212 | R--- | M] (B2C2, Inc.) -- C:\WINDOWS\system32\DRIVERS\SkyNET.SYS -- (SKYNET [On_Demand | Running])
DRV - [2008-12-22 20:00:50 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001-08-17 22:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\DRIVERS\irstusb.sys -- (STIrUsb [On_Demand | Stopped])
DRV - [2007-03-05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007-03-05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-12-21 12:42:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-29 15:03:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-29 15:03:05 | 00,000,000 | ---D | M]

[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions
[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\o3yd2vnz.default\extensions
[2009-05-26 00:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-04-29 15:03:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-09-26 15:52:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-09-26 16:08:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-21 12:42:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-04 21:35:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-04-29 15:03:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 15:03:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-10-03 17:15:52 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-10-03 17:15:52 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-10-03 17:15:52 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008-10-03 17:15:52 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2008-10-03 17:15:52 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-10-03 17:15:52 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2008-10-03 17:15:52 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" (Ray Adams)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.)
O4 - HKCU..\Run: [RGSC] E:\gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe (B2C2, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FB7FBA8D-012A-40EE-BD3B-7B75C219C3FB}\\NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-26 14:50:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O32 - Unable to obtain root file information for disk E:\
O32 - AutoRun File - [2008-09-07 17:48:53 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{b6ca6c72-b8a8-11dd-b369-00044b06e357}\Shell\AutoRun\command - "" = D:\2a.exe -- File not found
O33 - MountPoints2\{b6ca6c72-b8a8-11dd-b369-00044b06e357}\Shell\open\Command - "" = D:\2a.exe -- File not found
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009-01-22 14:34:17 | 00,396,278 | R--- | M] (EGOSOFT                                                     )
O33 - MountPoints2\{d86d3c90-8bd7-11dd-8a03-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d86d3c90-8bd7-11dd-8a03-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\E\Shell\open\Command - "" = E:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009-01-22 14:34:17 | 00,396,278 | R--- | M] (EGOSOFT                                                     )
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\H\Shell\open\Command - "" = H:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-28 13:29:14 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[5 C:\WINDOWS\*.tmp files]
[2009-05-28 13:02:43 | 00,000,051 | RHS- | C] () -- C:\autorun.inf
[2009-05-28 12:01:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-05-28 12:01:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009-05-28 10:13:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-26 20:05:11 | 00,104,357 | RHS- | C] () -- C:\2a.exe
[2009-05-26 20:04:44 | 00,104,357 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-05-26 20:04:44 | 00,093,184 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-05-21 14:37:26 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-21 14:37:26 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-05-21 14:32:41 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\X3 map by Scorp.lnk
[2009-05-21 14:32:40 | 00,000,000 | ---D | C] -- C:\Program Files\X3 map by Scorp
[2009-05-21 14:19:13 | 00,000,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\X3 Terran Conflict.lnk
[2009-05-03 00:23:55 | 00,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dead Space™.lnk
[2009-05-03 00:18:46 | 00,000,000 | ---D | C] -- E:\Dokumenty\moje dok\Electronic Arts
[2009-04-29 16:45:54 | 00,000,000 | ---D | C] -- E:\Dokumenty\moje dok\Prince of Persia
[2009-04-29 16:34:12 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia.lnk
[2009-04-07 13:19:16 | 00,001,558 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009-03-25 14:13:27 | 00,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2009-02-23 22:48:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009-01-24 12:47:46 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-24 17:30:17 | 00,000,877 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-24 17:13:20 | 00,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2008-12-22 20:00:50 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-11-30 12:45:57 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-10-22 06:29:06 | 00,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-10-01 14:53:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-26 15:56:36 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\libbz2.dll
[2008-09-26 15:47:03 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-09-26 15:21:09 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-26 15:21:09 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-26 15:21:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-26 15:21:02 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-26 15:21:02 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-26 15:21:01 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-26 15:21:01 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-03-12 13:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2002-09-29 00:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2002-09-29 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-09-20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009-05-28 13:31:51 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2009-05-28 13:02:53 | 00,000,877 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-05-28 12:59:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-28 12:59:45 | 00,093,184 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-05-28 12:59:43 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\desktop.ini
[2009-05-28 12:59:42 | 00,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009-05-28 12:59:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-26 17:15:36 | 00,104,357 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-05-26 17:15:36 | 00,104,357 | RHS- | M] () -- C:\2a.exe
[2009-05-24 10:36:56 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-21 14:37:26 | 00,279,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-21 14:37:26 | 00,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-05-21 14:32:41 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\X3 map by Scorp.lnk
[2009-05-21 14:19:13 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\X3 Terran Conflict.lnk
[2009-05-19 10:27:36 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Lineage 2 Dex - Hellbound.lnk
[2009-05-18 15:35:05 | 00,001,558 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009-05-17 02:31:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-03 00:23:55 | 00,001,466 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dead Space™.lnk
[2009-04-29 16:34:12 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia.lnk
[2009-04-29 04:07:02 | 00,204,800 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009-04-29 04:06:44 | 00,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009-04-29 04:06:30 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009-04-29 04:06:20 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009-04-28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe

