Trojany po usunięciu - proszę o spr. loga

[Devilek]

Jakis czas temu nalapalem dosc sporo trojanow co widac na raporcie ponizej...

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 3089
Windows 5.1.2600 Dodatek Service Pack 3

2009-11-16 20:29:44
mbam-log-2009-11-16 (20-29-44).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 175891
Upłynęło: 17 minute(s), 47 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 4
Zainfekowane foldery: 0
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\rg9g9bgq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Welcome\Ustawienia lokalne\temp\cvasds1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Welcome\Ustawienia lokalne\temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Po krutkiej walce wydaje mi sie ze wyelminowalem wszystko ale chce sie upewnic ponizej daje kilka logow:

Kod: Zaznacz wszystko

OTL logfile created on: 2009-11-16 22:40:26 - Run 3
OTL by OldTimer - Version 3.1.3.1     Folder = C:\Documents and Settings\Welcome\Pulpit\CLEAN UP
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 60,91% Memory free
3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 9,61 Gb Free Space | 6,56% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 9,42 Gb Free Space | 4,82% Space Free | Partition Type: NTFS
Drive E: | 123,97 Gb Total Space | 0,98 Gb Free Space | 0,79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Welcome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-02 22:21:58 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Welcome\Pulpit\CLEAN UP\OTL.exe
PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-12-20 10:01:10 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-11-10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008-09-20 20:36:11 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005-05-24 22:41:09 | 00,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-02 22:21:58 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Welcome\Pulpit\CLEAN UP\OTL.exe
MOD - [2008-09-20 20:37:45 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-09-20 20:36:10 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-09 18:57:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-08-30 20:17:30 | 03,407,412 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-11-19 01:28:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008-09-20 20:35:09 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007-09-20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006-12-01 10:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) avast! Standard Shield Support [File_System | Auto | Running]
DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) avast! Self Protection [Kernel | System | Running]
DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) aswFsBlk [File_System | Auto | Running]
DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) avast! Network Shield Support [Kernel | System | Running]
DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) aswRdr [Kernel | On_Demand | Running]
DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running]
DRV - [2009-08-29 17:04:42 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped]
DRV - [2008-11-12 14:54:00 | 06,188,320 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) nv [Kernel | On_Demand | Running]
DRV - [2008-10-26 07:55:03 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) sptd [Kernel | Boot | Running]
DRV - [2008-09-20 20:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Sterownik magistrali Microsoft UAA dla High Definition Audio [Kernel | On_Demand | Running]
DRV - [2008-09-20 20:35:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) Sterownik bezpośredniego połączenia kablowego [Kernel | On_Demand | Running]
DRV - [2008-09-20 20:34:30 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) Secdrv [Kernel | On_Demand | Stopped]
DRV - [2008-05-29 11:33:10 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH) ENTECH [Kernel | On_Demand | Stopped]
DRV - [2008-04-29 09:00:00 | 00,288,896 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running]
DRV - [2008-04-17 15:33:26 | 04,707,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running]
DRV - [2007-10-23 17:48:16 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) ASUS Virtual Video Capture Device Driver [Kernel | On_Demand | Stopped]
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) PxHelp20 [Kernel | Boot | Running]
DRV - [2006-11-30 15:13:56 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM) [Kernel | On_Demand | Stopped]
DRV - [2006-06-14 13:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP) EIO_XP [Kernel | System | Running]


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\S-1-5-21-1659004503-1801674531-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..network.proxy.backup.ftp: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.triple.pl"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.triple.pl"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.triple.pl"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.triple.pl"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.triple.pl"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-11-01 23:50:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-09 18:57:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-12-20 10:01:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-09 18:57:59 | 00,000,000 | ---D | M]

