Taskman - trojan.buzus

[aras08]

Witam! Zwracam się do was z prośbą o pomoc z takim jednym "Trojan.Buzus". Programy antywirusowe i inne go wykrywają, i "nawet niby usuwają", ale i tak, gdy skanuję komputer ponownie, to okazuje się, że to coś cały czas u mnie siedzi i z lekka dezorganizuje pracę systemu. Podobno to coś siedzi w HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) i tak w sumie jest, ale tego cholerstwa nie można usunąć na stałe (usuwam to coś przy użyciu Malwarebytes), bo jak się usunie, to i tak powróci. Proszę więc was o jak najszybszą pomoc, bo mi się już kończą tzw. nerwy.

[Okocza]

Daj log z otl

[aras08]

Kod: Zaznacz wszystko

SRV - [2007-12-14 10:46:28 | 00,047,624 | ---- | M] () -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2007-11-15 11:43:04 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-10-18 14:32:42 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-09-20 07:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004-08-11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)



DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-15 11:10:24 | 00,004,224 | ---- | M] () -- C:\Program Files\XtremeTuner\PMReader.sys -- (WINIO)
DRV - [2007-10-11 10:10:52 | 00,030,008 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007-09-29 06:30:52 | 00,065,024 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007-09-19 14:44:46 | 00,101,504 | R--- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-09-19 10:16:32 | 04,617,728 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-07-05 12:50:52 | 00,683,791 | ---- | M] () -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2003-08-12 11:51:00 | 00,060,255 | ---- | M] (STMicroelectronics              ) -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2001-08-17 20:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-26 14:32:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-07 12:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 12:55:01 | 00,000,000 | ---D | M]

[2008-06-22 16:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions
[2008-06-22 16:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-08 10:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\extensions
[2008-06-29 14:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-08-06 19:16:13 | 00,002,234 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\searchplugins\askcom.xml
[2008-06-29 14:31:51 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\searchplugins\winamp-search.xml
[2009-11-08 10:17:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-07 12:55:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-01-26 14:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-02 14:39:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-11-07 12:54:57 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-07 12:54:57 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007-04-30 15:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009-03-09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-02-03 16:35:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2008-06-27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2008-06-24 18:05:58 | 00,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll
[2009-11-07 12:54:57 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003-07-15 05:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008-10-14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-09-10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-09-10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-08-27 18:10:24 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-08-27 18:10:24 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-08-27 18:10:24 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-08-27 18:10:24 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-08-27 18:10:24 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-08-27 18:10:24 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-08-27 18:10:24 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe File not found
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERToolGrafika\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-1792096515-6943465622-369791607-9062\nissan.exe) - C:\RECYCLER\S-1-5-21-1792096515-6943465622-369791607-9062\nissan.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-21 08:39:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}\Shell\AutoRun\command - "" = F:\b00ijwpu.exe -- File not found
O33 - MountPoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}\Shell\open\Command - "" = F:\b00ijwpu.exe -- File not found
O33 - MountPoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}\Shell\AutoRun\command - "" = F:\m0vnonh.bat -- File not found
O33 - MountPoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}\Shell\open\Command - "" = F:\m0vnonh.bat -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-08 09:23:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-11-08 09:23:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-11-08 09:01:18 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-11-08 08:59:46 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-11-08 08:47:00 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2009-10-31 09:15:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Pliki z fify
[2009-10-30 17:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\FIFA 10
[2009-10-30 17:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Leadertech
[2009-10-30 16:56:20 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009-10-30 16:36:40 | 00,000,000 | ---D | C] -- C:\Program Files\totalcmd
[2009-10-30 16:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER
[2009-10-19 16:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\lazarus
[2009-10-19 16:42:15 | 00,000,000 | ---D | C] -- C:\lazarus
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-08 18:09:17 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-11-08 18:08:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-08 18:08:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-08 16:44:17 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2009-11-08 16:44:17 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2009-11-08 16:44:11 | 04,279,840 | -H-- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-08 09:53:33 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.bak
[2009-11-07 11:57:37 | 00,764,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-07 11:57:37 | 00,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-07 11:57:37 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-07 11:57:37 | 00,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-07 11:57:37 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-04 14:03:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-31 09:14:41 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-30 17:06:41 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk
[2009-10-30 16:56:21 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-10-30 16:42:26 | 00,259,143 | -H-- | M] () -- C:\treeinfo.wc
[2009-10-30 16:36:41 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2009-10-19 16:43:53 | 00,001,334 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Lazarus.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-10-30 17:06:41 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk
[2009-10-30 16:56:21 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-10-30 16:42:26 | 00,259,143 | -H-- | C] () -- C:\treeinfo.wc
[2009-10-30 16:36:41 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2009-10-19 16:43:53 | 01,708,544 | ---- | C] () -- C:\WINDOWS\System32\libqt4intf.dll
[2009-10-19 16:43:53 | 00,001,334 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Lazarus.lnk
[2009-01-29 13:51:43 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-29 13:51:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-29 13:51:41 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-29 13:51:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-01-03 17:40:01 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-12-12 16:07:34 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-12-12 16:07:34 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-12-12 16:07:34 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-12-12 16:07:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-12-12 16:07:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-27 15:56:51 | 00,252,259 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\NMM-MetaData.db
[2008-10-27 15:11:05 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Samsung.dll
[2008-10-27 15:11:05 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylistSamsung.dll
[2008-10-27 15:10:41 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008-10-27 15:10:41 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008-10-27 15:10:41 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008-10-27 15:10:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-07-03 10:07:43 | 00,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-06-29 08:41:47 | 00,046,352 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-06-28 09:39:47 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-06-25 08:11:04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-22 16:15:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-06-22 16:11:56 | 00,683,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2008-06-22 16:11:56 | 00,000,915 | ---- | C] () -- C:\WINDOWS\System32\setup.ini
[2008-06-22 16:11:56 | 00,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini
[2008-06-21 16:28:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-06-21 09:21:04 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-06-21 08:58:39 | 04,279,840 | -H-- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-06-21 08:52:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Dane aplikacji\desktop.ini
[2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-12-20 11:08:28 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004-12-20 11:03:26 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2001-07-21 21:16:20 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 21:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
< End of report >


