Trojan.win32.agent2.cqcw

[swk123]

Jakiś badziew wwalił mi się do komtura i zawsze przy starcie systemu, Kaspersky pokazuje alert, w którym wyraźnie jest napisane że złapał wirusa.
Nie wiem jakie możliwości ma ten Trojan, ale na pewno nie pomaga ;D
Wybierałem każdą możliwość zniszczenia wirusa, jaką proponował mi Kasperski, jednak wszystko na nic, bo gdy tylko uruchomiam system od nowa trojan wraca z nim.

Poniżej daje screany i logi z HJT

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:39, on 2009-07-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\program Files\Manson\liser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy urzytkowe\Kaspersky2009!\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy urzytkowe\Kaspersky2009!\avp.exe
O23 - Service: Usługa Google Update (gupdate1c9c44c2346939a) (gupdate1c9c44c2346939a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5847 bytes


Z góry Dziękuje za pomoc

[Okocza]

swk123, daj log z RSITa

[swk123]

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Slawek123 at 2009-07-02 20:02:47
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 23 GB (55%) free of 41 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:48, on 2009-07-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\program Files\Manson\liser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\PROGRAMYwinamp\winamp.exe
D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
C:\Documents and Settings\Slawek123\Pulpit\RSIT.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\Slawek123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy urzytkowe\Kaspersky2009!\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy urzytkowe\Kaspersky2009!\avp.exe
O23 - Service: Usługa Google Update (gupdate1c9c44c2346939a) (gupdate1c9c44c2346939a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVP"=D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-23 39408]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"kell"=C:\program Files\Manson\liser.exe [2009-06-28 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Gry\stronhold2\MYTH\Stronghold2.exe"="E:\Gry\stronhold2\MYTH\Stronghold2.exe:*:Enabled:Stronghold2"
"D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy urzytkowe\utorrent\uTorrent.exe"="D:\Programy urzytkowe\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE"="D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Gry\World of Warcraft\Repair.exe"="E:\Gry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Programy urzytkowe\p2p\Wru\Wru.exe"="D:\Programy urzytkowe\p2p\Wru\Wru.exe:*:Enabled:Wru P2P Client"
"E:\Gry\Dead!\Dead Space\Dead Space.exe"="E:\Gry\Dead!\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe"="C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"E:\Gry\counter strike\cs\hl.exe"="E:\Gry\counter strike\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\RECYCLER\services.exe"="C:\RECYCLER\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2009-07-02 20:02:46 ----D---- C:\rsit
2009-06-29 09:47:18 ----RSHD---- C:\Program Files\Manson
2009-06-28 11:27:35 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2009-06-21 23:13:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
2009-06-19 13:29:34 ----A---- C:\down.exe
2009-06-10 16:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 16:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 16:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:13:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-10 10:00:03 ----AT---- C:\WoWEmuHacker.exe
2009-06-10 09:29:49 ----SHD---- C:\RECYCLER
2009-06-10 08:44:01 ----A---- C:\ComboFix.txt
2009-06-10 08:39:19 ----D---- C:\WINDOWS\temp
2009-06-10 08:34:20 ----A---- C:\WINDOWS\PEV.exe
2009-06-10 08:32:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-08 19:24:48 ----A---- C:\WINDOWS\TSearch.INI
2009-06-05 15:40:57 ----D---- C:\WINDOWS\ie8updates
2009-06-05 15:39:10 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-07-02 20:02:32 ----D---- C:\WINDOWS\Prefetch
2009-07-02 19:30:29 ----D---- C:\WINDOWS
2009-07-02 16:23:20 ----SD---- C:\WINDOWS\Tasks
2009-07-02 16:22:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-02 12:45:27 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-07-02 12:42:33 ----D---- C:\Fraps
2009-07-02 10:14:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-01 08:06:53 ----SHD---- C:\WINDOWS\Installer
2009-06-30 08:04:41 ----D---- C:\Program Files\Dobra Szkoła v212
2009-06-29 09:47:18 ----RD---- C:\Program Files
2009-06-29 09:41:01 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\OpenOffice.ux.pl2
2009-06-28 12:02:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2009-06-24 11:51:58 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\uTorrent
2009-06-15 18:00:41 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\gtk-2.0
2009-06-13 19:41:06 ----D---- C:\WINDOWS\system32
2009-06-13 18:35:20 ----HD---- C:\WINDOWS\inf
2009-06-13 18:35:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-13 18:35:14 ----D---- C:\Program Files\Internet Explorer
2009-06-13 18:34:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 09:33:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 16:48:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:54:57 ----D---- C:\WINDOWS\system32\drivers
2009-06-10 10:14:04 ----HD---- C:\Config.Msi
2009-06-10 08:44:03 ----HD---- C:\Qoobox
2009-06-10 08:43:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 08:42:12 ----A---- C:\WINDOWS\system.ini
2009-06-10 08:40:42 ----D---- C:\WINDOWS\system32\config
2009-06-10 08:39:48 ----D---- C:\WINDOWS\ERDNT
2009-06-10 08:36:34 ----D---- C:\WINDOWS\AppPatch
2009-06-10 08:36:30 ----D---- C:\Program Files\Common Files
2009-06-07 21:25:08 ----D---- C:\WINDOWS\system32\ias
2009-06-05 17:00:53 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Media
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-10 213520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-26 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-26 25416]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-06-07 29440]
S3 acwhfgl0;acwhfgl0; C:\WINDOWS\system32\drivers\acwhfgl0.sys []
S3 az5aqlms;az5aqlms; C:\WINDOWS\system32\drivers\az5aqlms.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9c44c2346939a;Usługa Google Update (gupdate1c9c44c2346939a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