[2009-09-26 17:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-04-16 07:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008-10-12 20:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{90BCCD47-C818-41be-910E-0582947E30AF}
[2009-11-16 09:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions
[2008-10-26 07:58:03 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\searchplugins\daemon-search.xml
[2009-01-05 19:02:20 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\searchplugins\winamp-search.xml
[2008-11-15 08:38:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009-11-09 18:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008-10-12 19:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-20 10:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-16 09:42:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-12-20 10:01:09 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008-12-20 10:01:10 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008-12-20 10:01:10 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008-12-20 10:01:10 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008-12-20 10:01:10 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007-04-10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008-08-06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009-11-09 18:57:52 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008-12-20 10:01:10 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003-07-15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007-12-11 09:07:00 | 00,307,200 | ---- | M] (ESKA) -- C:\Program Files\Mozilla Firefox\plugins\npOggX.dll
[2007-12-21 02:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007-12-21 02:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008-11-15 08:38:24 | 00,000,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2008-11-15 08:38:24 | 00,001,419 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2008-11-15 08:38:24 | 00,002,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008-11-15 08:38:24 | 00,000,926 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2008-11-15 08:38:24 | 00,000,866 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2008-11-15 08:38:24 | 00,001,198 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2008-11-15 08:38:24 | 00,001,693 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-12 18:44:55 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-11-16 20:29:20 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-11-16 20:29:20 | 00,000,055 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\Shell\AutoRun\command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\Shell\open\Command - "" = H:\rg9g9bgq.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-16 22:37:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Welcome\Recent
[2009-11-16 22:34:32 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009-11-16 22:34:24 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009-11-16 20:36:22 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-11-16 20:36:22 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-11-16 20:36:21 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-11-16 20:36:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-11-16 20:36:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-11-16 20:36:20 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-11-16 20:36:19 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-11-16 20:36:19 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-11-16 20:35:55 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-11-16 20:35:55 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009-11-16 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009-11-15 11:28:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\rawrt
[2009-11-13 13:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\999
[2009-11-09 19:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\zuo
[2009-11-09 18:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009-11-09 18:57:06 | 00,000,000 | ---D | C] -- C:\JDK
[2009-11-09 18:23:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\1
[2009-11-09 15:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\Program
[2009-11-02 21:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Dane aplikacji\Malwarebytes
[2009-11-02 21:54:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-11-02 21:54:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-11-02 21:54:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-11-02 21:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-11-02 20:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\Blizzard Entertainment
[2009-11-01 23:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Moje dokumenty\Aspyr
[2009-11-01 23:51:18 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009-11-01 23:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-11-01 23:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-11-01 23:49:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-11-01 23:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-11-01 23:49:24 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-11-01 23:49:24 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-11-01 23:49:24 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-11-01 23:49:23 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-11-01 23:49:23 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-11-01 23:49:23 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-11-01 23:49:23 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-11-01 23:49:23 | 00,000,000 | -H-D | C] -- C:\87cce179826c2f5c6366a2dcaa9df1ad
[2009-11-01 22:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\Aspyr
[2009-10-26 07:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Dane aplikacji\InstallShield
[2009-10-25 21:51:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\badzio
[2009-10-19 15:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\Matematyka
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-16 21:25:37 | 00,002,568 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-11-16 21:23:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-16 21:23:06 | 00,199,135 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-11-16 21:23:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-16 21:23:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-16 20:54:41 | 21,458,98496 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-16 20:53:53 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Welcome\NTUSER.DAT
[2009-11-16 20:36:22 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-16 20:35:07 | 39,769,408 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\setuppol.exe
[2009-11-16 19:33:13 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk
[2009-11-16 18:39:43 | 00,114,987 | RHS- | M] () -- C:\9g86.exe