[color=orange]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\wzmacniacz mocy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Sztuka wczesnochrześcijańska.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\SZTUKA RZYMIAN.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Sztuka prehistoryczna.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\sumujacy i odejmujacy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\odwracajacy i nieodwracajacy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\LA Lakers.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Kultura morza egejskiego.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Jan Kochanowski.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\filtry RC.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Doktryna socjaldemokratyczna.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\atrakcje.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\ARABSKA SZTUKA.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\7 cudow swiata.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\X3_map_Setup_ENG.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Wzmacniacz różniczkujący.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\sztuka-rzymian.html:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Sztuka_wczesnochrześcijańska.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Sztuka_prehistoryczna.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Siedem cudów świata - HISTORIA -.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.RPT:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.PRJ:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.HEX:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.DBG:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.BIN:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\noname1.BAS:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\filmy.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Ferdydurke.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\E-BASKET ) USA ) NBA ) Liderzy.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Dysocjacja elektrolityczna1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Baza0.odb:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\bascom.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\ARABSKA SZTUKA.html:KAVICHS
< End of report >


[wojtas]

Wylecz pendriva
użyj Perlovga Removal Tool lub
Flash Disinfector
lub format.


Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O32 - AutoRun File - [2008-09-07 17:48:53 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{b6ca6c72-b8a8-11dd-b369-00044b06e357}\Shell\AutoRun\command - "" = D:\2a.exe -- File not found
O33 - MountPoints2\{b6ca6c72-b8a8-11dd-b369-00044b06e357}\Shell\open\Command - "" = D:\2a.exe -- File not found
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\E\Shell\open\Command - "" = E:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()
O33 - MountPoints2\H\Shell\open\Command - "" = H:\2a.exe -- [2009-05-26 17:15:36 | 00,104,357 | RHS- | M] ()

:Files
C:\autorun.inf
C:\2a.exe
d:\autorun.inf
d:\2a.exe
e:\autorun.inf
e:\2a.exe
f:\autorun.inf
f:\2a.exe
g:\autorun.inf
g:\2a.exe
h:\autorun.inf
h:\2a.exe
i:\autorun.inf
i:\2a.exe
C:\WINDOWS\System32\olhrwef.exe
C:\WINDOWS\System32\nmdfgds0.dll

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt (czyszczenie i skan )

[konik157]

nod nadal pokazal komunikat ze jest wirus ale juz byla opcja usun i usunolem go dla pewnosci mam log po usunieciu wira przez noda. prosze o potwierdzenie czy wszystko juz jest ok

Kod: Zaznacz wszystko

OTListIt logfile created on: 2009-05-28 14:46:05 - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = E:\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,63% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,30 Gb Total Space | 7,35 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 216,58 Gb Total Space | 11,32 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive F: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 465,76 Gb Total Space | 37,48 Gb Free Space | 8,05% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: QQQ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-01-28 18:39:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-09-26 15:05:55 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007-09-04 20:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009-01-05 16:39:52 | 00,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008-04-14 23:51:52 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007-02-26 15:03:02 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-09-26 15:05:56 | 00,921,600 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007-05-22 11:04:58 | 00,521,128 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2006-11-16 19:04:20 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-11-16 18:58:32 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-01-05 16:39:54 | 00,336,896 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009-04-20 16:08:38 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009-04-29 15:03:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-05-28 13:28:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-01-28 18:39:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-04-29 04:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-04-28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-04-14 23:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-09-26 15:05:55 | 00,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2007-09-04 20:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009-01-05 16:39:52 | 00,052,224 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-09-26 15:05:56 | 00,502,368 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2009-04-29 05:30:44 | 03,643,904 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008-07-30 04:30:37 | 00,093,696 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2007-05-22 11:04:54 | 00,018,088 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
DRV - [2009-05-21 14:37:26 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2007-05-11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007-03-05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007-05-23 04:21:12 | 00,016,272 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007-05-23 04:20:58 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
DRV - [2007-03-05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007-03-05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2002-07-19 08:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2004-10-25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008-04-13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-03-01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009-05-21 14:37:26 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-08-01 11:36:00 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008-08-18 18:54:00 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008-08-01 11:36:00 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007-09-04 20:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2001-08-10 08:00:00 | 00,003,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv [System | Running])
DRV - [2002-09-29 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002-09-29 00:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009-01-05 16:39:52 | 00,103,936 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004-10-13 11:56:10 | 00,462,212 | R--- | M] (B2C2, Inc.) -- C:\WINDOWS\system32\DRIVERS\SkyNET.SYS -- (SKYNET [On_Demand | Running])
DRV - [2008-12-22 20:00:50 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001-08-17 22:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\DRIVERS\irstusb.sys -- (STIrUsb [On_Demand | Stopped])
DRV - [2007-03-05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007-03-05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-12-21 12:42:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-29 15:03:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-29 15:03:05 | 00,000,000 | ---D | M]

