Win32:patched-hn[trj] i inne śmieci z dysku usb

[Nexie]

Wziąłem ostatnio od kolegi 42 GB plików. Ostrzegał, że może mieć tam wirusa bo sam dostał część od kogoś. Postanowiłem zaufać Avastowi, jednak na nic się to nie zdało. Ciągle wyskakuje mi komunikat o znalezieniu tego trojana i innych wykrytych metodą heurystyczną. Nie mogę też w całym systemie włączyć opcji "Pokaż ukryte pliki i foldery". Stosowałem porady z innych podobnych przypadków jednak nic to nie dało. Załączam więc logi z OTL.

http://docs.google.com/Doc?docid=0AbfLB7Ctfc94ZGdiM25xNDVfMTJnOHNqMmtobg&hl=en


Pozdrawiam i z góry dziękuję za pomoc.

[NieWiem]

No rzeczywiście sprzedał Ci infekcję

Na http://www.virusscan.jotti.org albo na http://www.virscan.org proszę sprawdzić ten plik

C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

Instrukcja usuwania:

• Uruchom ponownie program OTL
• W okienku na dole Custom Scans / Fixes wklej to, co poniżej w ramce:
  

  :OTL
  PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
  O4 - HKU\S-1-5-21-602162358-790525478-839522115-1003..\Run: [cdoosoft] C:\Documents and Settings\Karol\Ustawienia lokalne\Temp\herss.exe ()
  O32 - AutoRun File - [2009-12-18 20:57:32 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
  O32 - AutoRun File - [2009-12-18 20:57:32 | 00,000,053 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
  O32 - AutoRun File - [2009-12-18 20:57:32 | 00,000,053 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
  O33 - MountPoints2\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\Shell\AutoRun\command - "" = H:\yu3.exe -- [2009-12-18 16:52:45 | 00,120,299 | RHS- | M] ()
  O33 - MountPoints2\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\Shell\open\Command - "" = H:\yu3.exe -- [2009-12-18 16:52:45 | 00,120,299 | RHS- | M] ()
  :Files
  C:\yu3.exe
  C:\t8g.exe
  C:\Documents and Settings\Karol\Dane aplikacji\.#
  :Commands
  [purity]
  [emptytemp]
  [clearrestorepoint]
  [start explorer]
  [reboot]

• Upewnij się, że wszystkie inne okna, programy, komunikatory są wyłączone.
• Kliknij przycisk Run Fix i poczekaj cierpliwie. To może chwilę potrwać!
• Na prośbę komputera o restart zgódź się.
• Po restarcie program automatycznie wyświetli raport z czyszczenia, który należy zapisać i wkleić w poście w tagach [code], lub na stronie http://www.wklej.org
• Wykonaj także nowego loga z OTL według konfiguracji, jaką podałem w tym poście (ta część na dole ekranu).

Autor postu otrzymał pochwałę

[Nexie]

WIELKIE DZIĘKI

Kod: Zaznacz wszystko

C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

Plik czysty.

Zrobiłem Run Fixa i jak na razie żadne alerty nie wyskoczyły. To raport z czyszczenia:

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-602162358-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
C:\Documents and Settings\Karol\Ustawienia lokalne\Temp\herss.exe moved successfully.
C:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
H:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\ not found.
H:\yu3.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\ not found.
File H:\yu3.exe not found.
========== FILES ==========
C:\yu3.exe moved successfully.
C:\t8g.exe moved successfully.
C:\Documents and Settings\Karol\Dane aplikacji\.# folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Karol
->Temp folder emptied: 854621 bytes
->Temporary Internet Files folder emptied: 449754 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87533314 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84,89 mb

Error: Unable to interpret <[clearrestorepoint]> in the current context!

OTL by OldTimer - Version 3.1.17.0 log created on 12192009_091543

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


A tu nowy log wg. wskazówek:
https://wklej.to/Xkzq

oraz extras.txt:
http://wklej.to/LGyY

[NieWiem]

Bardzo ładnie

Widziałem, że masz a dysku Avengera. Wykorzystamy go

Uruchom go, w okienku programu wklej zawartość ramki:

Kod: Zaznacz wszystko

Files to delete:
D:\autorun.inf
D:\k0maw.exe
D:\t8g.exe
D:\yu3.exe
E:\k0maw.exe
E:\t8g.exe
E:\yu3.exe
H:\k0maw.exe
H:\t8g.exe

Wduś execute, zatwierdź restart komputera i pokaż log wygenerowany przez Avengera.