[2009-11-16 16:45:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-15 22:41:27 | 00,175,616 | ---- | M] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-15 11:28:21 | 14,805,676 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\rawrt.zip
[2009-11-09 18:22:59 | 00,488,134 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\1.rar
[2009-11-09 14:53:49 | 00,017,708 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\zuo.rar
[2009-11-09 14:53:34 | 00,004,139 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Program.rar
[2009-11-09 08:27:47 | 00,042,168 | ---- | M] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-08 23:54:40 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Welcome\ntuser.ini
[2009-11-02 21:54:18 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-02 21:54:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-11-02 21:54:18 | 00,000,258 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-02 21:51:47 | 00,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-01 23:50:20 | 01,180,772 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-01 23:50:20 | 00,529,092 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-01 23:50:20 | 00,468,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-01 23:50:20 | 00,095,680 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-01 23:50:20 | 00,076,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-01 23:45:19 | 00,000,854 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Star Wars The Force Unleashed.lnk
[2009-10-27 21:16:31 | 00,049,386 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\1.JPG
[2009-10-26 20:13:16 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Welcome\Moje dokumenty\Ankieta.doc
[2009-10-25 21:51:35 | 03,575,630 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\badzio.rar
[2009-10-18 14:29:50 | 39,493,0619 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Mam.Talent.S02E06.rmvb
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-16 20:36:22 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-16 20:35:55 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-11-16 20:13:19 | 39,769,408 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\setuppol.exe
[2009-11-16 18:40:10 | 00,114,987 | RHS- | C] () -- C:\9g86.exe
[2009-11-15 11:27:58 | 14,805,676 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\rawrt.zip
[2009-11-09 18:23:02 | 00,488,134 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\1.rar
[2009-11-09 14:53:52 | 00,017,708 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\zuo.rar
[2009-11-09 14:53:39 | 00,004,139 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Program.rar
[2009-11-01 23:45:19 | 00,000,854 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Star Wars The Force Unleashed.lnk
[2009-10-26 20:11:23 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Welcome\Moje dokumenty\Ankieta.doc
[2009-10-25 21:51:31 | 03,575,630 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\badzio.rar
[2009-10-18 13:09:54 | 39,493,0619 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Mam.Talent.S02E06.rmvb
[2009-08-29 18:35:29 | 00,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ra3.ini
[2009-07-12 21:49:53 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-14 21:41:12 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008-12-08 13:53:37 | 00,000,499 | ---- | C] () -- C:\WINDOWS\BDE.INI
[2008-12-08 13:53:37 | 00,000,177 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2008-12-08 13:53:37 | 00,000,085 | ---- | C] () -- C:\WINDOWS\TDW.INI
[2008-12-08 13:53:36 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\wsihk32.dll
[2008-12-08 13:53:36 | 00,188,448 | ---- | C] () -- C:\WINDOWS\System32\bocof.dll
[2008-12-08 13:53:36 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll
[2008-12-08 13:53:36 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll
[2008-12-08 13:53:36 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\wsiwin32.dll
[2008-12-08 13:53:36 | 00,000,586 | ---- | C] () -- C:\WINDOWS\owl.ini
[2008-11-29 21:18:27 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-11-20 14:44:17 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-11-02 11:07:56 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-10-26 07:55:03 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-10-25 21:51:56 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-10-14 20:57:06 | 00,175,616 | ---- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-13 06:28:12 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-10-13 06:28:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-12 20:36:36 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-12 20:36:36 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-12 20:36:36 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-12 20:36:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-12 20:33:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-12 20:25:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-12 19:49:37 | 02,108,082 | -H-- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-10-12 19:03:21 | 00,042,168 | ---- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-10-12 18:57:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Welcome\Dane aplikacji\desktop.ini
[2008-10-12 18:40:33 | 00,058,750 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008-10-12 18:40:32 | 00,014,972 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008-10-12 18:40:31 | 00,018,031 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-09-20 20:33:43 | 00,000,258 | ---- | C] () -- C:\WINDOWS\system.ini
[2008-09-20 20:32:50 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008-06-05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-01-14 12:37:00 | 00,459,776 | ---- | C] () -- C:\WINDOWS\System32\converter.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008-12-07 01:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2009-08-20 11:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment
[2008-10-12 21:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CCP
[2009-02-24 15:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina
[2008-10-26 07:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\DAEMON Tools
[2008-12-08 13:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Dev-Cpp
[2009-04-22 08:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\EVEMon
[2009-09-11 17:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\GetRightToGo
[2009-11-08 11:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Octoshape
[2009-08-29 16:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Red Alert 3
[2008-12-04 20:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\springsettings
[2009-11-16 20:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\uTorrent
[2008-09-20 20:35:31 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-16 21:23:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

