Win32:delf-ify [trj] + prosze o sprawdzenie loga

**Posty:** 544 · przez **BoMbelaZ^** 24 Cze 2009, 10:45

Witam
Mialem taki problem jak kolega kilka tematow nizej ze nie moglem wejsc normalnie na dysk klikajac 2xPPM tylko poprzez 'eksploruj'. Troche sie pospieszylem (nie wiem czy dobrze) i polecialem z combofixem. Dopiero teraz przeczytalem ze nie powinno sie go uzywac jako pierwszego. Coz mi nic nie uszkodzil w systemie, wrecz odwrotnie usunal bledy i juz moge normalnie wchodzic na dyski. Chcialem pokazac jakie avast wykryl mi wirusy, o to i one:
komunikat
komunikat2
komunikat3
juz sie nie pojawiaja po przeskanowaniu combofixem. Po restarcie avast znow cos wykryl a dokladnie to: komunikat4 . Tego pliku jak i poprzednich nie moglem usunac avastem. Dzis dopiero przeczytalem ze lepiej nie ruszac combofixa wiec teraz sie wstrzymam i prosze o pomoc i sprawdzenie loga bo chce wyeliminowac calkowicie brud z komputera. Powiedzcie mi tez czy stracilem jakies pliki juz na zawsze i czy format jest niezbedny.

Kod: Zaznacz wszystko: DDS (Ver_09-05-14.01) - NTFSx86 Run by Administrator at 10:43:27,56 on 2009-06-24 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1495 [GMT 2:00] ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\System32\svchost.exe -k netsvcs D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\SOUNDMAN.EXE C:\Java\jre6\bin\jusched.exe D:\WINDOWS\system32\oodtray.exe D:\Program Files\Drive Space Indicator\DrvSpace.exe D:\Program Files\winamp\winampa.exe C:\Java\jre6\bin\jqs.exe D:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\oodag.exe D:\Program Files\Microsoft IntelliPoint\ipoint.exe D:\WINDOWS\system32\RunDLL32.exe D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe D:\WINDOWS\system32\svchost.exe -k imgsvc D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe D:\Program Files\Microsoft IntelliPoint\dpupdchk.exe D:\WINDOWS\system32\ctfmon.exe svchost.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\explorer.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FG2CatchUrl: {1f364306-aa45-47b5-9f9d-39a8b94e7ef1} - c:\flashget universal\comdlls\bhoCATCH.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: IEPluginBHO Class: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - d:\documents and settings\administrator.bombelek\dane aplikacji\nowe gadu-gadu\_userdata\ggbho.1.dll uRun: [VisualTaskTips] d:\program files\utilities\visualtasktips\VisualTaskTips.exe uRun: [Google Update] "d:\documents and settings\administrator.bombelek\ustawienia lokalne\dane aplikacji\google\update\GoogleUpdate.exe" /c uRun: [Nowe Gadu-Gadu] "c:\nowe gadu-gadu\gg.exe" uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe uRun: [Windows Network Data Management System Service] "d:\documents and settings\administrator.bombelek\wsk32.exe" * mRun: [SoundMan] SOUNDMAN.EXE mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [SunJavaUpdateSched] "c:\java\jre6\bin\jusched.exe" mRun: [OODefragTray] d:\windows\system32\oodtray.exe mRun: [DriveSpace] d:\program files\drive space indicator\DrvSpace.exe mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [WinampAgent] "d:\program files\winamp\winampa.exe" mRun: [avast!] "d:\program files\alwil software\avast4\ashDisp.exe" mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\ipoint.exe" mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\quicktime\QTTask.exe" -atboottime mRun: [Windows Network Data Management System Service] "d:\documents and settings\administrator.bombelek\wsk32.exe" * mRunOnce: [Del e:\dexter.s03.hdtv.xvid.happy.new.year-ht\dexter.s03e05.hdtv.xvid-0tv\dexter.305.hdtv-0tv.avi onnextreboot] cmd.exe /c del /f /q "e:\dexter.s03.hdtv.xvid.happy.new.year-ht\dexter.s03e05.hdtv.xvid-0tv\dexter.305.hdtv-0tv.avi" dRun: [VisualTaskTips] d:\program files\utilities\visualtasktips\VisualTaskTips.exe dRun: [EPSON Stylus Photo RX520 Series] d:\windows\system32\spool\drivers\w32x86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /M "Stylus Photo RX520" /EF "HKCU" dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMHelp = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) IE: &Download All by FlashGet - c:\flashget universal\comdlls\Bhoall.htm IE: &Download by FlashGet - c:\flashget universal\comdlls\Bholink.htm IE: E&ksport do programu Microsoft Excel - c:\microsoft office\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\microsoft office\office11\REFIEBAR.DLL Trusted Zone: google.com\mail DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\admini~1.bom\daneap~1\mozilla\firefox\profiles\7r1bljh0.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\quicktime\plugins\npqtplugin.dll FF - plugin: c:\quicktime\plugins\npqtplugin2.dll FF - plugin: c:\quicktime\plugins\npqtplugin3.dll FF - plugin: c:\quicktime\plugins\npqtplugin4.dll FF - plugin: c:\quicktime\plugins\npqtplugin5.dll FF - plugin: c:\quicktime\plugins\npqtplugin6.dll FF - plugin: c:\quicktime\plugins\npqtplugin7.dll FF - plugin: c:\real alternative\browser\plugins\nppl3260.dll FF - plugin: c:\real alternative\browser\plugins\nprpjplug.dll FF - plugin: d:\documents and settings\administrator.bombelek\dane aplikacji\mozilla\firefox\profiles\7r1bljh0.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: d:\documents and settings\administrator.bombelek\dane aplikacji\nowe gadu-gadu\_userdata\npgg.1.dll FF - plugin: d:\documents and settings\administrator.bombelek\ustawienia lokalne\dane aplikacji\google\update\1.2.145.5\npGoogleOneClick8.dll ============= SERVICES / DRIVERS =============== R0 nvcchflt;NVIDIA Disk Cache Filter Driver;d:\windows\system32\drivers\nvcchflt.sys [2009-4-13 16640] R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-4-15 114768] R1 vcdrom;Virtual CD-ROM Device Driver;d:\program files\system\cpl bonus\vcdrom.sys [2009-4-13 8576] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-4-15 20560] R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2009-4-15 138680] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;d:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808] R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-15 254040] R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2009-4-15 352920] S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [2009-4-22 13224] =============== Created Last 30 ================ 2009-06-24 10:18 <DIR> --d----- d:\windows\system32\dllcache\cache 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\xircom 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\wbem\snmp 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\oobe 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\npp 2009-06-24 10:15 <DIR> --d----- d:\windows\srchasst 2009-06-24 10:15 <DIR> --d----- d:\program files\windows nt 2009-06-24 10:15 <DIR> --d----- d:\program files\common files\speechengines 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\inetsrv 2009-06-24 10:15 <DIR> --d----- d:\windows\system32\ime 2009-06-24 10:15 <DIR> --d----- d:\windows\msagent 2009-06-24 10:15 <DIR> --d----- d:\program files\msn gaming zone 2009-06-24 10:09 161,792 a------- d:\windows\SWREG.exe 2009-06-24 10:09 155,136 a------- d:\windows\PEV.exe 2009-06-24 10:09 98,816 a------- d:\windows\sed.exe 2009-06-13 17:30 765,952 a------- d:\windows\system32\xvidcore.dll 2009-06-13 17:30 180,224 a------- d:\windows\system32\xvidvfw.dll 2009-06-13 17:30 77,824 a------- d:\windows\system32\xvid.ax 2009-06-13 17:30 <DIR> --d----- d:\program files\Xvid 2009-06-10 11:30 585,216 -------- d:\windows\system32\dllcache\rpcrt4.dll 2009-06-06 12:57 30,720 -------- d:\documents and settings\administrator.bombelek\wsk32.exe 2009-06-05 00:53 447,752 a----r-- d:\windows\system32\vp6vfw.dll 2009-06-05 00:53 <DIR> --d----- d:\program files\Microsoft WSE 2009-06-04 00:58 <DIR> --d----- d:\program files\Damian Pasternak 2009-06-02 23:20 87,552 a----r-- d:\windows\system\url.dll 2009-06-02 23:20 9,728 a----r-- d:\windows\system\rnaph.dll 2009-06-02 23:20 <DIR> --d----- d:\windows\wb 2009-06-02 23:15 0 a------- d:\windows\DXT373.tmp 2009-06-02 23:15 <DIR> --d----- d:\program files\directx 2009-05-29 22:21 9,728 a------- d:\windows\system32\UnInstall Exploding Bikini.exe 2009-05-29 12:30 <DIR> --d----- d:\docume~1\alluse~1\daneap~1\Codemasters 2009-05-29 12:25 <DIR> --d----- d:\program files\OpenAL 2009-05-29 12:25 805,400 a----r-- d:\windows\system32\tmpFF.tmp 2009-05-29 12:25 805,400 a----r-- d:\windows\system32\tmp100.tmp 2009-05-28 20:59 <DIR> --d----- d:\program files\SystemRequirementsLab 2009-05-28 20:58 <DIR> --d----- d:\documents and settings\administrator.bombelek\SystemRequirementsLab 2009-05-26 17:18 90,112 a------- d:\windows\system32\QuickTimeVR.qtx 2009-05-26 17:18 57,344 a------- d:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-05-29 12:25 444,952 a------- d:\windows\system32\wrap_oal.dll 2009-05-29 12:25 109,080 a------- d:\windows\system32\OpenAL32.dll 2009-05-15 19:00 60,416 a------- d:\windows\ALCFDRTM.EXE 2009-05-07 17:34 347,648 a------- d:\windows\system32\localspl.dll 2009-05-07 17:34 347,648 -------- d:\windows\system32\dllcache\localspl.dll 2009-04-28 11:59 70,656 -------- d:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 11:59 13,824 -------- d:\windows\system32\dllcache\ieudinit.exe 2009-04-25 07:27 636,088 -------- d:\windows\system32\dllcache\iexplore.exe 2009-04-25 07:26 161,792 -------- d:\windows\system32\dllcache\ieakui.dll 2009-04-22 21:52 1,107,296 a------- d:\windows\system32\WdfCoInstaller01007.dll 2009-04-19 21:51 1,847,424 a------- d:\windows\system32\win32k.sys 2009-04-19 21:51 1,847,424 -------- d:\windows\system32\dllcache\win32k.sys 2009-04-15 16:54 585,216 a------- d:\windows\system32\rpcrt4.dll 2009-04-13 18:22 410,984 a------- d:\windows\system32\deploytk.dll 2009-04-13 16:12 438,688 a------- d:\windows\system32\perfh015.dat 2009-04-13 16:12 71,846 a------- d:\windows\system32\perfc015.dat 2009-04-13 16:01 21,856 a------- d:\windows\system32\emptyregdb.dat 2009-03-27 10:03 1,560,576 a------- d:\windows\system32\nvcuda.dll 2009-03-27 10:03 453,152 a------- d:\windows\system32\nvudisp.exe 2009-03-27 10:03 401,408 a------- d:\windows\system32\nvcuvid.dll 2009-03-27 08:14 453,152 a------- d:\windows\system32\nvuninst.exe 2007-08-08 00:49 100,247 a------- d:\documents and settings\administrator.bombelek\xmlUpdater.exe ============= FINISH: 10:43:49,35 ===============