Żródłem infekcji rzeczywiście były pamięci przenośne. Albo je sformatuj, albo podepnij i przeleć Malwarebytes', skoro już go masz na dysku

[Nexie]

Użyłem Avengera zgodnie z wskazówkami. Oto log:

Kod: Zaznacz wszystko

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "vrfdm" found!
ImagePath:  system32\drivers\hieunih.sys
Start Type:  0 (Boot)

Rootkit scan completed.


Warning:  Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!

File "D:\autorun.inf" deleted successfully.
File "D:\k0maw.exe" deleted successfully.
File "D:\t8g.exe" deleted successfully.
File "D:\yu3.exe" deleted successfully.
File "E:\k0maw.exe" deleted successfully.
File "E:\t8g.exe" deleted successfully.
File "E:\yu3.exe" deleted successfully.

Error:  could not open file "H:\k0maw.exe"
Deletion of file "H:\k0maw.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "H:\t8g.exe"
Deletion of file "H:\t8g.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished!  Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "D:\autorun.inf" not found!
Deletion of file "D:\autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\k0maw.exe" not found!
Deletion of file "D:\k0maw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\t8g.exe" not found!
Deletion of file "D:\t8g.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\yu3.exe" not found!
Deletion of file "D:\yu3.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "E:\k0maw.exe" not found!
Deletion of file "E:\k0maw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "E:\t8g.exe" not found!
Deletion of file "E:\t8g.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "E:\yu3.exe" not found!
Deletion of file "E:\yu3.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "H:\k0maw.exe"
Deletion of file "H:\k0maw.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "H:\t8g.exe"
Deletion of file "H:\t8g.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished!  Terminate.


Za to nadal nie mogę włączyć opcji "Pokaż ukryte pliki i foldery. Dysk jest czysty i nie zawirusował już żadnego kompa, do którego go wpinałem.

[wojtas]

daj nowy log z OTL

[Nexie]

Tu są logi:

log: http://wklej.to/pPDs
extras: http://wklej.to/Noe4

z tym że w czasie skanowania znow wyskoczyło że znalazło: D:\k0maw.exe D:\t8g.exe. oczywiście usunąłem, ale skąd się to bierze?

[wojtas]

masz pendriva ? w takim razie podłącz go i

Wejdź w Start >>> Uruchom >>> CMD i wpisz polecenie:

X:

(za X podstaw literę pod jaką jest widoczny dysk przenośny)

Następnie wpisz polecenie tworzenia raportu:

DIR /A:H >C:\LOG.TXT & start notepad C:\LOG.TXT

Wklejasz zawartość pliku log.txt na forum

[Nexie]

Dziękuję bardzo. Jest to dysk przenośny Samsung S2 320 GB na USB. No i wiem gdzie jest cmd

Here you are:

Kod: Zaznacz wszystko

Wolumin w stacji H to SAMSUNG
Numer seryjny woluminu: E492-4914

Katalog: H:\

2009-12-16  18:29    <DIR>          RECYCLER
2009-12-16  18:29    <DIR>          System Volume Information
               0 plik(˘w)               0 bajt˘w
               2 katalog(˘w)  181˙690˙961˙920 bajt˘w wolnych


#EDIT: Aha i chyba po problemie, bo po wykryciu tych plików przez Avasta zaczęły się pokazywać ukryta pliki (teraz zauważyłem)
#EDIT2: I znowu opcji sie nie da włączyć. Chciałem sobie wyłączyć pokazywanie rozszerzeń i widzę w ukrytych plikach i folderach i opcja "Pokazuj" i Ukryj" były niezaznaczone. Kliknąłem, żeby pokazywało i znowu klapa.