[Okocza]

C:\program Files\Manson\liser.exe << przeskanuj na www.virustotal.com i daj log ze skanowania


Pobierz i uruchom narzędzie
[url=http://swandog46.geekstogo.com/avenger.zip]The Avenger[/url
w białym polu wklej:

Files to delete

C:\down.exe
C:\WINDOWS\PEV.exe

C:\ComboFix.txt <--- z kiedy jest ten log?

daj log z RSIT po tych czynnościach

[swk123]

Logi ze skanowania:

http://www.virustotal.com/pl/analisis/6d150641138f4692c57331cd4f199a378b83d42531b1d0bc030acc89db648fba-1246559700

LUB

1 http://img2.vpx.pl/up/20090702/log1.png
2 http://img2.vpx.pl/up/20090702/log2.png
3 http://img2.vpx.pl/up/20090702/log3.png

Pobierz i uruchom narzędzie
[url=http://swandog46.geekstogo.com/avenger.zip]The Avenger[/url
w białym polu wklej:

Niestety error ;( SS

C:\ComboFix.txt <--- z kiedy jest ten log?

2009-06-10 8:35.4


LOG Z PROGRAMU

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Slawek123 at 2009-07-02 20:44:40
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 23 GB (55%) free of 41 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:41, on 2009-07-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\program Files\Manson\liser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\PROGRAMYwinamp\winamp.exe
D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\RSIT.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\Slawek123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy urzytkowe\Kaspersky2009!\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy urzytkowe\Kaspersky2009!\avp.exe
O23 - Service: Usługa Google Update (gupdate1c9c44c2346939a) (gupdate1c9c44c2346939a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6031 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVP"=D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-23 39408]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"kell"=C:\program Files\Manson\liser.exe [2009-06-28 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Gry\stronhold2\MYTH\Stronghold2.exe"="E:\Gry\stronhold2\MYTH\Stronghold2.exe:*:Enabled:Stronghold2"
"D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy urzytkowe\utorrent\uTorrent.exe"="D:\Programy urzytkowe\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE"="D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Gry\World of Warcraft\Repair.exe"="E:\Gry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Programy urzytkowe\p2p\Wru\Wru.exe"="D:\Programy urzytkowe\p2p\Wru\Wru.exe:*:Enabled:Wru P2P Client"
"E:\Gry\Dead!\Dead Space\Dead Space.exe"="E:\Gry\Dead!\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe"="C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"E:\Gry\counter strike\cs\hl.exe"="E:\Gry\counter strike\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\RECYCLER\services.exe"="C:\RECYCLER\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2009-07-02 20:40:42 ----A---- C:\avenger.txt
2009-07-02 20:02:46 ----D---- C:\rsit
2009-06-29 09:47:18 ----RSHD---- C:\Program Files\Manson
2009-06-28 11:27:35 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2009-06-21 23:13:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
2009-06-19 13:29:34 ----A---- C:\down.exe
2009-06-10 16:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 16:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 16:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:13:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-10 09:29:49 ----SHD---- C:\RECYCLER
2009-06-10 08:44:01 ----A---- C:\ComboFix.txt
2009-06-10 08:39:19 ----D---- C:\WINDOWS\temp
2009-06-10 08:34:20 ----A---- C:\WINDOWS\PEV.exe
2009-06-10 08:32:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-08 19:24:48 ----A---- C:\WINDOWS\TSearch.INI
2009-06-05 15:40:57 ----D---- C:\WINDOWS\ie8updates
2009-06-05 15:39:10 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-07-02 20:40:00 ----D---- C:\WINDOWS\Prefetch
2009-07-02 19:30:29 ----D---- C:\WINDOWS
2009-07-02 16:23:20 ----SD---- C:\WINDOWS\Tasks
2009-07-02 16:23:19 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2009-07-02 16:22:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-02 12:45:27 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-07-02 12:42:33 ----D---- C:\Fraps
2009-07-02 10:14:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-01 08:06:53 ----SHD---- C:\WINDOWS\Installer
2009-06-30 08:04:41 ----D---- C:\Program Files\Dobra Szkoła v212
2009-06-29 09:47:18 ----RD---- C:\Program Files
2009-06-29 09:41:01 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\OpenOffice.ux.pl2
2009-06-24 11:51:58 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\uTorrent
2009-06-15 18:00:41 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\gtk-2.0
2009-06-13 19:41:06 ----D---- C:\WINDOWS\system32
2009-06-13 18:35:20 ----HD---- C:\WINDOWS\inf
2009-06-13 18:35:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-13 18:35:14 ----D---- C:\Program Files\Internet Explorer
2009-06-13 18:34:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 09:33:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 16:48:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:54:57 ----D---- C:\WINDOWS\system32\drivers
2009-06-10 10:14:04 ----HD---- C:\Config.Msi
2009-06-10 08:44:03 ----HD---- C:\Qoobox
2009-06-10 08:43:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 08:42:12 ----A---- C:\WINDOWS\system.ini
2009-06-10 08:40:42 ----D---- C:\WINDOWS\system32\config
2009-06-10 08:39:48 ----D---- C:\WINDOWS\ERDNT
2009-06-10 08:36:34 ----D---- C:\WINDOWS\AppPatch
2009-06-10 08:36:30 ----D---- C:\Program Files\Common Files
2009-06-07 21:25:08 ----D---- C:\WINDOWS\system32\ias
2009-06-05 17:00:53 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Media
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-10 213520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-26 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-26 25416]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-06-07 29440]
S3 acwhfgl0;acwhfgl0; C:\WINDOWS\system32\drivers\acwhfgl0.sys []
S3 az5aqlms;az5aqlms; C:\WINDOWS\system32\drivers\az5aqlms.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9c44c2346939a;Usługa Google Update (gupdate1c9c44c2346939a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