p.s. posiadam takze loga z: combofix'a, hijakcthis. Jezeli jest potrzebny to wkleje, prosze pisac.
Z gory dziekuje. pozdrawiam

**Posty:** 18165 · przez **wojtas** 24 Cze 2009, 11:44

Pobierz OTL i daj z niego loga

Autor postu otrzymał pochwałę

**Posty:** 544 · przez **BoMbelaZ^** 24 Cze 2009, 12:10

prosze o to log z OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-24 12:10:53 - Run 1 OTL by OldTimer - Version 3.0.5.2 Folder = D:\Documents and Settings\Administrator.BOMBELEK\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 70,90% Memory free 3,85 Gb Paging File | 3,35 Gb Available in Paging File | 87,03% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 74,53 Gb Total Space | 14,00 Gb Free Space | 18,79% Space Free | Partition Type: NTFS Drive D: | 49,30 Gb Total Space | 31,90 Gb Free Space | 64,71% Space Free | Partition Type: NTFS Drive E: | 183,57 Gb Total Space | 42,19 Gb Free Space | 22,98% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOMBELEK Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2007-04-16 22:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE PRC - [2009-04-13 18:22:40 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jusched.exe PRC - [2007-05-11 02:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodtray.exe PRC - [2008-07-20 07:24:30 | 00,395,716 | ---- | M] () -- D:\Program Files\Drive Space Indicator\DrvSpace.exe PRC - [2008-07-10 03:03:34 | 00,036,352 | ---- | M] () -- D:\Program Files\winamp\winampa.exe PRC - [2009-04-13 18:22:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jqs.exe PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2008-12-11 07:08:52 | 03,575,808 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe PRC - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe PRC - [2007-05-11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodag.exe PRC - [2009-01-07 17:57:30 | 01,468,296 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\ipoint.exe PRC - [2007-09-05 11:20:12 | 00,036,352 | ---- | M] (VisualTaskTips.com) -- D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe PRC - [2009-04-13 16:16:55 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2009-01-07 17:57:28 | 00,440,208 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\dpupdchk.exe PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008-07-22 15:25:05 | 01,528,832 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe PRC - [2009-06-13 16:53:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Nowe Gadu-Gadu\gg.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- C:\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-02-24 12:10:00 | 03,761,616 | ---- | M] (Goodsol Development Inc.) -- C:\goodsol\goodsol.exe PRC - [2009-06-24 12:10:39 | 00,512,512 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - File not found -- -- (CiSvc [On_Demand | Stopped]) SRV - [2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-04-13 19:29:46 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2009-04-13 18:22:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-12-11 07:08:52 | 03,575,808 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service [Auto | Running]) SRV - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-05-11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-07-22 13:38:03 | 00,918,016 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2008-01-24 23:36:16 | 04,127,488 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2006-06-19 05:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- D:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2008-07-22 13:39:14 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2009-04-22 21:52:28 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped]) DRV - [2009-04-22 21:52:28 | 00,024,616 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped]) DRV - [2008-05-24 21:09:10 | 00,073,728 | ---- | M] (EZB Systems, Inc.) -- c:\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running]) DRV - [2005-02-11 10:19:20 | 00,055,216 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped]) DRV - [2005-02-11 10:21:02 | 00,006,576 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped]) DRV - [2005-02-11 10:21:10 | 00,089,872 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm [On_Demand | Stopped]) DRV - [2005-02-11 10:22:48 | 00,081,728 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped]) DRV - [2005-02-11 10:24:24 | 00,079,488 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped]) DRV - [2006-02-26 17:02:49 | 00,005,810 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2006-06-01 11:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-02-26 17:21:18 | 00,089,856 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running]) DRV - [2006-02-26 17:21:18 | 00,016,640 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt [Boot | Running]) DRV - [2006-08-07 16:39:22 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-02-26 17:22:48 | 00,010,240 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\drivers\nvmpu401.sys -- (nvmpu401 [On_Demand | Running]) DRV - [2006-08-07 16:39:24 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2009-01-07 17:57:58 | 00,027,784 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running]) DRV - [2001-08-23 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-04-13 17:08:04 | 00,717,296 | ---- | M] () -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2001-12-19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\System\CPL Bonus\Vcdrom.sys -- (vcdrom [System | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.15.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Java\jre6\lib\deploy\jqs\ff [2009-04-13 18:22:40 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009-06-13 16:53:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009-06-13 16:53:04 | 00,000,000 | ---D | M] [2009-04-13 16:16:17 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Extensions [2009-04-13 16:16:17 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-23 15:21:33 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Firefox\Profiles\7r1bljh0.default\extensions [2009-05-09 10:18:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Firefox\Profiles\7r1bljh0.default\extensions\battlefieldheroespatcher@ea.com [2009-04-13 17:12:04 | 00,000,523 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Mozilla\FireFox\Profiles\7r1bljh0.default\searchplugins\daemon-search.xml [2009-06-23 15:21:33 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions [2009-06-13 16:53:04 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-13 16:05:36 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-04-13 18:22:45 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-13 16:53:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-13 16:53:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009-04-13 18:22:40 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-06-13 16:53:02 | 00,065,528 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-03-22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-06-01 23:14:01 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-05-07 19:59:21 | 00,000,896 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-05-07 19:59:21 | 00,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-05-07 19:59:21 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml [2009-05-07 19:59:21 | 00,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-05-07 19:59:21 | 00,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-05-07 19:59:21 | 00,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-05-07 19:59:21 | 00,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - c:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DriveSpace] D:\Program Files\Drive Space Indicator\DrvSpace.exe () O4 - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OODefragTray] D:\WINDOWS\System32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QuickTime Task] C:\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\winamp\winampa.exe () O4 - HKLM..\Run: [Windows Network Data Management System Service] D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe () O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Nowe Gadu-Gadu] c:\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKCU..\Run: [Windows Network Data Management System Service] D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe () O4 - HKLM..