Dodano Dzisiaj, 18:23:

Kod: Zaznacz wszystko

OTL logfile created on: 2009-11-08 18:13:29 - Run 1
OTL by OldTimer - Version 3.1.4.0     Folder = C:\Documents and Settings\user\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,87% Memory free
3,85 Gb Paging File | 3,29 Gb Available in Paging File | 85,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 192,47 Gb Free Space | 82,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-0F32E6766
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-08 18:12:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2009-11-07 12:54:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-03-09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-01-21 12:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\pctsSvc.exe
PRC - [2009-01-07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\pctsAuxs.exe
PRC - [2008-12-08 12:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\pctsTray.exe
PRC - [2008-10-15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008-07-03 16:50:36 | 02,177,576 | ---- | M] (Gainward Co.) -- C:\Program Files\EXPERToolGrafika\TBPANEL.exe
PRC - [2008-05-16 19:31:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-04-14 18:21:50 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-01 19:49:42 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-04-01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-03-20 11:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-10-18 14:32:42 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-10-18 14:27:50 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007-09-20 07:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007-09-19 11:14:58 | 16,844,800 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007-08-03 09:26:02 | 00,794,624 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Freedom\Freedom.exe
PRC - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2004-08-11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2002-03-28 10:20:49 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-08 18:12:32 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2009-02-13 13:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\klg.dat
MOD - [2008-11-13 13:19:40 | 00,148,944 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\smum32.dll
MOD - [2008-04-14 18:20:31 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-03-09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-01-21 12:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\pctsSvc.exe -- (sdCoreService)
SRV - [2009-01-07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\pctsAuxs.exe -- (sdAuxService)
SRV - [2008-05-16 19:31:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007-12-14 10:46:28 | 00,047,624 | ---- | M] () -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2007-11-15 11:43:04 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-10-18 14:32:42 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-09-20 07:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004-08-11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-06-30 10:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-04-03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008-06-25 16:12:32 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008-06-25 08:11:04 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-05-16 19:31:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-15 11:10:24 | 00,004,224 | ---- | M] () -- C:\Program Files\XtremeTuner\PMReader.sys -- (WINIO)
DRV - [2007-10-11 10:10:52 | 00,030,008 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007-09-29 06:30:52 | 00,065,024 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007-09-19 14:44:46 | 00,101,504 | R--- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-09-19 10:16:32 | 04,617,728 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-07-05 12:50:52 | 00,683,791 | ---- | M] () -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2003-08-12 11:51:00 | 00,060,255 | ---- | M] (STMicroelectronics              ) -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2001-08-17 20:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-26 14:32:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-07 12:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 12:55:01 | 00,000,000 | ---D | M]