LOG BEZ OPCJI Execute (samo wklejenie)

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Slawek123 at 2009-07-02 21:21:15
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 23 GB (55%) free of 41 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:16, on 2009-07-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\program Files\Manson\liser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe
D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\spellchecker_gg.exe
D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\avenger.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\RSIT.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\Slawek123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy urzytkowe\Kaspersky2009!\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy urzytkowe\Kaspersky2009!\avp.exe
O23 - Service: Usługa Google Update (gupdate1c9c44c2346939a) (gupdate1c9c44c2346939a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6049 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVP"=D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-23 39408]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"kell"=C:\program Files\Manson\liser.exe [2009-06-28 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Gry\stronhold2\MYTH\Stronghold2.exe"="E:\Gry\stronhold2\MYTH\Stronghold2.exe:*:Enabled:Stronghold2"
"D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy urzytkowe\utorrent\uTorrent.exe"="D:\Programy urzytkowe\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE"="D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Gry\World of Warcraft\Repair.exe"="E:\Gry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Programy urzytkowe\p2p\Wru\Wru.exe"="D:\Programy urzytkowe\p2p\Wru\Wru.exe:*:Enabled:Wru P2P Client"
"E:\Gry\Dead!\Dead Space\Dead Space.exe"="E:\Gry\Dead!\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe"="C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"E:\Gry\counter strike\cs\hl.exe"="E:\Gry\counter strike\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\RECYCLER\services.exe"="C:\RECYCLER\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2009-07-02 20:40:42 ----A---- C:\avenger.txt
2009-07-02 20:02:46 ----D---- C:\rsit
2009-06-29 09:47:18 ----RSHD---- C:\Program Files\Manson
2009-06-28 11:27:35 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2009-06-21 23:13:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
2009-06-19 13:29:34 ----A---- C:\down.exe
2009-06-10 16:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 16:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 16:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:13:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-10 09:29:49 ----SHD---- C:\RECYCLER
2009-06-10 08:44:01 ----A---- C:\ComboFix.txt
2009-06-10 08:39:19 ----D---- C:\WINDOWS\temp
2009-06-10 08:34:20 ----A---- C:\WINDOWS\PEV.exe
2009-06-10 08:32:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-08 19:24:48 ----A---- C:\WINDOWS\TSearch.INI
2009-06-05 15:40:57 ----D---- C:\WINDOWS\ie8updates
2009-06-05 15:39:10 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-07-02 21:20:20 ----D---- C:\WINDOWS\Prefetch
2009-07-02 19:30:29 ----D---- C:\WINDOWS
2009-07-02 16:23:20 ----SD---- C:\WINDOWS\Tasks
2009-07-02 16:23:19 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2009-07-02 16:22:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-02 12:45:27 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-07-02 12:42:33 ----D---- C:\Fraps
2009-07-02 10:14:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-01 08:06:53 ----SHD---- C:\WINDOWS\Installer
2009-06-30 08:04:41 ----D---- C:\Program Files\Dobra Szkoła v212
2009-06-29 09:47:18 ----RD---- C:\Program Files
2009-06-29 09:41:01 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\OpenOffice.ux.pl2
2009-06-24 11:51:58 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\uTorrent
2009-06-15 18:00:41 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\gtk-2.0
2009-06-13 19:41:06 ----D---- C:\WINDOWS\system32
2009-06-13 18:35:20 ----HD---- C:\WINDOWS\inf
2009-06-13 18:35:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-13 18:35:14 ----D---- C:\Program Files\Internet Explorer
2009-06-13 18:34:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 09:33:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 16:48:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:54:57 ----D---- C:\WINDOWS\system32\drivers
2009-06-10 10:14:04 ----HD---- C:\Config.Msi
2009-06-10 08:44:03 ----HD---- C:\Qoobox
2009-06-10 08:43:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 08:42:12 ----A---- C:\WINDOWS\system.ini
2009-06-10 08:40:42 ----D---- C:\WINDOWS\system32\config
2009-06-10 08:39:48 ----D---- C:\WINDOWS\ERDNT
2009-06-10 08:36:34 ----D---- C:\WINDOWS\AppPatch
2009-06-10 08:36:30 ----D---- C:\Program Files\Common Files
2009-06-07 21:25:08 ----D---- C:\WINDOWS\system32\ias
2009-06-05 17:00:53 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Media
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-10 213520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-26 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-26 25416]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-06-07 29440]
S3 acwhfgl0;acwhfgl0; C:\WINDOWS\system32\drivers\acwhfgl0.sys []
S3 az5aqlms;az5aqlms; C:\WINDOWS\system32\drivers\az5aqlms.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9c44c2346939a;Usługa Google Update (gupdate1c9c44c2346939a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


PS Win-Trojan/OnlineGameHack.61440.ED - Nie używam żadnych czitów! ;O

[Okocza]

swk123,

Kod: Zaznacz wszystko

Files to delete:

C:\down.exe
C:\WINDOWS\PEV.exe
C:\ComboFix.txt

Folders to delete:
C:\Program Files\Manson
C:\Qoobox

tak wklej, przepraszam, zapomniałem o dwukropku na końcu.

jeszcze raz z tym Avengerem i wracasz z RSITem

[swk123]

Wkleiłem

Files to delete:

C:\down.exe
C:\WINDOWS\PEV.exe
C:\ComboFix.txt

Folders to delete:
C:\Program Files\Manson
C:\Qoobox

Wykonałem skan: ( bez naciskania Execute )

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Slawek123 at 2009-07-03 08:17:10
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 23 GB (55%) free of 41 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:17:10, on 2009-07-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy urzytkowe\Kaspersky2009!\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\program Files\Manson\liser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\avenger.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\RSIT.exe
C:\Documents and Settings\Slawek123\Pulpit\combo\Slawek123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy urzytkowe\Kaspersky2009!\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy urzytkowe\Kaspersky2009!\avp.exe
O23 - Service: Usługa Google Update (gupdate1c9c44c2346939a) (gupdate1c9c44c2346939a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5931 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-08 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-08 81920]
"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVP"=D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-23 39408]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"kell"=C:\program Files\Manson\liser.exe [2009-06-28 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="d:\progra~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\mzvkbd3.dll,,,,,,,,,,,,,,,,,,c:\progra~1\Manson\liser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Gry\stronhold2\MYTH\Stronghold2.exe"="E:\Gry\stronhold2\MYTH\Stronghold2.exe:*:Enabled:Stronghold2"
"D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy urzytkowe\utorrent\uTorrent.exe"="D:\Programy urzytkowe\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE"="D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Gry\World of Warcraft\Repair.exe"="E:\Gry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Programy urzytkowe\p2p\Wru\Wru.exe"="D:\Programy urzytkowe\p2p\Wru\Wru.exe:*:Enabled:Wru P2P Client"
"E:\Gry\Dead!\Dead Space\Dead Space.exe"="E:\Gry\Dead!\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe"="C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe"="D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe"="C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"E:\Gry\counter strike\cs\hl.exe"="E:\Gry\counter strike\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\RECYCLER\services.exe"="C:\RECYCLER\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2009-07-03 08:13:19 ----A---- C:\yseqhkk.txt
2009-07-02 20:40:42 ----A---- C:\avenger.txt
2009-07-02 20:02:46 ----D---- C:\rsit
2009-06-29 09:47:18 ----RSHD---- C:\Program Files\Manson
2009-06-28 11:27:35 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
2009-06-21 23:13:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
2009-06-10 16:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 16:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 16:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 16:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:13:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-10 09:29:49 ----SHD---- C:\RECYCLER
2009-06-10 08:44:01 ----A---- C:\ComboFix.txt
2009-06-10 08:39:19 ----D---- C:\WINDOWS\temp
2009-06-10 08:34:20 ----A---- C:\WINDOWS\PEV.exe
2009-06-10 08:32:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-08 19:24:48 ----A---- C:\WINDOWS\TSearch.INI
2009-06-05 15:40:57 ----D---- C:\WINDOWS\ie8updates
2009-06-05 15:39:10 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-07-03 08:13:19 ----D---- C:\WINDOWS\system32\drivers
2009-07-03 08:09:06 ----SD---- C:\WINDOWS\Tasks
2009-07-03 08:08:33 ----D---- C:\WINDOWS
2009-07-02 21:33:49 ----D---- C:\WINDOWS\Prefetch
2009-07-02 16:23:19 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2009-07-02 16:22:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-02 12:45:27 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-07-02 12:42:33 ----D---- C:\Fraps
2009-07-02 10:14:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-01 08:06:53 ----SHD---- C:\WINDOWS\Installer
2009-06-30 08:04:41 ----D---- C:\Program Files\Dobra Szkoła v212
2009-06-29 09:47:18 ----RD---- C:\Program Files
2009-06-29 09:41:01 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\OpenOffice.ux.pl2
2009-06-24 11:51:58 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\uTorrent
2009-06-15 18:00:41 ----D---- C:\Documents and Settings\Slawek123\Dane aplikacji\gtk-2.0
2009-06-13 19:41:06 ----D---- C:\WINDOWS\system32
2009-06-13 18:35:20 ----HD---- C:\WINDOWS\inf
2009-06-13 18:35:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-13 18:35:14 ----D---- C:\Program Files\Internet Explorer
2009-06-13 18:34:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 09:33:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 16:48:56 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:14:04 ----HD---- C:\Config.Msi
2009-06-10 08:44:03 ----HD---- C:\Qoobox
2009-06-10 08:43:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 08:42:12 ----A---- C:\WINDOWS\system.ini
2009-06-10 08:40:42 ----D---- C:\WINDOWS\system32\config
2009-06-10 08:39:48 ----D---- C:\WINDOWS\ERDNT
2009-06-10 08:36:34 ----D---- C:\WINDOWS\AppPatch
2009-06-10 08:36:30 ----D---- C:\Program Files\Common Files
2009-06-07 21:25:08 ----D---- C:\WINDOWS\system32\ias
2009-06-05 17:00:53 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Media
2009-06-05 17:00:53 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-06-10 213520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-26 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-26 25416]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-08 7434336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-06-07 29440]
S3 ai74jiq8;ai74jiq8; C:\WINDOWS\system32\drivers\ai74jiq8.sys []
S3 avzitlms;avzitlms; C:\WINDOWS\system32\drivers\avzitlms.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; D:\Programy urzytkowe\Kaspersky2009!\avp.exe [2009-06-10 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-08 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9c44c2346939a;Usługa Google Update (gupdate1c9c44c2346939a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Z wykonaniem Execute



pozwolić na działanie?

[wojtas]

tak pozwol i daj nowego loga z OTL i raport z avengera.