\RunOnce: [Del E:\Dexter.S03.HDTV.XviD.HAPPY.NEW.YEAR-HT\Dexter.S03E05.HDTV.XviD-0TV\dexter.305.hdtv-0tv.avi OnNextReboot] D:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All by FlashGet - C:\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - C:\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-10 21:38:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (OODBS) - D:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [3 D:\WINDOWS\System32\*.tmp files] [2 D:\WINDOWS\*.tmp files] [2009-06-24 12:10:41 | 00,512,512 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [2009-06-24 10:51:39 | 00,000,000 | -HSD | C] -- D:\RECYCLER [2009-06-24 10:22:39 | 01,529,241 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\SDFix.exe [2009-06-24 10:19:53 | 00,048,584 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast4.JPG [2009-06-24 10:18:02 | 01,571,840 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-06-24 10:18:02 | 00,172,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009-06-24 10:18:02 | 00,110,080 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-06-24 10:18:02 | 00,024,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-06-24 10:18:02 | 00,017,408 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-06-24 10:18:01 | 02,190,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-06-24 10:18:01 | 02,067,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-06-24 10:18:01 | 01,018,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-06-24 10:18:01 | 00,828,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-06-24 10:18:01 | 00,510,464 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-06-24 10:18:01 | 00,296,448 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-06-24 10:18:01 | 00,182,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-06-24 10:18:01 | 00,111,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\services.exe [2009-06-24 10:18:01 | 00,082,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-06-24 10:18:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-06-24 10:18:01 | 00,051,224 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-06-24 10:18:01 | 00,036,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-06-24 10:18:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-06-24 10:18:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-06-24 10:18:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-06-24 10:18:01 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\dllcache\cache [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\xircom [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\oobe [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\npp [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\srchasst [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\xerox [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\windows nt [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\movie maker [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\speechengines [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\inetsrv [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ime [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\msagent [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\netmeeting [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\msn gaming zone [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\microsoft frontpage [2009-06-24 10:09:57 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2009-06-24 10:09:57 | 00,155,136 | ---- | C] () -- D:\WINDOWS\PEV.exe [2009-06-24 10:09:57 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2009-06-24 10:09:57 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2009-06-24 10:09:57 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2009-06-24 10:09:57 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2009-06-24 10:09:56 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2009-06-24 10:09:56 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2009-06-24 10:09:52 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT [2009-06-24 10:09:48 | 00,000,000 | ---D | C] -- D:\Qoobox [2009-06-24 10:08:45 | 03,247,736 | ---- | C] (Piriform Ltd) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ccsetup220.exe [2009-06-24 10:08:03 | 00,037,327 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\PRT.zip [2009-06-24 10:07:13 | 00,045,818 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast3.JPG [2009-06-24 10:06:40 | 00,048,323 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast2.JPG [2009-06-24 10:05:57 | 00,045,859 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast1.JPG [2009-06-24 10:05:11 | 03,039,120 | R--- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ComboFix.exe [2009-06-23 16:16:55 | 00,000,409 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Dr Kawashima.lnk [2009-06-23 16:13:34 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\z dzis [2009-06-23 15:01:49 | 05,389,196 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\atb - what about us .mp31245761998_[mp3.teledyski.info].mp3 [2009-06-22 22:56:03 | 00,012,680 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\gallery-77114601-500x500.jpg [2009-06-22 22:52:20 | 00,018,215 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\WALENIE W KAKAO.JPG [2009-06-22 14:51:10 | 04,942,336 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nasza_klasa_rodzynki_cz.3.pps [2009-06-19 10:58:55 | 03,733,504 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Technika2.pps [2009-06-19 10:58:47 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nowy folder (2) [2009-06-18 18:23:55 | 00,139,997 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\HT.JPG [2009-06-18 15:46:13 | 00,134,745 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-2.jpg [2009-06-18 15:40:28 | 00,175,616 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Martyna Gromek - CV.doc [2009-06-18 15:01:57 | 00,199,168 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Tomasz_Babalicki_CV.doc [2009-06-18 10:24:41 | 00,195,072 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\CV TOMASZ_poprawione.doc [2009-06-14 12:52:43 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\wesele joli [2009-06-13 17:30:12 | 00,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009-06-13 17:30:12 | 00,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2009-06-13 17:30:12 | 00,077,824 | ---- | C] () -- D:\WINDOWS\System32\xvid.ax [2009-06-13 17:30:12 | 00,000,000 | ---D | C] -- D:\Program Files\Xvid [2009-06-11 18:38:31 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\nutki [2009-06-10 13:14:38 | 16,939,720 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Scared of Me (Hardwell Remix) www.electro-sound.pl.mp3 [2009-06-10 11:30:00 | 00,585,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rpcrt4.dll [2009-06-06 11:49:55 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\nasze [2009-06-06 01:22:05 | 00,153,848 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motyl.jpg [2009-06-06 01:14:11 | 03,282,515 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\0000.wmv [2009-06-06 00:54:31 | 00,138,058 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motylki.JPG [2009-06-05 00:54:47 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Moje dokumenty\Electronic Arts [2009-06-05 00:53:58 | 00,447,752 | R--- | C] (On2.com) -- D:\WINDOWS\System32\vp6vfw.dll [2009-06-05 00:53:57 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft WSE [2009-06-05 00:53:34 | 00,000,631 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk [2009-06-04 10:14:18 | 00,094,359 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\czarno-biale.jpg [2009-06-04 10:12:49 | 00,140,068 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-1.jpg [2009-06-04 09:43:16 | 00,213,306 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\img006.jpg [2009-06-04 09:10:30 | 00,198,656 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\si wi.doc [2009-06-04 00:58:04 | 00,000,000 | ---D | C] -- D:\Program Files\Damian Pasternak [2009-06-03 20:19:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nowy folder [2009-06-03 11:22:56 | 02,792,792 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Królewskie.jpg [2009-06-02 23:30:02 | 00,000,665 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\UnrealTournament.lnk [2009-06-02 23:20:45 | 00,087,552 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System\url.dll [2009-06-02 23:20:45 | 00,009,728 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System\rnaph.dll [2009-06-02 23:20:45 | 00,000,000 | ---D | C] -- D:\WINDOWS\wb [2009-06-02 23:15:43 | 00,000,000 | ---D | C] -- D:\Program Files\directx [2009-06-01 23:13:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2009-06-01 16:15:27 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Apple Computer [2009-06-01 16:12:32 | 00,000,284 | ---- | C] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-01 16:12:32 