RSIT.

http://wklej.org/id/207613/

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2009-11-16 20:29:20 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-11-16 20:29:20 | 00,000,055 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\Shell\AutoRun\command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\Shell\open\Command - "" = H:\rg9g9bgq.exe -- File not found

:Files
c:\9g86.exe
d:\9g86.exe
e:\9g86.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

[Devilek]

Kod: Zaznacz wszystko

OTL logfile created on: 2009-11-16 23:07:52 - Run 4
OTL by OldTimer - Version 3.1.3.1     Folder = C:\Documents and Settings\Welcome\Pulpit\CLEAN UP
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,74% Memory free
3,85 Gb Paging File | 3,54 Gb Available in Paging File | 92,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 9,62 Gb Free Space | 6,57% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 9,42 Gb Free Space | 4,82% Space Free | Partition Type: NTFS
Drive E: | 123,97 Gb Total Space | 0,98 Gb Free Space | 0,79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Welcome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-09 18:57:52 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-11-09 18:57:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-02 22:21:58 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Welcome\Pulpit\CLEAN UP\OTL.exe
PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-11-19 01:28:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-11-10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008-09-20 20:36:11 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008-09-20 20:35:23 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
PRC - [2008-09-20 20:32:22 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-09-20 20:32:22 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-09-20 20:31:55 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005-05-24 22:41:09 | 00,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-02 22:21:58 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Welcome\Pulpit\CLEAN UP\OTL.exe
MOD - [2008-09-20 20:37:45 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-09-20 20:36:10 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-09 18:57:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-08-30 20:17:30 | 03,407,412 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-11-19 01:28:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008-09-20 20:35:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008-09-20 20:35:09 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007-09-20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006-12-01 10:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) avast! Standard Shield Support [File_System | Auto | Running]
DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) avast! Self Protection [Kernel | System | Running]
DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) aswFsBlk [File_System | Auto | Running]
DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) avast! Network Shield Support [Kernel | System | Running]
DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) aswRdr [Kernel | On_Demand | Running]
DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running]
DRV - [2009-08-29 17:04:42 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped]
DRV - [2008-11-12 14:54:00 | 06,188,320 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) nv [Kernel | On_Demand | Running]
DRV - [2008-10-26 07:55:03 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) sptd [Kernel | Boot | Running]
DRV - [2008-09-20 20:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Sterownik magistrali Microsoft UAA dla High Definition Audio [Kernel | On_Demand | Running]
DRV - [2008-09-20 20:35:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) Sterownik bezpośredniego połączenia kablowego [Kernel | On_Demand | Running]
DRV - [2008-09-20 20:34:30 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) Secdrv [Kernel | On_Demand | Stopped]
DRV - [2008-05-29 11:33:10 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH) ENTECH [Kernel | On_Demand | Stopped]
DRV - [2008-04-29 09:00:00 | 00,288,896 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running]
DRV - [2008-04-17 15:33:26 | 04,707,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running]
DRV - [2007-10-23 17:48:16 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) ASUS Virtual Video Capture Device Driver [Kernel | On_Demand | Stopped]
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) PxHelp20 [Kernel | Boot | Running]
DRV - [2006-11-30 15:13:56 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM) [Kernel | On_Demand | Stopped]
DRV - [2006-06-14 13:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP) EIO_XP [Kernel | System | Running]


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\S-1-5-21-1659004503-1801674531-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..network.proxy.backup.ftp: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.triple.pl"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.triple.pl"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.triple.pl"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.triple.pl"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.triple.pl"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.triple.pl"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-11-01 23:50:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-09 18:57:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-12-20 10:01:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-09 18:57:59 | 00,000,000 | ---D | M]

[2009-09-26 17:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-04-16 07:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008-10-12 20:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions\{90BCCD47-C818-41be-910E-0582947E30AF}
[2009-11-16 09:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\extensions
[2008-10-26 07:58:03 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\searchplugins\daemon-search.xml
[2009-01-05 19:02:20 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\searchplugins\winamp-search.xml
[2008-11-15 08:38:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009-11-09 18:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008-10-12 19:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-20 10:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-16 09:42:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-12-20 10:01:09 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008-12-20 10:01:10 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008-12-20 10:01:10 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008-12-20 10:01:10 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008-12-20 10:01:10 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007-04-10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008-08-06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009-11-09 18:57:52 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008-12-20 10:01:10 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003-07-15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007-12-11 09:07:00 | 00,307,200 | ---- | M] (ESKA) -- C:\Program Files\Mozilla Firefox\plugins\npOggX.dll
[2007-12-21 02:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007-12-21 02:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008-11-15 08:38:24 | 00,000,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2008-11-15 08:38:24 | 00,001,419 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2008-11-15 08:38:24 | 00,002,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008-11-15 08:38:24 | 00,000,926 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2008-11-15 08:38:24 | 00,000,866 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2008-11-15 08:38:24 | 00,001,198 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2008-11-15 08:38:24 | 00,001,693 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-1801674531-682003330-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-12 18:44:55 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-16 23:05:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-11-16 22:45:02 | 00,000,000 | ---D | C] -- C:\rsit
[2009-11-16 22:37:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Welcome\Recent
[2009-11-16 22:34:32 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009-11-16 22:34:24 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009-11-16 20:36:22 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-11-16 20:36:22 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-11-16 20:36:21 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-11-16 20:36:20 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-11-16 20:36:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-11-16 20:36:20 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-11-16 20:36:19 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-11-16 20:36:19 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-11-16 20:35:55 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-11-16 20:35:55 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009-11-16 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009-11-15 11:28:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\rawrt
[2009-11-13 13:58:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\999
[2009-11-09 19:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\zuo
[2009-11-09 18:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009-11-09 18:57:06 | 00,000,000 | ---D | C] -- C:\JDK
[2009-11-09 18:23:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\1
[2009-11-09 15:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\Program
[2009-11-02 21:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Dane aplikacji\Malwarebytes
[2009-11-02 21:54:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-11-02 21:54:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-11-02 21:54:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-11-02 21:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-11-02 20:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\Blizzard Entertainment
[2009-11-01 23:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Moje dokumenty\Aspyr
[2009-11-01 23:51:18 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009-11-01 23:49:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-11-01 23:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-11-01 23:49:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-11-01 23:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-11-01 23:49:24 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-11-01 23:49:24 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-11-01 23:49:24 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-11-01 23:49:23 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-11-01 23:49:23 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-11-01 23:49:23 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-11-01 23:49:23 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-11-01 23:49:23 | 00,000,000 | -H-D | C] -- C:\87cce179826c2f5c6366a2dcaa9df1ad
[2009-11-01 22:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\Aspyr
[2009-10-26 07:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Dane aplikacji\InstallShield
[2009-10-25 21:51:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\badzio
[2009-10-19 15:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Welcome\Pulpit\Matematyka