[NieWiem]

To nie odłączając dysku zrób nowego loga z OTL według takiej konfiguracji:

- zaznacz LOP
- zaznacz Purity
- zaznacz scan all users
- w okienku na dole wklej to, co daję poniżej:

C:\*
D:\*
E:\*
F:\*
G:\*
H:\*
%SYSTEMDRIVE%\*.

I dopiero wtedy wciskasz Run Fix

[Nexie]

A nie Run Scan czasem?

[NieWiem]

Oczywiście Run Scan. Przepraszam

[Nexie]

Nie ma za co. TO Ty mi pomagasz nie ja Tobie

"Trzymaj" loga:

Kod: Zaznacz wszystko

OTL logfile created on: 2009-12-20 19:32:47 - Run 5
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Documents and Settings\Karol\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,36 Mb Total Physical Memory | 372,73 Mb Available Physical Memory | 36,42% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,06 Gb Total Space | 16,42 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 41,93 Gb Free Space | 35,78% Space Free | Partition Type: NTFS
Drive E: | 66,62 Gb Total Space | 0,75 Gb Free Space | 1,13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 298,08 Gb Total Space | 169,21 Gb Free Space | 56,77% Space Free | Partition Type: NTFS
Drive I: | 3,73 Gb Total Space | 1,41 Gb Free Space | 37,81% Space Free | Partition Type: FAT32

Computer Name: KOMPUTER
Current User Name: Karol
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-12-18 16:50:31 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-17 15:29:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Pulpit\OTL.exe
PRC - [2009-12-09 21:43:38 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- D:\utorrent\uTorrent.exe
PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-11-17 15:18:22 | 06,807,552 | ---- | M] (Creative Team S.A.) -- D:\Programy\AQQ\AQQ.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-10-11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2009-08-09 08:06:58 | 00,122,880 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe
PRC - [2009-07-13 22:18:12 | 00,071,096 | ---- | M] () -- D:\Programy\CDBurnerXP\NMSAccessU.exe
PRC - [2009-06-22 18:03:18 | 00,960,568 | ---- | M] (Acronis) -- D:\Programy\Acronis TrueImage\TimounterMonitor.exe
PRC - [2009-06-22 17:57:20 | 00,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009-06-22 17:57:12 | 00,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009-06-22 17:37:38 | 04,355,464 | ---- | M] (Acronis) -- D:\Programy\Acronis TrueImage\TrueImageMonitor.exe
PRC - [2009-06-10 07:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-12-12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008-12-12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008-11-13 20:43:49 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007-11-02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007-10-19 20:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007-10-19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007-10-14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007-10-14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006-11-17 04:42:52 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-12-17 15:29:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Pulpit\OTL.exe
MOD - [2009-11-25 00:50:32 | 00,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2004-08-03 23:42:34 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-15 20:23:37 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate)
SRV - [2009-09-15 20:21:14 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-08-25 20:32:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-08-09 08:06:58 | 00,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009-07-13 22:18:12 | 00,071,096 | ---- | M] () [Auto | Running] -- D:\Programy\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-06-22 17:57:12 | 00,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-06-10 07:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009-06-02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-12-12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008-11-13 20:43:49 | 00,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007-11-06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007-11-06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004-10-22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-12-07 21:24:34 | 00,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-09-19 09:35:33 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009-08-30 20:50:47 | 00,902,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm228.sys -- (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228)
DRV - [2009-08-30 20:50:45 | 00,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009-08-30 20:50:45 | 00,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009-06-10 05:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-12-12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008-12-12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-10-30 10:25:55 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007-10-30 10:25:54 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007-10-30 10:25:53 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007-03-08 13:34:46 | 04,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006-07-01 22:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-08-18 16:52:06 | 00,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-04-06 02:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-04-06 02:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004-08-03 22:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2003-12-01 03:54:20 | 00,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-602162358-790525478-839522115-1003\S-1-5-21-602162358-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-790525478-839522115-1003\S-1-5-21-602162358-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://onet.pl/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pl@dictionaries.addons.mozilla.org:1.0.20091103
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: D:\Programy\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-09-09 20:10:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-18 16:50:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-18 16:50:42 | 00,000,000 | ---D | M]