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Apple [2009-06-01 16:12:30 | 00,000,000 | ---D | C] -- D:\Program Files\Apple Software Update [2009-06-01 16:12:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple [2009-06-01 16:12:06 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Apple Computer [2009-05-31 20:58:23 | 00,311,028 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\maledivy.jpg [2009-05-31 19:03:18 | 00,000,000 | R--D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\101CANON [2009-05-31 17:41:33 | 57,726,976 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\DJSlider_28thMay09.mp3 [2009-05-29 23:31:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\7 - ATB - Trilogy (2CD)(2007)(VBR) [2009-05-29 23:30:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\No Silence - 2004 [2009-05-29 22:21:22 | 00,009,728 | ---- | C] () -- D:\WINDOWS\System32\UnInstall Exploding Bikini.exe [2009-05-29 12:54:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Firma-Nielegalne-Rytmy-2005-PL-www.darkwarez.pl-damiaNo72 [2009-05-29 12:54:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\diss na rzad [2009-05-29 12:51:09 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Firma-Przeciwko_Kurestwu_I_Upadkowi_Zasad_by_Dawid1944 [2009-05-29 12:30:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2009-05-29 12:30:27 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Moje dokumenty\Codemasters [2009-05-29 12:25:17 | 00,000,454 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\GRID.lnk [2009-05-29 12:25:13 | 00,000,000 | ---D | C] -- D:\Program Files\OpenAL [2009-05-28 20:59:00 | 00,000,000 | ---D | C] -- D:\Program Files\SystemRequirementsLab [2009-05-27 12:06:24 | 00,000,480 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xSpeednet.lnk [2009-05-27 12:06:15 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xspeed.pro.v2.0.www.peb.pl.by.seched [2009-04-16 07:14:47 | 00,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009-04-13 19:39:38 | 00,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2009-04-13 17:58:09 | 01,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2009-04-13 17:58:09 | 01,466,368 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2009-04-13 17:58:09 | 01,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2009-04-13 17:58:09 | 00,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2009-04-13 17:54:48 | 00,147,456 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll [2009-04-13 17:51:34 | 00,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2009-04-13 17:51:22 | 00,196,608 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll [2009-04-13 17:50:42 | 00,005,810 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys [2009-04-13 17:08:04 | 00,717,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2009-04-13 16:00:21 | 00,394,752 | ---- | C] () -- D:\WINDOWS\System32\cygwinb19.dll [2009-04-13 16:00:21 | 00,059,904 | ---- | C] () -- D:\WINDOWS\System32\zlib1.dll [2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL [2006-06-01 11:22:00 | 00,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll [2006-05-10 14:23:22 | 00,006,968 | ---- | C] () -- D:\WINDOWS\cadx2.ini [2001-08-23 14:00:00 | 00,000,507 | ---- | C] () -- D:\WINDOWS\win.ini [2001-08-23 14:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [3 D:\WINDOWS\System32\*.tmp files] [2 D:\WINDOWS\*.tmp files] [2009-06-24 12:10:39 | 00,512,512 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [2009-06-24 11:50:53 | 00,001,130 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-113007714-1417001333-500.job [2009-06-24 10:22:48 | 01,529,241 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\SDFix.exe [2009-06-24 10:19:53 | 00,048,584 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast4.JPG [2009-06-24 10:17:37 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2009-06-24 10:16:19 | 00,070,471 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2009-06-24 10:16:01 | 00,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2009-06-24 10:15:53 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2009-06-24 10:15:49 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2009-06-24 10:15:41 | 00,090,653 | ---- | M] () -- D:\WINDOWS\System32\oodbs.lor [2009-06-24 10:08:49 | 03,247,736 | ---- | M] (Piriform Ltd) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ccsetup220.exe [2009-06-24 10:08:02 | 00,037,327 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\PRT.zip [2009-06-24 10:07:13 | 00,045,818 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast3.JPG [2009-06-24 10:06:40 | 00,048,323 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast2.JPG [2009-06-24 10:05:57 | 00,045,859 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast1.JPG [2009-06-24 10:05:16 | 03,039,120 | R--- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ComboFix.exe [2009-06-23 16:16:55 | 00,000,409 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Dr Kawashima.lnk [2009-06-23 16:14:08 | 00,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2009-06-23 15:06:17 | 05,389,196 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\atb - what about us .mp31245761998_[mp3.teledyski.info].mp3 [2009-06-23 10:57:22 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2009-06-22 23:02:58 | 09,660,604 | -H-- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-06-22 22:56:03 | 00,012,680 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\gallery-77114601-500x500.jpg [2009-06-22 22:52:21 | 00,018,215 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\WALENIE W KAKAO.JPG [2009-06-22 22:42:01 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-22 14:51:10 | 04,942,336 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nasza_klasa_rodzynki_cz.3.pps [2009-06-21 18:30:20 | 00,002,013 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Steam.lnk [2009-06-19 10:58:55 | 03,733,504 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Technika2.pps [2009-06-18 18:41:42 | 00,199,168 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Tomasz_Babalicki_CV.doc [2009-06-18 18:23:55 | 00,139,997 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\HT.JPG [2009-06-18 16:14:58 | 00,175,616 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Martyna Gromek - CV.doc [2009-06-18 15:46:15 | 00,134,745 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-2.jpg [2009-06-18 14:25:58 | 00,198,656 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\si wi.doc [2009-06-18 10:23:25 | 00,195,072 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\CV TOMASZ_poprawione.doc [2009-06-11 13:02:12 | 01,995,664 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2009-06-10 13:14:54 | 16,939,720 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Scared of Me (Hardwell Remix) www.electro-sound.pl.mp3 [2009-06-08 08:10:10 | 00,155,136 | ---- | M] () -- D:\WINDOWS\PEV.exe [2009-06-06 01:22:06 | 00,153,848 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motyl.jpg [2009-06-06 01:14:10 | 03,282,515 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\0000.wmv [2009-06-06 00:54:31 | 00,138,058 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motylki.JPG [2009-06-05 00:53:34 | 00,000,631 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk [2009-06-04 10:14:19 | 00,094,359 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\czarno-biale.jpg [2009-06-04 10:12:50 | 00,140,068 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-1.jpg [2009-06-04 09:43:16 | 00,213,306 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\img006.jpg [2009-06-03 11:22:56 | 02,792,792 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Królewskie.jpg [2009-06-02 23:33:11 | 00,000,665 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\UnrealTournament.lnk [2009-06-01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\mrt.exe [2009-05-31 20:58:23 | 00,311,028 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\maledivy.jpg [2009-05-31 17:45:12 | 57,726,976 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\DJSlider_28thMay09.mp3 [2009-05-29 22:21:22 | 00,009,728 | ---- | M] () -- D:\WINDOWS\System32\UnInstall Exploding Bikini.exe [2009-05-29 12:25:17 | 00,000,454 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\GRID.lnk [2009-05-29 12:25:13 | 00,444,952 | ---- | M] (Creative Labs) -- D:\WINDOWS\System32\wrap_oal.dll [2009-05-29 12:25:12 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\WINDOWS\System32\OpenAL32.dll [2009-05-27 12:06:24 | 00,000,480 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xSpeednet.lnk [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 162 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 < End of report >