[swk123]

Avenger LOG

Kod: Zaznacz wszystko

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Thu Jul 02 20:40:42 2009

20:40:42: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Thu Jul 02 20:40:50 2009

20:40:50: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Thu Jul 02 20:41:06 2009

20:41:06: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Thu Jul 02 20:41:40 2009

20:41:40: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)
Thu Jul 02 21:20:55 2009

21:20:55: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\down.exe" not found!
Deletion of file "C:\down.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\PEV.exe" deleted successfully.
File "C:\ComboFix.txt" deleted successfully.
Folder "C:\Program Files\Manson" deleted successfully.
Folder "C:\Qoobox" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


Log z OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-03 12:52:04 - Run 1
OTL by OldTimer - Version 3.0.6.3     Folder = C:\Documents and Settings\Slawek123\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,38% Memory free
3,84 Gb Paging File | 3,53 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 21,55 Gb Free Space | 53,82% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 57,30 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive E: | 134,25 Gb Total Space | 54,23 Gb Free Space | 40,40% Space Free | Partition Type: NTFS
Drive F: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRZEMEK
Current User Name: Slawek123
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004-02-12 13:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe
PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe
PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-01-08 19:53:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-06-12 11:48:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
PRC - [2009-07-03 12:51:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Slawek123\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe -- (AVP [Auto | Running])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-04-23 21:45:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c44c2346939a [Auto | Stopped])
SRV - [2009-04-23 21:42:39 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-01-08 19:53:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004-03-18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2004-06-07 18:40:32 | 00,029,440 | ---- | M] (Siemens AG) -- C:\WINDOWS\System32\drivers\actser.sys -- (actser [On_Demand | Stopped])
DRV - [2008-06-26 12:17:59 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped])
DRV - [2008-06-21 18:37:33 | 00,016,376 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004-06-21 22:35:12 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004-06-21 22:35:12 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004-06-21 22:35:12 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007-09-19 11:16:32 | 04,617,728 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-07-21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009-06-10 10:54:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009-06-10 10:54:57 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008-04-30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2008-06-26 12:17:59 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-01-08 19:53:00 | 07,434,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-02-02 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-09-19 15:44:46 | 00,101,504 | R--- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2007-06-25 11:43:22 | 00,082,984 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117bus.sys -- (s117bus [On_Demand | Stopped])
DRV - [2007-06-25 11:43:26 | 00,014,888 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117mdfl.sys -- (s117mdfl [On_Demand | Stopped])
DRV - [2007-06-25 11:43:36 | 00,108,456 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117mdm.sys -- (s117mdm [On_Demand | Stopped])
DRV - [2007-06-25 11:43:38 | 00,098,344 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117obex.sys -- (s117obex [On_Demand | Stopped])
DRV - [2007-06-25 11:43:36 | 00,098,856 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117unic.sys -- (s117unic [On_Demand | Stopped])
DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008-06-22 17:33:20 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://interia.pl/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad.lukman.pl/wpad.dat"
FF - prefs.js..network.proxy.http_port: 1
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-07 18:53:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\Programy urzytkowe\Mozilla Fierfox\components [2009-06-15 14:14:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\Programy urzytkowe\Mozilla Fierfox\plugins [2009-06-12 11:48:09 | 00,000,000 | ---D | M]