[2009-07-12 23:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Extensions
[2009-12-20 19:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions
[2009-12-12 14:29:27 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-12-07 20:31:52 | 00,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009-11-20 16:12:02 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-12-12 14:29:27 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-07-12 23:07:29 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-10-14 10:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009-12-02 06:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\3n2cmnwg.default\extensions\pl@dictionaries.addons.mozilla.org
[2009-12-20 19:32:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-18 16:50:36 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-18 16:50:36 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-18 16:50:36 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-18 16:50:36 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-18 16:50:36 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-18 16:50:36 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programy\Acronis TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programy\Acronis TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-602162358-790525478-839522115-1003..\Run: [AQQ] D:\Programy\AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKU\S-1-5-21-602162358-790525478-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-602162358-790525478-839522115-1003..\Run: [uTorrent] D:\utorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Programy\MSOFFICE\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Programy\MSOFFICE\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.238.255.76 213.241.79.37
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-12 11:40:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-12-20 19:05:42 | 00,000,140 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6abd24ae-e20b-11de-97b2-001617b3b6ae}\Shell\AutoRun\command - "" = H:\PortableApps\StartPortableApps.exe -- [2009-03-11 07:31:48 | 00,089,280 | ---- | M] (PortableApps.com)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-12-20 18:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Moje dokumenty\Moje skanowanie
[2009-12-20 18:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\HP
[2009-12-20 18:17:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Dane aplikacji\Malwarebytes
[2009-12-20 18:17:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-12-20 18:17:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-20 18:17:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-19 19:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
[2009-12-19 19:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
[2009-12-19 19:32:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009-12-19 19:31:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009-12-19 19:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
[2009-12-19 19:30:23 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5mu.dll
[2009-12-19 19:30:05 | 00,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax7.dll
[2009-12-19 19:30:05 | 00,581,632 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl6.dll
[2009-12-19 19:30:05 | 00,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2009-12-19 19:30:05 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009-12-19 19:30:05 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst15.dll
[2009-12-18 20:58:22 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-12-17 16:00:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-12-17 15:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Pulpit\kztechssuite
[2009-12-17 15:29:27 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karol\Pulpit\OTL.exe
[2009-12-07 20:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Pulpit\ikony
[2009-12-06 19:46:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Pulpit\Nowy folder
[2009-12-03 18:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Moje dokumenty\The KMPlayer
[2009-12-03 18:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2009-12-03 18:19:33 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009-12-03 18:19:32 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009-12-03 18:19:32 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009-12-03 18:19:32 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009-12-03 18:19:30 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2009-12-03 18:19:30 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009-12-03 18:19:30 | 00,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv
[2009-12-03 18:19:30 | 00,287,744 | ---- | C] (Kristal StudioD
FileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009-12-03 18:19:30 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009-12-03 18:19:30 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009-12-03 18:19:30 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009-12-03 18:19:30 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009-12-03 18:19:29 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009-12-03 18:19:29 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009-12-03 18:19:29 | 00,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32f.dll
[2009-12-03 18:19:29 | 00,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32.dll
[2009-12-03 18:19:28 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009-12-03 18:19:28 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009-12-03 18:19:24 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009-12-03 18:10:20 | 24,246,400 | ---- | C] (                                                            ) -- C:\Documents and Settings\Karol\Pulpit\K-Lite_Codec_Pack_544_Mega.exe
[2009-11-26 23:05:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\Dane aplikacji\Publish Providers
[2009-11-26 13:45:11 | 00,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.09r2
[2009-11-26 13:44:56 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2009-11-26 13:44:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karol\WINDOWS
[2009-09-15 20:28:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-15 20:23:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-01 07:13:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-07-12 11:46:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-07-12 11:45:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-07-12 11:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-12-20 19:33:00 | 00,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-12-20 19:01:07 | 00,080,896 | ---- | M] () -- C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-20 18:42:51 | 00,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-12-20 18:33:00 | 00,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-12-20 16:48:57 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-12-20 16:48:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-20 16:48:33 | 00,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-12-20 16:48:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-20 13:48:25 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Karol\NTUSER.DAT
[2009-12-20 13:48:25 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Karol\ntuser.ini
[2009-12-19 19:48:19 | 00,004,654 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Obrazek.jpg
[2009-12-19 19:48:00 | 00,169,333 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2009-12-19 19:35:04 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2009-12-19 19:23:08 | 00,658,175 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\The_Dark_Knight_Polish_R2-[cdcovers_cc]-front.jpg
[2009-12-17 22:04:36 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Karol\Moje dokumenty\11.doc
[2009-12-17 16:00:24 | 01,087,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-12-17 16:00:24 | 00,490,628 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-12-17 16:00:24 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-12-17 16:00:24 | 00,083,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-12-17 16:00:24 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-12-17 15:56:52 | 01,920,512 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\kztechssuite.zip
[2009-12-17 15:29:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karol\Pulpit\OTL.exe
[2009-12-16 08:24:52 | 00,118,583 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\adwish.flv
[2009-12-13 12:14:50 | 00,063,244 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Adobe_After_Effect_Aktywacja.rar
[2009-12-11 08:05:22 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Karol\Moje dokumenty\Piątek3.doc
[2009-12-10 22:12:30 | 00,089,487 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\mXuruyy.pdf
[2009-12-09 21:25:12 | 00,287,551 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Hemingway Ernest - Stary człowiek i morze.pdf
[2009-12-09 12:45:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-12-07 21:24:34 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2009-12-07 15:16:57 | 21,215,286 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\zestaw_ikon.exe
[2009-12-06 03:10:43 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\BEZPIECZNE USUWANIE SPRZĘTU.lnk
[2009-12-06 03:05:08 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-12-06 03:01:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-03 18:22:28 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\KMPlayer.lnk
[2009-12-03 18:14:02 | 24,246,400 | ---- | M] (                                                            ) -- C:\Documents and Settings\Karol\Pulpit\K-Lite_Codec_Pack_544_Mega.exe
[2009-12-03 17:55:12 | 98,628,372 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\KLEJU vs LUIGI - Polskee Flavour  PL vs Skilll Methodz USA.flv
[2009-12-02 22:37:03 | 68,928,638 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\DJ_Format_-__2003__-__GEN005CD__-_Music_For_The_Mature_B-Boy.rar
[2009-12-02 22:07:30 | 07,035,086 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\The Incredible Bongo Band - Apache.mp3
[2009-12-01 16:27:06 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\sch197.gif
[2009-11-29 22:40:11 | 00,002,468 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Register Vegas Pro.htm
[2009-11-29 22:16:34 | 00,020,923 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\cmoy2_4.png
[2009-11-29 10:53:53 | 03,950,999 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\jamal policeman.mp3
[2009-11-26 23:59:52 | 02,410,579 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\wystp.mp3
[2009-11-26 23:55:04 | 00,007,578 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\pistolshot.wav
[2009-11-26 20:45:14 | 05,223,266 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\the pussycat dolls - hush hush (dave aude extended mix).mp3
[2009-11-26 13:53:03 | 00,002,064 | ---- | M] () -- C:\Documents and Settings\Karol\Moje dokumenty\eaglerc.usr
[2009-11-26 09:55:25 | 00,051,851 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\wymiary_ARN_150___PJ.PDF
[2009-11-25 21:36:54 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-11-25 21:20:52 | 06,238,177 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\How to Headspin tutorial pl Nauka bani bania breakdacne.flv
[2009-11-25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-11-25 00:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-11-25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-11-24 21:28:30 | 09,791,738 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Black_Eyed_Peas_-_I_Gotta_Feeling.mp3
[2009-11-23 15:47:49 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\Kraków 23.doc
[2009-11-23 15:47:00 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Karol\Moje dokumenty\Kraków 23.doc
[2009-11-22 22:32:58 | 00,000,511 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\AzisMetronomeNokia.jad
[2009-11-22 22:32:55 | 00,056,895 | ---- | M] () -- C:\Documents and Settings\Karol\Pulpit\AzisMetronomeNokia.jar