**Posty:** 18165 · przez **wojtas** 24 Cze 2009, 12:22

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Windows Network Data Management System Service] D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe ()

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

**Posty:** 544 · przez **BoMbelaZ^** 24 Cze 2009, 12:31

o to raport z czyszczenia:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Process explorer.exe killed successfully! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Network Data Management System Service deleted successfully. D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1576 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Administrator.BOMBELEK File delete failed. D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Temp\~DFEDAA.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 933936 bytes ->Temporary Internet Files folder emptied: 2443962 bytes ->Java cache emptied: 8850367 bytes ->FireFox cache emptied: 47678952 bytes ->Google Chrome cache emptied: 184736670 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes D:\WINDOWS\NV2624848.TMP folder deleted successfully. %systemroot% .tmp files removed: 13410023 bytes %systemroot%\System32 .tmp files removed: 1613396 bytes File delete failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 247,67 mb Error: Unable to interpret <[start explorer]> in the current context! OTL by OldTimer - Version 3.0.5.2 log created on 06242009_122651 Files\Folders moved on Reboot... D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Temp\~DFEDAA.tmp moved successfully. File\Folder D:\WINDOWS\temp\_avast4_\Webshlock.txt not found! Registry entries deleted on Reboot...

a tu na nowo log:

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-24 12:31:05 - Run 2 OTL by OldTimer - Version 3.0.5.2 Folder = D:\Documents and Settings\Administrator.BOMBELEK\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,33% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,77% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 74,53 Gb Total Space | 14,00 Gb Free Space | 18,79% Space Free | Partition Type: NTFS Drive D: | 49,30 Gb Total Space | 32,13 Gb Free Space | 65,17% Space Free | Partition Type: NTFS Drive E: | 183,57 Gb Total Space | 42,19 Gb Free Space | 22,98% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOMBELEK Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-07-22 15:25:05 | 01,528,832 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE PRC - [2008-07-22 15:29:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\notepad.exe PRC - [2007-04-16 22:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-04-13 18:22:40 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jusched.exe PRC - [2007-05-11 02:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodtray.exe PRC - [2008-07-20 07:24:30 | 00,395,716 | ---- | M] () -- D:\Program Files\Drive Space Indicator\DrvSpace.exe PRC - [2008-07-10 03:03:34 | 00,036,352 | ---- | M] () -- D:\Program Files\winamp\winampa.exe PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-01-07 17:57:30 | 01,468,296 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\ipoint.exe PRC - [2007-09-05 11:20:12 | 00,036,352 | ---- | M] (VisualTaskTips.com) -- D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe PRC - [2009-04-13 16:16:55 | 00,133,104 | ---- | M] (Google Inc.) -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Nowe Gadu-Gadu\gg.exe PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-04-13 18:22:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jqs.exe PRC - [2009-01-07 17:57:28 | 00,440,208 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft IntelliPoint\dpupdchk.exe PRC - [2008-12-11 07:08:52 | 03,575,808 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe PRC - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe PRC - [2007-05-11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodag.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- C:\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-06-13 16:53:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2009-06-24 12:10:39 | 00,512,512 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - File not found -- -- (CiSvc [On_Demand | Stopped]) SRV - [2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-04-13 19:29:46 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2009-04-13 18:22:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-12-11 07:08:52 | 03,575,808 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service [Auto | Running]) SRV - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-05-11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- D:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-07-22 13:38:03 | 00,918,016 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2008-01-24 23:36:16 | 04,127,488 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2006-06-19 05:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- D:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2008-07-22 13:39:14 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2009-04-22 21:52:28 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped]) DRV - [2009-04-22 21:52:28 | 00,024,616 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped]) DRV - [2008-05-24 21:09:10 | 00,073,728 | ---- | M] (EZB Systems, Inc.) -- c:\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running]) DRV - [2005-02-11 10:19:20 | 00,055,216 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped]) DRV - [2005-02-11 10:21:02 | 00,006,576 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped]) DRV - [2005-02-11 10:21:10 | 00,089,872 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm [On_Demand | Stopped]) DRV - [2005-02-11 10:22:48 | 00,081,728 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped]) DRV - [2005-02-11 10:24:24 | 00,079,488 | ---- | M] (MCCI) -- D:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped]) DRV - [2006-02-26 17:02:49 | 00,005,810 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2006-06-01 11:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-02-26 17:21:18 | 00,089,856 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running]) DRV - [2006-02-26 17:21:18 | 00,016,640 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt [Boot | Running]) DRV - [2006-08-07 16:39:22 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-02-26 17:22:48 | 00,010,240 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\drivers\nvmpu401.sys -- (nvmpu401 [On_Demand | Running]) DRV - [2006-08-07 16:39:24 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2009-01-07 17:57:58 | 00,027,784 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running]) DRV - [2001-08-23 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 05:21:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-04-13 17:08:04 | 00,717,296 | ---- | M] () -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2001-12-19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\System\CPL Bonus\Vcdrom.sys -- (vcdrom [System | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.15.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Java\jre6\lib\deploy\jqs\ff [2009-04-13 18:22:40 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009-06-13 16:53:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009-06-13 16:53:04 | 00,000,000 | ---D | M] [2009-04-13 16:16:17 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Extensions [2009-04-13 16:16:17 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-23 15:21:33 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Firefox\Profiles\7r1bljh0.default\extensions [2009-05-09 10:18:42 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\mozilla\Firefox\Profiles\7r1bljh0.default\extensions\battlefieldheroespatcher@ea.com [2009-04-13 17:12:04 | 00,000,523 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Mozilla\FireFox\Profiles\7r1bljh0.default\searchplugins\daemon-search.xml [2009-06-23 15:21:33 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions [2009-06-13 16:53:04 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-13 16:05:36 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-04-13 18:22:45 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-06-13 16:53:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-13 16:53:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009-04-13 18:22:40 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-06-13 16:53:02 | 00,065,528 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-03-22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- D:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-06-01 23:14:00 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-06-01 23:14:01 | 00,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-05-07 19:59:21 | 00,000,896 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-05-07 19:59:21 | 00,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-05-07 19:59:21 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml [2009-05-07 19:59:21 | 00,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-05-07 19:59:21 | 00,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-05-07 19:59:21 | 00,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-05-07 19:59:21 | 00,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - c:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DriveSpace] D:\Program Files\Drive Space Indicator\DrvSpace.exe () O4 - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OODefragTray] D:\WINDOWS\System32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QuickTime Task] C:\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\winamp\winampa.exe () O4 - HKLM..