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-16 23:07:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-16 23:06:58 | 00,199,135 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-11-16 23:06:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-16 23:06:51 | 21,458,98496 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-16 23:06:03 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Welcome\NTUSER.DAT
[2009-11-16 21:25:37 | 00,002,568 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-11-16 21:23:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-16 20:36:22 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-16 20:35:07 | 39,769,408 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\setuppol.exe
[2009-11-16 19:33:13 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk
[2009-11-16 16:45:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-15 22:41:27 | 00,175,616 | ---- | M] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-15 11:28:21 | 14,805,676 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\rawrt.zip
[2009-11-09 18:22:59 | 00,488,134 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\1.rar
[2009-11-09 14:53:49 | 00,017,708 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\zuo.rar
[2009-11-09 14:53:34 | 00,004,139 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Program.rar
[2009-11-09 08:27:47 | 00,042,168 | ---- | M] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-08 23:54:40 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Welcome\ntuser.ini
[2009-11-02 21:54:18 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-02 21:54:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-11-02 21:54:18 | 00,000,258 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-02 21:51:47 | 00,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-01 23:50:20 | 01,180,772 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-01 23:50:20 | 00,529,092 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-01 23:50:20 | 00,468,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-01 23:50:20 | 00,095,680 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-01 23:50:20 | 00,076,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-01 23:45:19 | 00,000,854 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Star Wars The Force Unleashed.lnk
[2009-10-27 21:16:31 | 00,049,386 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\1.JPG
[2009-10-26 20:13:16 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Welcome\Moje dokumenty\Ankieta.doc
[2009-10-25 21:51:35 | 03,575,630 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\badzio.rar
[2009-10-18 14:29:50 | 39,493,0619 | ---- | M] () -- C:\Documents and Settings\Welcome\Pulpit\Mam.Talent.S02E06.rmvb