[2008-06-22 16:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions
[2008-06-22 16:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-08 10:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\extensions
[2008-06-29 14:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-08-06 19:16:13 | 00,002,234 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\searchplugins\askcom.xml
[2008-06-29 14:31:51 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\searchplugins\winamp-search.xml
[2009-11-08 10:17:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-07 12:55:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-01-26 14:32:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-02 14:39:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-11-07 12:54:57 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-07 12:54:57 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007-04-30 15:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009-03-09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-02-03 16:35:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2008-06-27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2008-06-24 18:05:58 | 00,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll
[2009-11-07 12:54:57 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003-07-15 05:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008-10-14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-09-10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-09-10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-08-27 18:10:24 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-08-27 18:10:24 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-08-27 18:10:24 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-08-27 18:10:24 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-08-27 18:10:24 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-08-27 18:10:24 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-08-27 18:10:24 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe File not found
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files\EXPERToolGrafika\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-1792096515-6943465622-369791607-9062\nissan.exe) - C:\RECYCLER\S-1-5-21-1792096515-6943465622-369791607-9062\nissan.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-21 08:39:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}\Shell\AutoRun\command - "" = F:\b00ijwpu.exe -- File not found
O33 - MountPoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}\Shell\open\Command - "" = F:\b00ijwpu.exe -- File not found
O33 - MountPoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}\Shell\AutoRun\command - "" = F:\m0vnonh.bat -- File not found
O33 - MountPoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}\Shell\open\Command - "" = F:\m0vnonh.bat -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-08 09:23:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-11-08 09:23:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-11-08 09:01:18 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-11-08 08:59:46 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-11-08 08:47:00 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2009-10-31 09:15:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Pliki z fify
[2009-10-30 17:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\FIFA 10
[2009-10-30 17:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Leadertech
[2009-10-30 16:56:20 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009-10-30 16:36:40 | 00,000,000 | ---D | C] -- C:\Program Files\totalcmd
[2009-10-30 16:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GHISLER
[2009-10-19 16:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\lazarus
[2009-10-19 16:42:15 | 00,000,000 | ---D | C] -- C:\lazarus
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-08 18:09:17 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-11-08 18:08:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-08 18:08:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-08 16:44:17 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2009-11-08 16:44:17 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2009-11-08 16:44:11 | 04,279,840 | -H-- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-08 09:53:33 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.bak
[2009-11-07 11:57:37 | 00,764,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-07 11:57:37 | 00,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-07 11:57:37 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-07 11:57:37 | 00,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-07 11:57:37 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-04 14:03:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-31 09:14:41 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-30 17:06:41 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk
[2009-10-30 16:56:21 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-10-30 16:42:26 | 00,259,143 | -H-- | M] () -- C:\treeinfo.wc
[2009-10-30 16:36:41 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2009-10-19 16:43:53 | 00,001,334 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Lazarus.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-10-30 17:06:41 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk
[2009-10-30 16:56:21 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-10-30 16:42:26 | 00,259,143 | -H-- | C] () -- C:\treeinfo.wc
[2009-10-30 16:36:41 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Total Commander.lnk
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2009-10-30 16:36:40 | 00,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2009-10-19 16:43:53 | 01,708,544 | ---- | C] () -- C:\WINDOWS\System32\libqt4intf.dll
[2009-10-19 16:43:53 | 00,001,334 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Lazarus.lnk
[2009-01-29 13:51:43 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-29 13:51:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-29 13:51:41 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-29 13:51:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-01-03 17:40:01 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-12-12 16:07:34 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-12-12 16:07:34 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-12-12 16:07:34 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-12-12 16:07:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-12-12 16:07:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-27 15:56:51 | 00,252,259 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\NMM-MetaData.db
[2008-10-27 15:11:05 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Samsung.dll
[2008-10-27 15:11:05 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylistSamsung.dll
[2008-10-27 15:10:41 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008-10-27 15:10:41 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008-10-27 15:10:41 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008-10-27 15:10:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-07-03 10:07:43 | 00,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-06-29 08:41:47 | 00,046,352 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-06-28 09:39:47 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-06-25 08:11:04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-22 16:15:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-06-22 16:11:56 | 00,683,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2008-06-22 16:11:56 | 00,000,915 | ---- | C] () -- C:\WINDOWS\System32\setup.ini
[2008-06-22 16:11:56 | 00,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini
[2008-06-21 16:28:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-06-21 09:21:04 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-06-21 08:58:39 | 04,279,840 | -H-- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-06-21 08:52:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Dane aplikacji\desktop.ini
[2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-12-20 11:08:28 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004-12-20 11:03:26 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2001-07-21 21:16:20 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 21:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
< End of report >


[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )

[aras08]

Wojtas! Bardzo mi to wszystko pięknie wytłumaczyłeś. Robię to wszystko po kolei jak napisałeś i nic. Trojan jak był tak jest. Może coś robię źle z tą optymalizacją, ale kurcze zrobiłem wszystko co było napisane( w tym czasem komputery włączał się i wyłączał z 10 razy i dlaczego mi znikł całkowicie program otl?) i nic. Weź albo mi to wytłumacz jeszcze bardziej szczegółowo, albo poradź mi coś innego, bo jak na razie to mogę zrobić jedynie to: .