\Run: [Windows Network Data Management System Service] D:\Documents and Settings\Administrator.BOMBELEK\wsk32.exe File not found O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Nowe Gadu-Gadu] c:\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKLM..\RunOnce: [Del E:\Dexter.S03.HDTV.XviD.HAPPY.NEW.YEAR-HT\Dexter.S03E05.HDTV.XviD-0TV\dexter.305.hdtv-0tv.avi OnNextReboot] D:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All by FlashGet - C:\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - C:\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites) O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-10 21:38:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (OODBS) - D:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-06-24 12:26:51 | 00,000,000 | ---D | C] -- D:\_OTL [2009-06-24 12:10:41 | 00,512,512 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [2009-06-24 10:51:39 | 00,000,000 | -HSD | C] -- D:\RECYCLER [2009-06-24 10:22:39 | 01,529,241 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\SDFix.exe [2009-06-24 10:19:53 | 00,048,584 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast4.JPG [2009-06-24 10:18:02 | 01,571,840 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-06-24 10:18:02 | 00,172,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009-06-24 10:18:02 | 00,110,080 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-06-24 10:18:02 | 00,024,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-06-24 10:18:02 | 00,017,408 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-06-24 10:18:01 | 02,190,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-06-24 10:18:01 | 02,067,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-06-24 10:18:01 | 01,018,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-06-24 10:18:01 | 00,828,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-06-24 10:18:01 | 00,510,464 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-06-24 10:18:01 | 00,296,448 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-06-24 10:18:01 | 00,182,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-06-24 10:18:01 | 00,111,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\services.exe [2009-06-24 10:18:01 | 00,082,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-06-24 10:18:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-06-24 10:18:01 | 00,051,224 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-06-24 10:18:01 | 00,036,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-06-24 10:18:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-06-24 10:18:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-06-24 10:18:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-06-24 10:18:01 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\dllcache\cache [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\xircom [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\oobe [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\npp [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\WINDOWS\srchasst [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\xerox [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\windows nt [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\movie maker [2009-06-24 10:15:50 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\speechengines [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\inetsrv [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ime [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\msagent [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\netmeeting [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\msn gaming zone [2009-06-24 10:15:49 | 00,000,000 | ---D | C] -- D:\Program Files\microsoft frontpage [2009-06-24 10:09:57 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2009-06-24 10:09:57 | 00,155,136 | ---- | C] () -- D:\WINDOWS\PEV.exe [2009-06-24 10:09:57 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2009-06-24 10:09:57 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2009-06-24 10:09:57 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2009-06-24 10:09:57 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2009-06-24 10:09:56 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2009-06-24 10:09:56 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2009-06-24 10:09:52 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT [2009-06-24 10:09:48 | 00,000,000 | ---D | C] -- D:\Qoobox [2009-06-24 10:08:45 | 03,247,736 | ---- | C] (Piriform Ltd) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ccsetup220.exe [2009-06-24 10:08:03 | 00,037,327 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\PRT.zip [2009-06-24 10:07:13 | 00,045,818 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast3.JPG [2009-06-24 10:06:40 | 00,048,323 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast2.JPG [2009-06-24 10:05:57 | 00,045,859 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast1.JPG [2009-06-24 10:05:11 | 03,039,120 | R--- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ComboFix.exe [2009-06-23 16:16:55 | 00,000,409 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Dr Kawashima.lnk [2009-06-23 16:13:34 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\z dzis [2009-06-23 15:01:49 | 05,389,196 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\atb - what about us .mp31245761998_[mp3.teledyski.info].mp3 [2009-06-22 22:56:03 | 00,012,680 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\gallery-77114601-500x500.jpg [2009-06-22 22:52:20 | 00,018,215 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\WALENIE W KAKAO.JPG [2009-06-22 14:51:10 | 04,942,336 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nasza_klasa_rodzynki_cz.3.pps [2009-06-19 10:58:55 | 03,733,504 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Technika2.pps [2009-06-19 10:58:47 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nowy folder (2) [2009-06-18 18:23:55 | 00,139,997 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\HT.JPG [2009-06-18 15:46:13 | 00,134,745 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-2.jpg [2009-06-18 15:40:28 | 00,175,616 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Martyna Gromek - CV.doc [2009-06-18 15:01:57 | 00,199,168 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Tomasz_Babalicki_CV.doc [2009-06-18 10:24:41 | 00,195,072 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\CV TOMASZ_poprawione.doc [2009-06-14 12:52:43 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\wesele joli [2009-06-13 17:30:12 | 00,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009-06-13 17:30:12 | 00,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2009-06-13 17:30:12 | 00,077,824 | ---- | C] () -- D:\WINDOWS\System32\xvid.ax [2009-06-13 17:30:12 | 00,000,000 | ---D | C] -- D:\Program Files\Xvid [2009-06-11 18:38:31 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\nutki [2009-06-10 13:14:38 | 16,939,720 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Scared of Me (Hardwell Remix) www.electro-sound.pl.mp3 [2009-06-10 11:30:00 | 00,585,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rpcrt4.dll [2009-06-06 11:49:55 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\nasze [2009-06-06 01:22:05 | 00,153,848 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motyl.jpg [2009-06-06 01:14:11 | 03,282,515 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\0000.wmv [2009-06-06 00:54:31 | 00,138,058 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motylki.JPG [2009-06-05 00:54:47 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Moje dokumenty\Electronic Arts [2009-06-05 00:53:58 | 00,447,752 | R--- | C] (On2.com) -- D:\WINDOWS\System32\vp6vfw.dll [2009-06-05 00:53:57 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft WSE [2009-06-05 00:53:34 | 00,000,631 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk [2009-06-04 10:14:18 | 00,094,359 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\czarno-biale.jpg [2009-06-04 10:12:49 | 00,140,068 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-1.jpg [2009-06-04 09:43:16 | 00,213,306 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\img006.jpg [2009-06-04 09:10:30 | 00,198,656 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\si wi.doc [2009-06-04 00:58:04 | 00,000,000 | ---D | C] -- D:\Program Files\Damian Pasternak [2009-06-03 20:19:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nowy folder [2009-06-03 11:22:56 | 02,792,792 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Królewskie.jpg [2009-06-02 23:30:02 | 00,000,665 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\UnrealTournament.lnk [2009-06-02 23:20:45 | 00,087,552 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System\url.dll [2009-06-02 23:20:45 | 00,009,728 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System\rnaph.dll [2009-06-02 23:20:45 | 00,000,000 | ---D | C] -- D:\WINDOWS\wb [2009-06-02 23:15:43 | 00,000,000 | ---D | C] -- D:\Program Files\directx [2009-06-01 23:13:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2009-06-01 16:15:27 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Dane aplikacji\Apple Computer [2009-06-01 16:12:32 | 00,000,284 | ---- | C] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-01 16:12:32 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Apple [2009-06-01 16:12:30 | 00,000,000 | ---D | C] -- D:\Program Files\Apple Software Update [2009-06-01 16:12:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple [2009-06-01 16:12:06 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\Apple Computer [2009-05-31 20:58:23 | 00,311,028 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\maledivy.jpg [2009-05-31 19:03:18 | 00,000,000 | R--D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\101CANON [2009-05-31 17:41:33 | 57,726,976 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\DJSlider_28thMay09.mp3 [2009-05-29 23:31:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\7 - ATB - Trilogy (2CD)(2007)(VBR) [2009-05-29 23:30:39 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\No Silence - 2004 [2009-05-29 22:21:22 | 00,009,728 | ---- | C] () -- D:\WINDOWS\System32\UnInstall Exploding Bikini.exe [2009-05-29 12:54:54 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Firma-Nielegalne-Rytmy-2005-PL-www.darkwarez.pl-damiaNo72 [2009-05-29 12:54:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\diss na rzad [2009-05-29 12:51:09 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Firma-Przeciwko_Kurestwu_I_Upadkowi_Zasad_by_Dawid1944 [2009-05-29 12:30:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2009-05-29 12:30:27 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Moje dokumenty\Codemasters [2009-05-29 12:25:17 | 00,000,454 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\GRID.lnk [2009-05-29 12:25:13 | 00,000,000 | ---D | C] -- D:\Program Files\OpenAL [2009-05-28 20:59:00 | 00,000,000 | ---D | C] -- D:\Program Files\SystemRequirementsLab [2009-05-27 12:06:24 | 00,000,480 | ---- | C] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xSpeednet.lnk [2009-05-27 12:06:15 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xspeed.pro.v2.0.www.peb.pl.by.seched [2009-04-16 07:14:47 | 00,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009-04-13 19:39:38 | 00,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2009-04-13 17:58:09 | 01,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2009-04-13 17:58:09 | 01,466,368 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2009-04-13 17:58:09 | 01,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2009-04-13 17:58:09 | 00,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2009-04-13 17:54:48 | 00,147,456 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll [2009-04-13 17:51:34 | 00,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2009-04-13 17:51:22 | 00,196,608 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll [2009-04-13 17:50:42 | 00,005,810 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys [2009-04-13 17:08:04 | 00,717,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2009-04-13 16:00:21 | 00,394,752 | ---- | C] () -- D:\WINDOWS\System32\cygwinb19.dll [2009-04-13 16:00:21 | 00,059,904 | ---- | C] () -- D:\WINDOWS\System32\zlib1.dll [2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL [2006-06-01 11:22:00 | 00,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll [2006-05-10 14:23:22 | 00,006,968 | ---- | C] () -- D:\WINDOWS\cadx2.ini [2001-08-23 14:00:00 | 00,000,507 | ---- | C] () -- D:\WINDOWS\win.ini [2001-08-23 14:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-06-24 12:28:26 | 00,070,471 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2009-06-24 12:28:07 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2009-06-24 12:28:02 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2009-06-24 12:27:55 | 00,091,930 | ---- | M] () -- D:\WINDOWS\System32\oodbs.lor [2009-06-24 12:10:39 | 00,512,512 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\OTL.exe [2009-06-24 11:50:53 | 00,001,130 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-113007714-1417001333-500.job [2009-06-24 10:22:48 | 01,529,241 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\SDFix.exe [2009-06-24 10:19:53 | 00,048,584 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast4.JPG [2009-06-24 10:17:37 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2009-06-24 10:16:01 | 00,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2009-06-24 10:08:49 | 03,247,736 | ---- | M] (Piriform Ltd) -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ccsetup220.exe [2009-06-24 10:08:02 | 00,037,327 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\PRT.zip [2009-06-24 10:07:13 | 00,045,818 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast3.JPG [2009-06-24 10:06:40 | 00,048,323 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast2.JPG [2009-06-24 10:05:57 | 00,045,859 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\avast1.JPG [2009-06-24 10:05:16 | 03,039,120 | R--- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\ComboFix.exe [2009-06-23 16:16:55 | 00,000,409 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Dr Kawashima.lnk [2009-06-23 16:14:08 | 00,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2009-06-23 15:06:17 | 05,389,196 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\atb - what about us .mp31245761998_[mp3.teledyski.info].mp3 [2009-06-23 10:57:22 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2009-06-22 23:02:58 | 09,660,604 | -H-- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-06-22 22:56:03 | 00,012,680 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\gallery-77114601-500x500.jpg [2009-06-22 22:52:21 | 00,018,215 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\WALENIE W KAKAO.JPG [2009-06-22 22:42:01 | 00,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-22 14:51:10 | 04,942,336 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Nasza_klasa_rodzynki_cz.3.pps [2009-06-21 18:30:20 | 00,002,013 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Steam.lnk [2009-06-19 10:58:55 | 03,733,504 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Technika2.pps [2009-06-18 18:41:42 | 00,199,168 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Tomasz_Babalicki_CV.doc [2009-06-18 18:23:55 | 00,139,997 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\HT.JPG [2009-06-18 16:14:58 | 00,175,616 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Martyna Gromek - CV.doc [2009-06-18 15:46:15 | 00,134,745 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-2.jpg [2009-06-18 14:25:58 | 00,198,656 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\si wi.doc [2009-06-18 10:23:25 | 00,195,072 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\CV TOMASZ_poprawione.doc [2009-06-11 13:02:12 | 01,995,664 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2009-06-10 13:14:54 | 16,939,720 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Scared of Me (Hardwell Remix) www.electro-sound.pl.mp3 [2009-06-08 08:10:10 | 00,155,136 | ---- | M] () -- D:\WINDOWS\PEV.exe [2009-06-06 01:22:06 | 00,153,848 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motyl.jpg [2009-06-06 01:14:10 | 03,282,515 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\0000.wmv [2009-06-06 00:54:31 | 00,138,058 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\motylki.JPG [2009-06-05 00:53:34 | 00,000,631 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk [2009-06-04 10:14:19 | 00,094,359 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\czarno-biale.jpg [2009-06-04 10:12:50 | 00,140,068 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Untitled-1.jpg [2009-06-04 09:43:16 | 00,213,306 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\img006.jpg [2009-06-03 11:22:56 | 02,792,792 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\Królewskie.jpg [2009-06-02 23:33:11 | 00,000,665 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\UnrealTournament.lnk [2009-06-01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\mrt.exe [2009-05-31 20:58:23 | 00,311,028 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\maledivy.jpg [2009-05-31 17:45:12 | 57,726,976 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\DJSlider_28thMay09.mp3 [2009-05-29 22:21:22 | 00,009,728 | ---- | M] () -- D:\WINDOWS\System32\UnInstall Exploding Bikini.exe [2009-05-29 12:25:17 | 00,000,454 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\GRID.lnk [2009-05-29 12:25:13 | 00,444,952 | ---- | M] (Creative Labs) -- D:\WINDOWS\System32\wrap_oal.dll [2009-05-29 12:25:12 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\WINDOWS\System32\OpenAL32.dll [2009-05-27 12:06:24 | 00,000,480 | ---- | M] () -- D:\Documents and Settings\Administrator.BOMBELEK\Pulpit\!xSpeednet.lnk [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 162 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 < End of report >