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-12-19 19:23:08 | 00,658,175 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\The_Dark_Knight_Polish_R2-[cdcovers_cc]-front.jpg
[2009-12-19 19:19:04 | 00,169,333 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009-12-19 19:19:04 | 00,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009-12-17 22:04:36 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Karol\Moje dokumenty\11.doc
[2009-12-17 15:56:37 | 01,920,512 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\kztechssuite.zip
[2009-12-16 08:24:50 | 00,118,583 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\adwish.flv
[2009-12-13 12:14:48 | 00,063,244 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Adobe_After_Effect_Aktywacja.rar
[2009-12-11 08:05:22 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Karol\Moje dokumenty\Piątek3.doc
[2009-12-10 22:12:29 | 00,089,487 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\mXuruyy.pdf
[2009-12-09 21:25:12 | 00,287,551 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Hemingway Ernest - Stary człowiek i morze.pdf
[2009-12-07 15:13:36 | 21,215,286 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\zestaw_ikon.exe
[2009-12-06 03:18:16 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Autorun.inf
[2009-12-06 03:10:36 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\BEZPIECZNE USUWANIE SPRZĘTU.lnk
[2009-12-03 18:22:28 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\KMPlayer.lnk
[2009-12-03 18:19:31 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-12-03 18:19:31 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-12-03 18:19:30 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009-12-03 18:19:29 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-12-03 18:19:29 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-03 18:19:29 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-03 18:19:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-03 18:19:26 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-03 18:19:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-12-03 17:40:25 | 98,628,372 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\KLEJU vs LUIGI - Polskee Flavour  PL vs Skilll Methodz USA.flv
[2009-12-02 22:05:59 | 07,035,086 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\The Incredible Bongo Band - Apache.mp3
[2009-12-02 22:00:30 | 68,928,638 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\DJ_Format_-__2003__-__GEN005CD__-_Music_For_The_Mature_B-Boy.rar
[2009-12-01 16:27:06 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\sch197.gif
[2009-11-29 22:38:23 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\keygen.exe
[2009-11-29 22:35:45 | 00,002,468 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Register Vegas Pro.htm
[2009-11-29 22:16:34 | 00,020,923 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\cmoy2_4.png
[2009-11-29 22:05:27 | 00,004,654 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Obrazek.jpg
[2009-11-29 10:53:53 | 03,950,999 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\jamal policeman.mp3
[2009-11-26 23:58:12 | 02,410,579 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\wystp.mp3
[2009-11-26 23:55:04 | 00,007,578 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\pistolshot.wav
[2009-11-26 20:40:54 | 05,223,266 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\the pussycat dolls - hush hush (dave aude extended mix).mp3
[2009-11-26 13:53:03 | 00,002,064 | ---- | C] () -- C:\Documents and Settings\Karol\Moje dokumenty\eaglerc.usr
[2009-11-26 09:55:25 | 00,051,851 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\wymiary_ARN_150___PJ.PDF
[2009-11-25 21:36:54 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-11-25 21:18:00 | 06,238,177 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\How to Headspin tutorial pl Nauka bani bania breakdacne.flv
[2009-11-24 21:23:41 | 09,791,738 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Black_Eyed_Peas_-_I_Gotta_Feeling.mp3
[2009-11-23 15:47:48 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\Kraków 23.doc
[2009-11-23 15:47:00 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Karol\Moje dokumenty\Kraków 23.doc
[2009-11-22 22:32:58 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\AzisMetronomeNokia.jad
[2009-11-22 22:32:55 | 00,056,895 | ---- | C] () -- C:\Documents and Settings\Karol\Pulpit\AzisMetronomeNokia.jar
[2009-10-08 16:47:07 | 00,030,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2009-10-05 19:40:19 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009-09-10 20:59:37 | 00,283,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-08-25 21:00:07 | 00,000,990 | -HS- | C] () -- C:\Documents and Settings\Karol\Dane aplikacji\systemfl.$dk
[2009-08-12 15:50:52 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009-08-12 15:50:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009-07-17 11:40:04 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-17 10:56:45 | 00,005,624 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-07-17 10:56:18 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009-07-17 07:11:26 | 00,080,896 | ---- | C] () -- C:\Documents and Settings\Karol\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-12 22:53:01 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-07-12 22:52:58 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009-06-10 07:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 07:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 07:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 07:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-11-26 20:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[color=#E56717]========== LOP Check ==========[/color]