[2008-11-26 16:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Extensions
[2008-11-26 16:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-03 10:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions
[2009-04-15 18:53:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-04-08 20:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009-01-30 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] D:\Programy urzytkowe\Kaspersky2009!\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [kell] C:\program Files\Manson\liser.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.240.0.1 217.17.34.68
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (d:\progra~1\kasper~1\mzvkbd.dll) - d:\Programy urzytkowe\Kaspersky2009!\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (d:\progra~1\kasper~1\mzvkbd3.dll) - d:\Programy urzytkowe\Kaspersky2009!\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - c:\progra~1\Manson\liser.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-21 19:04:00 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-07-03 12:51:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Slawek123\Pulpit\OTL.exe
[2009-07-03 12:48:28 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-07-03 10:52:00 | 52,399,9998 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\Anakon.3.Potomst..part1.rar
[2009-07-03 08:24:49 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ajuf.sys
[2009-07-03 08:18:33 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\kaoh.sys
[2009-07-03 08:13:19 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\zzkwihc.sys
[2009-07-02 20:02:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009-07-02 10:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\Pathe na 3.1.3
[2009-07-01 08:06:50 | 00,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-07-01 08:06:49 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-06-29 09:47:18 | 00,498,630 | ---- | C] () -- C:\wow.jpg
[2009-06-28 11:27:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
[2009-06-24 23:07:43 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Slawek123\Moje dokumenty\nexus.doc
[2009-06-22 14:13:33 | 00,000,550 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\Wow.lnk
[2009-06-21 23:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2009-06-19 13:29:34 | 00,114,688 | ---- | C] () -- C:\gsadgPNG02.ico
[2009-06-18 21:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\Deployment
[2009-06-15 18:19:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\BAD
[2009-06-11 18:25:13 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009-06-11 18:25:13 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009-06-11 09:35:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\CS.lnk
[2009-06-10 10:14:00 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009-06-10 10:14:00 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009-06-10 10:13:31 | 04,630,560 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-06-10 10:13:31 | 00,557,088 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-06-10 10:13:31 | 00,039,352 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-06-10 10:13:31 | 00,005,080 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-06-10 10:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2009-06-10 10:13:15 | 00,213,520 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009-06-10 09:29:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-06-10 08:39:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-06-08 19:24:48 | 00,001,824 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2009-06-05 15:40:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009-06-05 15:40:42 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009-06-05 15:39:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2008-12-09 22:27:41 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-11-01 17:13:42 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-11-01 17:13:41 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-11-01 17:13:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-01 17:13:40 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-11-01 17:13:40 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-03 20:02:58 | 00,000,096 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008-06-26 12:17:59 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-06-26 12:17:59 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-06-26 12:05:22 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-06-22 17:33:20 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-21 19:05:14 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008-06-21 19:00:06 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-06-21 19:00:06 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-06-21 19:00:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-06-21 19:00:05 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-06-21 19:00:05 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-06-21 14:31:41 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-06-21 14:31:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-06-21 14:10:51 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002-09-10 17:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001-07-22 00:16:20 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-07-03 12:51:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Slawek123\Pulpit\OTL.exe
[2009-07-03 12:49:11 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-07-03 12:48:56 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-07-03 12:48:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-07-03 12:48:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-03 12:47:55 | 04,630,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-07-03 12:47:55 | 00,557,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-07-03 12:47:55 | 00,039,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-07-03 12:47:55 | 00,005,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-07-03 12:47:25 | 02,640,900 | -H-- | M] () -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-07-03 12:43:30 | 52,399,9998 | ---- | M] () -- C:\Documents and Settings\Slawek123\Pulpit\Anakon.3.Potomst..part1.rar
[2009-07-03 12:11:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-07-03 08:24:53 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ajuf.sys
[2009-07-03 08:19:15 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\kaoh.sys
[2009-07-03 08:14:11 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\zzkwihc.sys
[2009-07-02 21:20:07 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-29 21:26:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-06-28 11:20:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-06-24 23:07:43 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Slawek123\Moje dokumenty\nexus.doc
[2009-06-23 22:25:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-06-22 14:13:33 | 00,000,550 | ---- | M] () -- C:\Documents and Settings\Slawek123\Pulpit\Wow.lnk
[2009-06-19 13:59:29 | 00,001,824 | ---- | M] () -- C:\WINDOWS\TSearch.INI
[2009-06-11 09:35:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\Slawek123\Pulpit\CS.lnk
[2009-06-10 16:58:55 | 00,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-10 16:48:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-06-10 10:54:57 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009-06-10 10:54:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009-06-10 10:54:55 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009-06-10 10:54:55 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009-06-10 10:08:45 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-06-10 08:43:16 | 01,117,222 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-06-10 08:43:16 | 00,500,826 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-06-10 08:43:16 | 00,441,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-06-10 08:43:16 | 00,089,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-06-10 08:43:16 | 00,071,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-06-10 08:42:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-06-10 08:41:54 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:61435A52
< End of report >


LOG Extras

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2009-07-03 12:52:04 - Run 1
OTL by OldTimer - Version 3.0.6.3     Folder = C:\Documents and Settings\Slawek123\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,38% Memory free
3,84 Gb Paging File | 3,53 Gb Available in Paging File | 91,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 21,55 Gb Free Space | 53,82% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 57,30 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive E: | 134,25 Gb Total Space | 54,23 Gb Free Space | 40,40% Space Free | Partition Type: NTFS
Drive F: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRZEMEK
Current User Name: Slawek123
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005-04-22 21:34:50 | 16,420,864 | ---- | M] () -- E:\Gry\stronhold2\MYTH\Stronghold2.exe:*:Enabled:Stronghold2
[2008-10-10 11:50:44 | 06,500,960 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy urzytkowe\gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta
[2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009-06-16 07:48:47 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- D:\Programy urzytkowe\utorrent\uTorrent.exe:*:Enabled:µTorrent
[2006-02-16 07:54:00 | 00,842,788 | ---- | M] (C. Ghisler & Co.) -- D:\Programy urzytkowe\TC\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows
[2008-09-23 14:28:10 | 21,872,936 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
File not found -- E:\Gry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
[2008-12-20 14:16:28 | 02,170,880 | ---- | M] (Lavorate Sp.z.o.o.) -- D:\Programy urzytkowe\p2p\Wru\Wru.exe:*:Enabled:Wru P2P Client
[2008-09-27 16:37:34 | 20,796,680 | ---- | M] () -- E:\Gry\Dead!\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™
[2008-02-20 18:55:12 | 03,067,144 | ---- | M] (IniCom Networks, Inc.) -- C:\Documents and Settings\Slawek123\Pulpit\FlashFXP.exe:*:Enabled:FlashFXP
[2009-03-09 05:19:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
[2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- D:\Programy urzytkowe\nowe gg\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
[2008-01-30 10:26:38 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup
[2005-09-30 03:42:57 | 00,081,920 | ---- | M] (Valve) -- E:\Gry\counter strike\cs\hl.exe:*:Enabled:Half-Life Launcher
File not found -- C:\RECYCLER\services.exe:*:Enabled:services.exe