p.s. czytalem tu na forum ze niektorzy skanuja rejestr programem CCleaner v2.20, czy ja tez powinienem?

**Posty:** 18165 · przez **wojtas** 24 Cze 2009, 16:12

mozesz

.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

**Posty:** 544 · przez **BoMbelaZ^** 24 Cze 2009, 21:00

Dzieki, komputer czyscioch

Ups, jest jeden problem, gdy wpisuje msconfig to mi wyskakuje blad ze nie moze znalesc pliku

skopiuje go z plyty z XP przez konsole odzyskiwania.

**Posty:** 1 · przez **lange13** 19 Lip 2009, 09:36

mógłby ktoś sprawdzić log z combofixa i pokierować mnie dalej, z góry dzięki

Kod: Zaznacz wszystko: ComboFix 09-07-14.08 - Administrator 2009-07-19 8:58.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.463 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-06-19 do 2009-07-19 ))))))))))))))))))))))))))))))) . 2009-06-27 12:29 . 2009-06-27 12:29 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Search Settings 2009-06-27 12:29 . 2009-06-27 12:33 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\pdfforge 2009-06-26 19:10 . 2009-07-19 06:17 -------- d-----w- c:\program files\pdfforge Toolbar 2009-06-26 19:09 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2009-06-26 19:09 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2009-06-26 19:09 . 2009-06-26 19:10 -------- d-----w- c:\program files\PDFCreator 2009-06-25 20:47 . 2009-06-26 08:53 -------- d-----w- c:\program files\Common Files\SolidWorks Shared 2009-06-25 20:47 . 2009-06-26 08:53 -------- d-----w- c:\program files\SolidWorks 2009-06-20 19:18 . 2009-06-21 20:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-06-20 19:18 . 2009-06-20 19:18 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\OpenFM . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-11 21:44 . 2009-05-21 12:48 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\FileZilla 2009-07-02 09:48 . 2008-12-23 17:16 -------- d-----w- c:\program files\ALLPlayer 2009-06-30 16:58 . 2009-05-11 21:33 -------- d-----w- c:\program files\Internet Download Manager 2009-06-30 11:37 . 2009-05-11 21:33 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DMCache 2009-06-29 13:49 . 2009-05-14 13:02 1030808 ----a-w- C:\installin.exe 2009-06-16 20:57 . 2009-05-25 15:09 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\PC Suite 2009-06-16 20:56 . 2009-05-25 15:09 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Nokia 2009-06-16 20:56 . 2009-05-25 15:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Suite 2009-06-16 20:56 . 2009-06-16 20:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-06-16 20:56 . 2009-06-16 20:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-06-16 14:40 . 2008-04-14 20:50 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2008-04-14 20:50 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-11 19:58 . 2009-01-07 19:11 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-06-03 19:11 . 2008-07-22 13:30 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-05-30 00:21 . 2009-05-11 21:33 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\IDM 2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-28 08:34 . 2009-05-28 08:34 11264 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2009-05-25 15:08 . 2009-05-25 15:08 -------- d-----w- c:\program files\Common Files\PCSuite 2009-05-25 15:08 . 2009-05-25 15:08 -------- d-----w- c:\program files\Common Files\Nokia 2009-05-25 15:08 . 2009-05-25 15:07 -------- d-----w- c:\program files\Nokia 2009-05-25 15:07 . 2009-05-25 15:07 -------- d-----w- c:\program files\DIFX 2009-05-25 15:07 . 2009-05-25 15:07 -------- d-----w- c:\program files\PC Connectivity Solution 2009-05-25 15:06 . 2009-05-25 15:06 8192 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe 2009-05-25 15:06 . 2009-05-25 15:06 61440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-05-25 15:06 . 2009-05-25 15:06 10240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe 2009-05-25 15:06 . 2009-05-25 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Installations 2009-05-25 15:02 . 2009-05-25 15:06 33662272 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe 2009-05-21 12:48 . 2009-05-21 12:48 -------- d-----w- c:\program files\FileZilla FTP Client 2009-05-13 05:06 . 2008-07-22 13:35 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:34 . 2008-04-14 20:50 347648 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-01-21 15:21 . 2009-01-21 15:21 584291240 ----a-w- c:\program files\drukarka hp CDB-Euro4-Express.exe 2008-11-29 19:28 . 2008-11-29 19:28 53682216 ----a-w- c:\program files\avg_free_stf_en_8_176a1399.exe 2009-06-20 15:22 . 2008-09-17 08:02 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ------- Sigcheck ------- [-] 2008-07-22 13:34 487424 5F1CCDF37F28A88D0473B0C9EA1E0D58 c:\windows\system32\user32.dll [-] 2008-07-22 13:15 361600 E88631E21A9CACA06104802F9E915115 c:\windows\system32\drivers\tcpip.sys [-] 2008-07-22 13:25 1528832 B49A80A502FD86B2F05BC7BBD723DDAB c:\windows\explorer.exe [-] 2008-07-22 13:23 40448 0277E1A3E8B337555A45943808451981 c:\windows\system32\ctfmon.exe [-] 2008-07-22 13:23 1526784 9994E5A07D951FC1B0F5FB18501090FC c:\windows\system32\comres.dll [-] 2008-07-22 13:23 689152 8CD81261DA6BD4BCFBD857A25220A1FB c:\windows\system32\comctl32.dll [7] 2001-08-23 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-04-14 20:29 1054208 737739FACEAD60683AA8D7FF7602FD14 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-05-04 14:32 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "Google Update"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-12-24 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-07-22 40448] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "PWRMGRTR"="c:\progra~1\ThinkPad\Utilities\PWRMGRTR.DLL" [2008-09-25 331776] "BLOG"="c:\progra~1\ThinkPad\Utilities\BatLogEx.DLL" [2008-09-25 208896] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "ElcomSoft DPR Server"="c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe" [2009-04-22 354064] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-07-22 541696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ wyczysc.lnk - c:\windows\wyczysc.cmd [2009-2-5 24] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-12 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 15:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 15:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "ud32.exe"= ud32.exe:BNDMSS "c:\\Program Files\\Common Files\\System\\Mapi\\1045\\NT\\ud32.exe"=ud32.exe "c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"= "c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"= "c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port "12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-06-09 114768] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-11-12 4442] R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2008-09-17 8576] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-06-09 20560] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-11-12 94208] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-12 57408] S2 gupdate1c9acb03c15f1e4;Usługa Google Update (gupdate1c9acb03c15f1e4);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 133104] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - HELPSVC *NewlyCreated* - VCDROM [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}] c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe . Zawartość folderu 'Zaplanowane zadania' 2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 18:41] 2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 18:41] 2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-823518204-1177238915-500Core.job - c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-24 20:28] 2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-823518204-1177238915-500UA.job - c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-24 20:28] 2009-07-19 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\Utilities\PWMIDTSK.EXE [2008-11-12 00:47] 2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{802F36B0-3A4A-4C16-9320-29C79A4EE7EC}.job - c:\windows\system32\msfeedssync.exe [2008-07-22 02:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: google.com\mail FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\30lo5wk2.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 09:03 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-299502267-823518204-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,91,da,09,d7,93,a6,4e,92,ad,0d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,91,da,09,d7,93,a6,4e,92,ad,0d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):11,e5,ad,72,41,d7,77,e5,69,bc,6a,b8,2a,b0,dd,d2,20,24,7e,0d,b4, 57,7e,4f,5f,17,c1,4f,7c,c4,4d,f6,82,94,f8,f4,ce,2f,81,a3,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d0bc6c6d-9e6f-4309-8f28-53a5ef50b660}] @Denied: (Full) (Everyone) "Model"=dword:0000009f "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="EEDED6013EBC2A533616B9A05F538FD230BF7D08BEFE1B3F8F41F1CA92C63E31C5172A8018E5DC396C1452D06DCEC77584284790B0BC81B701BA90F577575ABDA29619D014E5D4F627E7445CA48D655A423D4C9C01A971CD6F2B744FE3AA2F9C09738765F888CC7B35BEAA18ABC5E5A3A7667A0050054D75285300CB13272831F0646DF5C0FDD33BDDE8B01B59911EF5E5ADD3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5CAF4391401BF023FC44BC3FC646783228EC33515A2518ED3BA6E379AA5BDEB956277187269AC3155DA8FCA433F79F22D6CE85A9BBD3FC439B8C1E82034F34415C29749ECF53D40BECCBA576E5A5E57D679BDD99C991F0BC1C6E5154DC9CDEA04F057E60C65022AED15A45A8AB0A36A5D684499D356A6C15AA9F2693EDC2840B354F75B662A19CCCC34BA08FA2E8EDA0B0FD899385F0D62C4BB57C48C0C23A59A4DDF3F4D3DAA85591D4ADE4C0055F98184191BD90BB9283170AE3DCB2A40F86C9CCC74C1D94A05E9B7398454BA74F5C43CB0B420662F1C335BB22A175F182B3667B75581569501F58E7C0B2DF9C7A5BFD5ED12C63053AB5E82CB1C910BA08234D8BB093E579F876CFB6BA13ED348BAC24FE76E800C2A8C904023F6B5A11073E68E567DD0FE6D0641F274CAEB8C5278BA9F53D4B82C3EB92EC27AC04040BDB8FB234357D645CFE8C78C4F233D8A662D394CF9F89E9AFA4C520CA8E710CC25748BCE66E1A8982A1BA22E1DBB2B8B6C689FEDE493F8534EC402CDD30F7CBD8BCBA2A3198BF7C8BC859F1106CA11954535017B89A687A84CD0035178D3EEAEE44E035096FDE0B297BFA582ABCDA0EE378739E35A96A42D54828F170D950E6AB9955A72960CBD69331D2564A9599FE4F1F61EC723D09A8E04DFE2DA7799D92B9DD57E3920E3F5786D73B7FD07881A7041EAA6B5152F04F64C4EF46BF05F8134825CCDC87CED5D7C24F30FDE299161770C58599761AAEA9A00989B17D4B99630975BB1C0F2E8F770A6D538F685E42B18A564C884BF83581DC6A00F5EC4E1DCF32CC51BCF4E9D128247AE9850D6353AFCA087C5EFC065BF362ABA72E5A427FF9001ADCEE47F3E2AF5FB4DA434178799C2E8338577D0F5BF07D827D89591126D9B0C252F75A7470AA884CB445B8A14BD83566453F8015D33E029BA04C405959B6861CC92F45450C07F3E529166C15C116E3C28D79014CC6F24395D14CA7EA42AF48F47F02E1F3A888F91C8A5818BEB9DE42201F7B3A1C1AFC9B837AF5EE4CF135410D52EFD0441EC4757AD341BB3E758C60F6AC51AE22199DEA6AA347B7B75B8FBD97468CF32C2A264682A0999AE799504AB58A9723AEF2E810487D556819D4D593" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(960) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(3824) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\program files\Utilities\VisualTaskTips\VttHooks.dll c:\windows\system32\COMRes.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll c:\windows\system32\webcheck.dll c:\windows\system32\stobject.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2009-07-19 9:06 ComboFix-quarantined-files.txt 2009-07-19 07:06 ComboFix2.txt 2009-07-19 06:56 ComboFix3.txt 2009-07-19 06:27 Przed: 3 803 111 424 bajtów wolnych Po: 3 795 042 304 bajtów wolnych 259 --- E O F --- 2009-07-15 20:38

**Posty:** 8001 · przez **Okocza** 19 Lip 2009, 10:54

lange13, załóż swój temat, opisz w nim problem i zamieść odpowiednie logi w nim...

Kto jest na forum