[2009-08-30 20:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Acronis
[2009-09-09 20:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2009-09-09 20:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-08-31 21:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony
[2009-07-17 10:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip
[2009-07-12 21:45:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{35ACA973-70F0-495F-9092-74A130711865}
[2009-08-30 20:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Acronis
[2009-08-31 08:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Business Logic
[2009-08-11 20:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Canneverbe_Limited
[2009-08-25 15:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\EurekaLog
[2009-08-25 20:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Gadu-Gadu
[2009-10-18 13:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Nokia
[2009-10-18 13:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\PC Suite
[2009-11-26 23:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Publish Providers
[2009-09-23 16:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\SecondLife
[2009-09-13 22:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Sony
[2009-08-31 10:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\Subversion
[2009-12-20 19:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karol\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< C:\* >[/color]
[2009-07-12 11:40:14 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-12-19 23:55:11 | 00,006,686 | ---- | M] () -- C:\avenger.txt
[2009-09-19 09:48:04 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-07-12 11:40:14 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-07-12 11:40:14 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-12-20 18:52:15 | 00,000,099 | ---- | M] () -- C:\LOG.TXT
[2009-07-12 11:40:14 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:54 | 00,250,624 | RHS- | M] () -- C:\ntldr
[2009-12-20 16:48:27 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[2009-08-25 21:13:32 | 00,001,341 | ---- | M] () -- C:\Sys_LogWin.log