[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu ) . OTL zniknął bo została uzyta opcja CleanUp

[aras08]

Kod: Zaznacz wszystko

ComboFix 08-11-26.03 - user 2009-11-10 18:56:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1588 [GMT 1:00]
Uruchomiony z: c:\documents and settings\user\Moje dokumenty\Pobieranie\ComboFix.exe
* Utworzono nowy punkt przywracania
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-10-10 do 2009-11-10  )))))))))))))))))))))))))))))))
.

2009-11-10 18:43 . 2009-11-10 18:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Sunbelt
2009-11-08 18:49 . 2009-11-08 19:11   <DIR>   d--------   c:\program files\ATS
2009-11-08 18:35 . 2009-11-08 18:36   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-11-08 18:35 . 2009-11-08 18:35   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-11-08 18:35 . 2009-09-10 14:54   38,224   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 18:35 . 2009-09-10 14:53   19,160   --a------   c:\windows\system32\drivers\mbam.sys
2009-11-08 09:23 . 2009-11-08 09:23   <DIR>   d--------   c:\windows\ERUNT
2009-11-08 09:01 . 2009-06-30 10:37   28,552   --a------   c:\windows\system32\drivers\pavboot.sys
2009-11-08 08:59 . 2009-11-08 08:59   <DIR>   d--------   c:\program files\Panda Security
2009-10-30 17:06 . 2009-10-30 17:06   <DIR>   d--------   c:\documents and settings\user\Dane aplikacji\Leadertech
2009-10-30 16:56 . 2009-10-30 16:56   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2009-10-30 16:42 . 2009-10-30 16:42   259,143   ---h-----   C:\treeinfo.wc
2009-10-30 16:36 . 2009-10-30 16:37   <DIR>   d--------   c:\program files\totalcmd
2009-10-30 16:36 . 2009-10-30 16:36   <DIR>   d--------   c:\documents and settings\user\Dane aplikacji\GHISLER
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\UC.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\RAR.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\PKZIP.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\PKUNZIP.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\NOCLOSE.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\LHA.PIF
2009-10-30 16:36 . 2009-09-24 07:50   545   --a------   c:\windows\ARJ.PIF
2009-10-19 16:43 . 2009-09-26 12:41   1,708,544   --a------   c:\windows\system32\libqt4intf.dll
2009-10-19 16:42 . 2009-10-19 16:43   <DIR>   d--------   C:\lazarus

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 17:49   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-11-10 14:37   ---------   d-----w   c:\program files\PC Tools
2009-11-09 15:05   ---------   d-----w   c:\program files\trend micro
2009-10-30 16:14   ---------   d-----w   c:\program files\EA Sports
2009-09-23 12:24   ---------   d-----w   c:\program files\eMule
2008-08-28 10:09   32,768   --sha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008082820080829\index.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"GAINWARD"="c:\program files\EXPERToolGrafika\TBPanel.exe" [2008-07-03 2177576]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"ISTray"="c:\program files\PC Tools\pctsTray.exe" [2008-12-08 1173384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\\RECYCLER\\S-1-5-21-0188579957-9832310369-665519490-9262\\nissan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
--a------ 2007-12-14 10:46 236040 c:\program files\GIGABYTE\GEST\run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 19:31 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 19:31 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 19:31 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-08 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-05-21 130936]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2008-06-22 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2008-06-22 683791]
S3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-06-21 47624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}]
\Shell\AutoRun\command - F:\b00ijwpu.exe
\Shell\open\Command - F:\b00ijwpu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}]
\Shell\AutoRun\command - F:\m0vnonh.bat
\Shell\open\Command - F:\m0vnonh.bat

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-YeppStudioAgent - c:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\30wmu6ta.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPNAVY.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 18:56:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-11-10 18:56:57
ComboFix-quarantined-files.txt  2009-11-10 17:56:55

Przed: 207 101 865 984 bajtów wolnych
Po: 207,105,392,640 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

150   --- E O F ---   2008-11-01 17:01:36


[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{282d74ce-a42f-11dd-ab30-001d7dd11403}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d08a5344-f850-11dd-ac09-001d7dd11403}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

[aras08]

Z przykrością stwierdzam, że trojan nadal jest w rejestrze.

[NieWiem]

Proszę pokazać screena z programu AV gdzie i co znajdują, ostatni raport z Malwarebytes oraz nowego loga z OTL.

[alicja1233]

Hej,
spróbuj zainstalować ten płatny program antywirusowy Kaspersky i przeskanować cały system.powinien pomóc ja miałam nieraz wile trojanów na kompie i ten program sprawdzał i sprawdza się rewelacyjnie. Słyszał ktoś z was o anty keylogger SpyShelter? Warto w niego zainwestować?