[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions
[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008-09-26 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\o3yd2vnz.default\extensions
[2009-05-26 00:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-04-29 15:03:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-09-26 15:52:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-09-26 16:08:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-21 12:42:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-04 21:35:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-04-29 15:03:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 15:03:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-10-03 17:15:52 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-10-03 17:15:52 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-10-03 17:15:52 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008-10-03 17:15:52 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2008-10-03 17:15:52 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-10-03 17:15:52 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2008-10-03 17:15:52 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" (Ray Adams)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.)
O4 - HKCU..\Run: [RGSC] E:\gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe (B2C2, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FB7FBA8D-012A-40EE-BD3B-7B75C219C3FB}\\NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-26 14:50:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-09-07 17:48:53 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009-01-22 14:34:17 | 00,396,278 | R--- | M] (EGOSOFT                                                     )
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-28 14:37:55 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[5 C:\WINDOWS\*.tmp files]
[2009-05-28 14:03:42 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009-05-28 14:03:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-05-28 14:03:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-05-28 14:03:35 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009-05-28 12:01:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-05-28 12:01:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009-05-28 10:13:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-26 20:04:44 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-05-21 14:37:26 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-21 14:37:26 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-05-21 14:32:41 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\X3 map by Scorp.lnk
[2009-05-21 14:32:40 | 00,000,000 | ---D | C] -- C:\Program Files\X3 map by Scorp
[2009-05-21 14:19:13 | 00,000,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\X3 Terran Conflict.lnk
[2009-05-03 00:23:55 | 00,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dead Space™.lnk
[2009-05-03 00:18:46 | 00,000,000 | ---D | C] -- E:\Dokumenty\moje dok\Electronic Arts
[2009-04-29 16:45:54 | 00,000,000 | ---D | C] -- E:\Dokumenty\moje dok\Prince of Persia
[2009-04-29 16:34:12 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia.lnk
[2009-04-07 13:19:16 | 00,001,558 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009-03-25 14:13:27 | 00,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2009-02-23 22:48:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009-01-24 12:47:46 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-24 17:30:17 | 00,000,877 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-24 17:13:20 | 00,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2008-12-22 20:00:50 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-11-30 12:45:57 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-10-22 06:29:06 | 00,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-10-01 14:53:48 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-26 15:56:36 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\libbz2.dll
[2008-09-26 15:47:03 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-09-26 15:21:09 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-26 15:21:09 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-26 15:21:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-26 15:21:02 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-26 15:21:02 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-26 15:21:01 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-26 15:21:01 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-03-12 13:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2002-09-29 00:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2002-09-29 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-09-20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009-05-28 14:36:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-28 14:36:04 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\desktop.ini
[2009-05-28 14:36:03 | 00,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009-05-28 14:36:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-28 14:31:27 | 00,093,184 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-05-28 13:49:34 | 00,000,877 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-05-24 10:36:56 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-21 14:37:26 | 00,279,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-21 14:37:26 | 00,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-05-21 14:32:41 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\X3 map by Scorp.lnk
[2009-05-21 14:19:13 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\X3 Terran Conflict.lnk
[2009-05-19 10:27:36 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Lineage 2 Dex - Hellbound.lnk
[2009-05-18 15:35:05 | 00,001,558 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009-05-17 02:31:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-03 00:23:55 | 00,001,466 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dead Space™.lnk
[2009-04-29 16:34:12 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia.lnk
[2009-04-29 04:07:02 | 00,204,800 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009-04-29 04:06:44 | 00,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009-04-29 04:06:30 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009-04-29 04:06:20 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009-04-28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe

[color=orange]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\wzmacniacz mocy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Sztuka wczesnochrześcijańska.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\SZTUKA RZYMIAN.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Sztuka prehistoryczna.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\sumujacy i odejmujacy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\odwracajacy i nieodwracajacy.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\LA Lakers.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Kultura morza egejskiego.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Jan Kochanowski.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\filtry RC.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\Doktryna socjaldemokratyczna.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\atrakcje.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\ARABSKA SZTUKA.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> E:\Dokumenty\moje dok\7 cudow swiata.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\X3_map_Setup_ENG.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Wzmacniacz różniczkujący.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\sztuka-rzymian.html:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Sztuka_wczesnochrześcijańska.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Sztuka_prehistoryczna.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Siedem cudów świata - HISTORIA -.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.RPT:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.PRJ:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.HEX:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.DBG:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\NONAME1.BIN:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\noname1.BAS:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\filmy.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Ferdydurke.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\E-BASKET ) USA ) NBA ) Liderzy.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Dysocjacja elektrolityczna1.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\Baza0.odb:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\bascom.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> E:\Dokumenty\moje dok\ARABSKA SZTUKA.html:KAVICHS
< End of report >


[wojtas]

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2008-09-07 17:48:53 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d22e87c2-d1cc-11dd-ba37-806d6172696f}\Shell - "" = AutoRun

:Files
C:\WINDOWS\System32\nmdfgds0.dll

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

potem log z http://download.bleepingcomputer.com/sUBs/ComboFix.exe