[color=#A23BEC]< D:\* >[/color]
[2009-04-17 13:16:37 | 00,000,465 | -H-- | M] () -- D:\video.avi.ini

[color=#A23BEC]< E:\* >[/color]
[2009-06-14 23:00:40 | 27,906,5705 | ---- | M] () -- E:\Clone Wars 1&2.MP4
[2009-09-22 06:39:28 | 00,048,295 | ---- | M] () -- E:\d0314f5795.jpeg
[2009-01-14 01:43:50 | 00,031,232 | ---- | M] () -- E:\Największe osiągnięcie starożytnych Greków według mnie.doc
[2008-09-07 17:52:04 | 00,000,354 | ---- | M] () -- E:\Skrót do Darek.lnk
[2009-08-02 11:14:34 | 00,000,354 | ---- | M] () -- E:\Skrót do Karol.lnk
[2009-09-06 11:10:15 | 00,002,617 | ---- | M] () -- E:\VirtualDJ Local Database v6.xml

[color=#A23BEC]< F:\* >[/color]

[color=#A23BEC]< G:\* >[/color]
[2008-04-08 03:23:47 | 73,047,8592 | R--- | M] () -- G:\Dwie Wieze-cd1.avi
[2008-04-13 21:53:07 | 00,032,401 | R--- | M] () -- G:\Dwie Wieze-cd1.txt
[2008-04-08 03:03:52 | 73,085,5424 | R--- | M] () -- G:\Dwie Wieze-cd2.avi
[2008-04-13 21:53:26 | 00,033,456 | R--- | M] () -- G:\Dwie Wieze-cd2.txt
[2008-04-08 03:21:13 | 73,078,3744 | R--- | M] () -- G:\Dwie Wieze-cd3.avi
[2008-04-13 21:53:42 | 00,028,051 | R--- | M] () -- G:\Dwie Wieze-cd3.txt

[color=#A23BEC]< H:\* >[/color]
[2009-12-20 19:05:42 | 00,000,140 | ---- | M] () -- H:\Autorun.inf

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009-12-19 23:54:15 | 00,000,000 | ---D | M] -- C:\Avenger
[2009-12-19 19:47:57 | 00,000,000 | -H-D | M] -- C:\Config.Msi
[2009-10-08 16:48:01 | 00,000,000 | ---D | M] -- C:\DKU-5
[2009-07-12 11:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009-10-05 20:51:54 | 00,000,000 | ---D | M] -- C:\my flashes
[2009-07-17 09:52:34 | 00,000,000 | ---D | M] -- C:\NVIDIA
[2009-12-19 19:37:41 | 00,000,000 | R--D | M] -- C:\Program Files
[2009-07-12 23:02:41 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009-07-12 11:46:12 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009-10-08 16:46:22 | 00,000,000 | ---D | M] -- C:\USB_Data_Cable
[2009-12-19 23:53:36 | 00,000,000 | ---D | M] -- C:\WINDOWS
[2009-12-17 16:00:06 | 00,000,000 | ---D | M] -- C:\_OTL
< End of report >


[NieWiem]

Wlep w OTLu:

:Files
H:\autorun.inf

i Run Fix.