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AB76A8F-521E-40A8-B86F-A6CCB64605FB}" = Dobra Szkoła v212
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A147CB0-022B-429B-AAB8-91E8354DD31E}" = OpenOffice.ux.pl 2.0.4
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DBF3C3D-5B6D-45B2-A08B-B06490E2666F}_is1" = Wru! 1.1.1
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{4E227EFF-CFBC-415E-A7FD-D6C15CA908AE}" = Desktop Restore
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK
"{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A20EF70-2732-11D4-B952-0060970CDF91}" = Data Exchange Software
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A542D955-9F05-4C74-8866-25DDC0DB15DB}" = SIEMENS USB Data Cable
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish
"{B12BA4BB-BA40-43CD-BA2F-A9332EC48CF5}_is1" = Prec 1.5.0.3
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin
"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ALLPlayer V2.3.1_is1" = ALLPlayer V2.3.1
"Audacity_is1" = Audacity 1.2.6
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"Browser MOUSE" = Browser MOUSE
"CCleaner" = CCleaner (remove only)
"Dobra Szkoła v212" = Dobra Szkoła v212
"FastStone Image Viewer" = FastStone Image Viewer 2.9
"ffdshow_is1" = ffdshow [rev 2253] [2008-10-26]
"Fraps" = Fraps (remove only)
"Gimnazjum - Chemia Nowej Ery 2" = Gimnazjum - Chemia Nowej Ery 2
"Google Chrome" = Google Chrome
"Google Updater" = Aktualizator Google
"Hide IP NG_is1" = Hide IP NG 1.46
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"InstallShield_{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"IrfanView" = IrfanView (remove only)
"IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK
"mIRC" = mIRC
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Muiltmedia keyboard utility 1.3" = Muiltmedia keyboard utility 1.3
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"RealAlt_is1" = Real Alternative 1.9.0
"Słownik angielsko-polski_is1" = Słownik angielsko-polski wersja 2.24
"Sniper Elite PL_is1" = Sniper Elite PL
"Super Fast Shutdown_is1" = Super Fast Shutdown 1.0
"Synergia ModAgent_is1" = Synergia ModAgent 1.0.0.6
"TC PowerPack" = TC PowerPack 1.7
"VDOTool_is1" = VDOTool 6.1
"Video mp3 Extractor Pro_is1" = Video mp3 Extractor Pro
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinRAR archiver" = Archiwizator WinRAR
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Yahoo! Companion" = Yahoo! Companion

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Program chyba pomógł bo Kaspersky nie znajduje już trojana

THX

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [kell] C:\program Files\Manson\liser.exe File not found
O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - c:\progra~1\Manson\liser.dll File not found

:Files
C:\WINDOWS\System32\drivers\ajuf.sys
C:\WINDOWS\System32\drivers\kaoh.sys
C:\WINDOWS\System32\drivers\zzkwihc.sys

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

[swk123]

Raport:

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kell deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\Manson\liser.dll deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\drivers\ajuf.sys moved successfully.
C:\WINDOWS\System32\drivers\kaoh.sys moved successfully.
C:\WINDOWS\System32\drivers\zzkwihc.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: xxxx
->Temp folder emptied: 5728 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 7618371 bytes
->FireFox cache emptied: 52226483 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: xxx
->Temp folder emptied: 2338 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 7618305 bytes
->FireFox cache emptied: 45739946 bytes

User: xxxxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 583306 bytes

User: Slawek123
->Temp folder emptied: 41587224 bytes
File delete failed. C:\Documents and Settings\Slawek123\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 15786458 bytes
->Java cache emptied: 9005975 bytes
->FireFox cache emptied: 89196643 bytes
->Google Chrome cache emptied: 8357731 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
Windows Temp folder emptied: 2730976 bytes

RecycleBin emptied: 850121763 bytes

Total Files Cleaned = 1079,45 mb


OTL by OldTimer - Version 3.0.6.3 log created on 07062009_085219

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL.TXT:

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-06 08:57:50 - Run 2
OTL by OldTimer - Version 3.0.6.3     Folder = C:\Documents and Settings\Slawek123\Pulpit\combo
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,18% Memory free
3,84 Gb Paging File | 3,52 Gb Available in Paging File | 91,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 21,24 Gb Free Space | 53,04% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 57,30 Gb Free Space | 97,79% Space Free | Partition Type: NTFS
Drive E: | 134,25 Gb Total Space | 52,81 Gb Free Space | 39,34% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRZEMEK
Current User Name: Slawek123
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe
PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-01-08 19:53:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008-04-14 19:21:32 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2004-02-12 13:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe
PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009-06-12 11:48:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Programy urzytkowe\Mozilla Fierfox\firefox.exe
PRC - [2009-07-03 12:51:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Slawek123\Pulpit\combo\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-06-10 10:54:57 | 00,206,088 | ---- | M] (Kaspersky Lab) -- D:\Programy urzytkowe\Kaspersky2009!\avp.exe -- (AVP [Auto | Running])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-04-23 21:45:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c44c2346939a [Auto | Stopped])
SRV - [2009-04-23 21:42:39 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-01-08 19:53:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004-03-18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2004-06-07 18:40:32 | 00,029,440 | ---- | M] (Siemens AG) -- C:\WINDOWS\System32\drivers\actser.sys -- (actser [On_Demand | Stopped])
DRV - [2008-06-26 12:17:59 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped])
DRV - [2008-06-21 18:37:33 | 00,016,376 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004-06-21 22:35:12 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004-06-21 22:35:12 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004-06-21 22:35:12 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007-09-19 11:16:32 | 04,617,728 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-07-21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009-06-10 10:54:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009-06-10 10:54:57 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008-04-30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2008-06-26 12:17:59 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-01-08 19:53:00 | 07,434,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-02-02 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-09-19 15:44:46 | 00,101,504 | R--- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2007-06-25 11:43:22 | 00,082,984 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117bus.sys -- (s117bus [On_Demand | Stopped])
DRV - [2007-06-25 11:43:26 | 00,014,888 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117mdfl.sys -- (s117mdfl [On_Demand | Stopped])
DRV - [2007-06-25 11:43:36 | 00,108,456 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117mdm.sys -- (s117mdm [On_Demand | Stopped])
DRV - [2007-06-25 11:43:38 | 00,098,344 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117obex.sys -- (s117obex [On_Demand | Stopped])
DRV - [2007-06-25 11:43:36 | 00,098,856 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s117unic.sys -- (s117unic [On_Demand | Stopped])
DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008-06-22 17:33:20 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-03-16 10:11:38 | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://interia.pl/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad.lukman.pl/wpad.dat"
FF - prefs.js..network.proxy.http_port: 1
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-07 18:53:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\Programy urzytkowe\Mozilla Fierfox\components [2009-06-15 14:14:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\Programy urzytkowe\Mozilla Fierfox\plugins [2009-06-12 11:48:09 | 00,000,000 | ---D | M]