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-16 20:36:22 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-16 20:35:55 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-11-16 20:13:19 | 39,769,408 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\setuppol.exe
[2009-11-15 11:27:58 | 14,805,676 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\rawrt.zip
[2009-11-09 18:23:02 | 00,488,134 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\1.rar
[2009-11-09 14:53:52 | 00,017,708 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\zuo.rar
[2009-11-09 14:53:39 | 00,004,139 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Program.rar
[2009-11-01 23:45:19 | 00,000,854 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Star Wars The Force Unleashed.lnk
[2009-10-26 20:11:23 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Welcome\Moje dokumenty\Ankieta.doc
[2009-10-25 21:51:31 | 03,575,630 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\badzio.rar
[2009-10-18 13:09:54 | 39,493,0619 | ---- | C] () -- C:\Documents and Settings\Welcome\Pulpit\Mam.Talent.S02E06.rmvb
[2009-08-29 18:35:29 | 00,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ra3.ini
[2009-07-12 21:49:53 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-14 21:41:12 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008-12-08 13:53:37 | 00,000,499 | ---- | C] () -- C:\WINDOWS\BDE.INI
[2008-12-08 13:53:37 | 00,000,177 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2008-12-08 13:53:37 | 00,000,085 | ---- | C] () -- C:\WINDOWS\TDW.INI
[2008-12-08 13:53:36 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\wsihk32.dll
[2008-12-08 13:53:36 | 00,188,448 | ---- | C] () -- C:\WINDOWS\System32\bocof.dll
[2008-12-08 13:53:36 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw32000c.dll
[2008-12-08 13:53:36 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\bw320007.dll
[2008-12-08 13:53:36 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\wsiwin32.dll
[2008-12-08 13:53:36 | 00,000,586 | ---- | C] () -- C:\WINDOWS\owl.ini
[2008-11-29 21:18:27 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-11-20 14:44:17 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-11-02 11:07:56 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-10-26 07:55:03 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-10-25 21:51:56 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-10-14 20:57:06 | 00,175,616 | ---- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-13 06:28:12 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-10-13 06:28:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-12 20:36:36 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-12 20:36:36 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-12 20:36:36 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-12 20:36:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-12 20:33:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-12 20:25:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-12 19:49:37 | 02,108,082 | -H-- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-10-12 19:03:21 | 00,042,168 | ---- | C] () -- C:\Documents and Settings\Welcome\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-10-12 18:57:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Welcome\Dane aplikacji\desktop.ini
[2008-10-12 18:40:33 | 00,058,750 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008-10-12 18:40:32 | 00,014,972 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008-10-12 18:40:31 | 00,018,031 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-09-20 20:33:43 | 00,000,258 | ---- | C] () -- C:\WINDOWS\system.ini
[2008-09-20 20:32:50 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008-06-05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-01-14 12:37:00 | 00,459,776 | ---- | C] () -- C:\WINDOWS\System32\converter.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008-12-07 01:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2009-08-20 11:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment
[2008-10-12 21:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CCP
[2009-02-24 15:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina
[2008-10-26 07:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\DAEMON Tools
[2008-12-08 13:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Dev-Cpp
[2009-04-22 08:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\EVEMon
[2009-09-11 17:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\GetRightToGo
[2009-11-08 11:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Octoshape
[2009-08-29 16:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\Red Alert 3
[2008-12-04 20:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\springsettings
[2009-11-16 20:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Welcome\Dane aplikacji\uTorrent
[2008-09-20 20:35:31 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-16 23:07:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
D:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\ not found.
File H:\rg9g9bgq.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9accf94-b27e-11dd-a21d-00508db0b0b2}\ not found.
File H:\rg9g9bgq.exe not found.
========== FILES ==========
c:\9g86.exe moved successfully.
d:\9g86.exe moved successfully.
e:\9g86.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Welcome
->Temp folder emptied: 1514 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14521293 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2507670 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,43 mb


OTL by OldTimer - Version 3.1.3.1 log created on 11162009_230528

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9a0.dat not found!

Registry entries deleted on Reboot...

[NieWiem]

Wszystko pokasowane.

• Pobierz program OTC
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Wciśnij przycisk Clean Up!
• Na pytanie "Begin cleanup Process?" wciśnij Yes.
• Jeśli padnie prośba o restart - zgódź się.

• Pobierz program TFC
• Zamknij wszystkie otwarte programy - inaczej TFC zrobi to za Ciebie
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Kliknij przycisk Start
• Czyszczenie lokalizacji tymczasowych może chwilę potrwać (ale znowu bez przesady), uzbrój się w cierpliwość.
• Jeśli padnie prośba o restart - zgódź się.

Czyszczenie punktów przywracania systemu jest konieczne, ponieważ w backupach Windowsa znajdują się także kopie szkodników.

• Wyłączenie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Zaznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.
• Zrestartować komputer!
• Włączanie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Odznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.

[Devilek]

Wykonane. Czyli jak rozumiem moge juz byc spokojny i nic nie mam na dysku, tak ?

Czy jeszcze jakies skany wykonywac ?

[NieWiem]

Według logów nie ma nic.

Oczywiście jeśli masz za dużo wolnego czasu, to poniżej masz małą 'litanię do wszystkich świętych'. Jak Ci się wybitnie nudzi - możesz ją odmówić.

• Dr Web CureIt
• Kaspersky Virus Removal Tool
• Malwarebytes Anti-Malware]
• Norton Security Scan
• AVZ AntiViral Toolkit
• Trend Micro SysClean Package
• Rising PC Doctor
• Multi Virus Cleaner