Potem Flash Disinfector

• do pobrania stąd
• narzędzie to działa na systemach operacyjnych Windows 2000, XP, Vista, zabezpiecza i komputer i USB. Obsługa jest banalna: uruchomić (przez dwuklik, użytkowny Vista przez prawoklik i opcję 'uruchom jako administrator'), wcisnąć OK, poczekać, wcisnąć drugi raz OK.

[Nexie]

Autoruna nie usuwam, gdyż po poprzednich deletach sam go utworzyłem - taki mały customise Jago zawartość, żebyś nie musiał się martwić :

Kod: Zaznacz wszystko

[Autorun]
Open=PortableApps\StartPortableApps.exe
Action=Start PortableApps.com
Icon=PortableApps\Radioactive.ico
Label=Dysk Przenośny


Zabezpieczę dysk według wskazówek

Niestety to nie koniec. Dalej nie mogę włączyć pokazywania ukrytych plików i folderów, ale wirusy "się uspokoiły". Dzięki za dotycjhczasowy wysiłek. Podziękowałem ci też pochwałami :p

[NieWiem]

Do notatnika wklej to co daję w ramce:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

Plik => zapisz jako => wszystkie pliki => fix.reg. Po zapisaniu odpal i zatwierdź, oraz zresetuj komputer i powiedz jak objawy.

[Nexie]

Miodzio i wszystko gites. Wielkie dzięki! Za cierpliwość w rozwiązaniu mojego problemu.

Mam tez pytanie. Skąd bierze się Twoja znajomość wirusów, rejestru, programów tj. OTL? Czy to praktyka, czy też masz jakieś źródło, z którego się uczyłeś, czy tez może sam wirusy piszesz ? Wiesz, jestem początkującym programistą amatorem (może kiedyś nawet zawodowcem?) oraz interesuje mnie też elektronika i tematy związane z informatyką i komputerem. Takiej wiedzy tylko pozazdrościć, więc może dasz jakąś wskazówkę, skąd mam czerpać wiedzę?

[NieWiem]

Ja jestem samoukiem. Wszystko co wiem, to myślenie, dedukcja, doświadczenie oraz google Nie zdradzę chyba tajemnicy jeśli powiem, że w czerwcu sam byłem zielony w tym temacie i przyszedłem tutaj na forum szukać pomocy

Do załatwienia sprzątanie:

• Pobierz program OTC
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Wciśnij przycisk Clean Up!
• Na pytanie "Begin cleanup Process?" wciśnij Yes.
• Jeśli padnie prośba o restart - zgódź się.

• Pobierz program TFC
• Zamknij wszystkie otwarte programy - inaczej TFC zrobi to za Ciebie
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Kliknij przycisk Start
• Czyszczenie lokalizacji tymczasowych może chwilę potrwać (ale znowu bez przesady), uzbrój się w cierpliwość.
• Jeśli padnie prośba o restart - zgódź się.

Czyszczenie punktów przywracania systemu jest konieczne, ponieważ w backupach Windowsa znajdują się także kopie szkodników.

• Wyłączenie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Zaznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.
• Zrestartować komputer!
• Włączanie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Odznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.

[Krystekw]

czy do usuniecia Win32:Patched [Trj] musze miec pendriva, z którego "pobrałem" wirusa, czy jakikolwiek też zda egzamin?

Dodano Dzisiaj, 12:46:
poradziłem sobie bez innych dodatkowych programow antywirusowych. odpalilem commandera, dalem pokaz ukryte pliki, wszedłem do c:\doc&setings\admin\ustawienia lokalne\temp i skasowałem plik o nawie herss i uruchom ponownie kompa i ...... spokój !!! hmmmm o jaki spokój

[wojtas]

Krystekw, daj dla pewności w swoim temacie (nowym) loga z OTL według zasad wstawiania logów