[2008-11-26 16:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Extensions
[2008-11-26 16:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-05 11:39:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions
[2009-04-15 18:53:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-04-08 20:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009-01-30 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Slawek123\Dane aplikacji\mozilla\Firefox\Profiles\fpd9chak.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy urzytkowe\Kaspersky2009!\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] D:\Programy urzytkowe\Kaspersky2009!\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy urzytkowe\Kaspersky2009!\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.240.0.1 217.17.34.68
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (d:\progra~1\kasper~1\mzvkbd.dll) - d:\Programy urzytkowe\Kaspersky2009!\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (d:\progra~1\kasper~1\mzvkbd3.dll) - d:\Programy urzytkowe\Kaspersky2009!\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-21 19:04:00 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ed5d74e-43e1-11de-8a55-001d7dadae61}\Shell\AutoRun\command - "" = G:\2nuk.com -- File not found
O33 - MountPoints2\{5ed5d74e-43e1-11de-8a55-001d7dadae61}\Shell\open\Command - "" = G:\2nuk.com -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-07-06 08:52:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-07-04 12:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Dane aplikacji\Acreon
[2009-07-04 12:29:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\._Revolution_
[2009-07-04 12:29:16 | 02,542,309 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\WowMatrix.exe
[2009-07-03 17:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\ANAKONDA ;O
[2009-07-03 16:27:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\Interface
[2009-07-03 12:48:28 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-07-02 20:02:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009-07-02 10:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\Pathe na 3.1.3
[2009-07-01 08:06:50 | 00,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-07-01 08:06:49 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-06-29 09:47:18 | 00,498,630 | ---- | C] () -- C:\wow.jpg
[2009-06-28 11:27:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Dane aplikacji\Kaspersky_Key_Finder_(KKF
[2009-06-24 23:07:43 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Slawek123\Moje dokumenty\nexus.doc
[2009-06-22 14:13:33 | 00,000,550 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\WoW.lnk
[2009-06-21 23:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2009-06-19 13:29:34 | 00,114,688 | ---- | C] () -- C:\gsadgPNG02.ico
[2009-06-18 21:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\Deployment
[2009-06-15 18:19:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Slawek123\Pulpit\BAD
[2009-06-11 18:25:13 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009-06-11 18:25:13 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009-06-11 09:35:09 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\Slawek123\Pulpit\CS.lnk
[2009-06-10 10:14:00 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009-06-10 10:14:00 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009-06-10 10:13:31 | 04,630,560 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-06-10 10:13:31 | 00,573,472 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-06-10 10:13:31 | 00,039,352 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-06-10 10:13:31 | 00,005,136 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-06-10 10:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2009-06-10 10:13:15 | 00,213,520 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009-06-10 09:29:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-06-10 08:39:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-06-08 19:24:48 | 00,001,824 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2008-12-09 22:27:41 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-11-01 17:13:42 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-11-01 17:13:41 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-11-01 17:13:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-01 17:13:40 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-11-01 17:13:40 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-03 20:02:58 | 00,000,096 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008-06-26 12:17:59 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-06-26 12:17:59 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-06-26 12:05:22 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-06-22 17:33:20 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-21 19:05:14 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008-06-21 19:00:06 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-06-21 19:00:06 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-06-21 19:00:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-06-21 19:00:05 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-06-21 19:00:05 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-06-21 14:31:41 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-06-21 14:31:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-06-21 14:10:51 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002-09-10 17:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001-07-22 00:16:20 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-07-06 08:54:13 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-07-06 08:54:00 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-07-06 08:53:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-07-06 08:53:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-06 08:53:01 | 00,573,472 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-07-06 08:53:01 | 00,039,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-07-06 08:53:01 | 00,005,136 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-07-06 08:53:00 | 04,630,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-07-06 08:11:15 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-07-05 11:12:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-07-03 18:27:43 | 00,000,550 | ---- | M] () -- C:\Documents and Settings\Slawek123\Pulpit\WoW.lnk
[2009-07-03 17:34:40 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-03 12:47:25 | 02,640,900 | -H-- | M] () -- C:\Documents and Settings\Slawek123\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-06-29 21:26:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-06-24 23:07:43 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Slawek123\Moje dokumenty\nexus.doc
[2009-06-23 22:25:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-06-19 13:59:29 | 00,001,824 | ---- | M] () -- C:\WINDOWS\TSearch.INI
[2009-06-11 09:35:09 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\Slawek123\Pulpit\CS.lnk
[2009-06-10 16:58:55 | 00,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-10 16:48:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-06-10 10:54:57 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009-06-10 10:54:57 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009-06-10 10:54:55 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009-06-10 10:54:55 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009-06-10 10:08:45 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-06-10 08:43:16 | 01,117,222 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-06-10 08:43:16 | 00,500,826 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-06-10 08:43:16 | 00,441,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-06-10 08:43:16 | 00,089,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-06-10 08:43:16 | 00,071,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-06-10 08:42:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-06-10 08:41:54 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:61435A52
< End of report >


Teraz ok ?

[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji