Wirus z pendrive'a

[MichuPower]

Podlaczylem przed chwila zasyfialy pendrive kolegi i NOD coś wykrył... usunalem oczywiscie.
Jednakże prosilbym o sprawdzenie ponizszych logów w celu wywnioskowania czy cos tu glebiej nie siedzi

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-06-02 20:23:19
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 2 GB (31%) free of 8 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:25, on 2009-06-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Programy\NOD32\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
E:\Programy\NOD32\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Programy\Mozilla Firefox\firefox.exe
F:\BearShare\BearShare.exe
C:\Documents and Settings\Admin\Pulpit\RSIT.exe
E:\Programy\Bezpieczeństwo\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googe.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "E:\Programy\NOD32\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{40584D5A-E1D6-449B-A12B-F08B00286B4A}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Programy\NOD32\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Programy\NOD32\ekrn.exe
O23 - Service: Usługa Google Update (gupdate1c9c10931822910) (gupdate1c9c10931822910) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"egui"=E:\Programy\NOD32\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
E:\Programy\BootSkin\BootSkin.exe /StartupJobs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
E:\Programy\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
E:\Programy\Gadu-Gadu\gg.exe [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Programy\Winamp\winampa.exe [2003-12-13 33792]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-25 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Programy\Skype\Skype.exe"="E:\Programy\Skype\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-02 20:23:19 ----D---- C:\rsit
2009-05-25 17:20:15 ----D---- C:\Program Files\Foxit Software
2009-05-25 17:20:15 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Foxit
2009-05-23 19:14:52 ----D---- C:\WINDOWS\Pocket Tanks
2009-05-20 19:48:05 ----D---- C:\Program Files\Nowe Gadu-Gadu
2009-05-16 12:51:10 ----D---- C:\Program Files\Seekapp
2009-05-16 12:51:10 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Seekapp
2009-05-16 12:50:49 ----D---- C:\WINDOWS\Icons
2009-05-16 12:50:49 ----D---- C:\Program Files\FileSubmit
2009-05-13 10:40:50 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\ESET
2009-05-13 10:36:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2009-05-08 17:41:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-08 17:41:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-08 17:41:32 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-06-02 20:22:46 ----D---- C:\WINDOWS\Temp
2009-06-02 20:21:38 ----D---- C:\WINDOWS\Prefetch
2009-06-02 20:21:33 ----A---- C:\WINDOWS\winamp.ini
2009-06-02 19:36:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-02 17:53:55 ----D---- C:\WINDOWS\system32
2009-06-02 17:53:55 ----D---- C:\WINDOWS
2009-05-31 15:05:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-31 15:04:57 ----D---- C:\Program Files\Google
2009-05-31 15:03:43 ----D---- C:\WINDOWS\system32\drivers
2009-05-31 15:03:29 ----SD---- C:\WINDOWS\Tasks
2009-05-31 14:57:01 ----SH---- C:\boot.ini
2009-05-31 14:57:01 ----A---- C:\WINDOWS\win.ini
2009-05-31 14:57:01 ----A---- C:\WINDOWS\system.ini
2009-05-31 14:56:22 ----SHD---- C:\WINDOWS\CSC
2009-05-31 14:45:14 ----SHD---- C:\WINDOWS\Installer
2009-05-31 14:44:53 ----HD---- C:\WINDOWS\inf
2009-05-28 14:41:37 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype
2009-05-25 17:40:23 ----RD---- C:\Program Files
2009-05-16 13:09:06 ----SD---- C:\Documents and Settings\Admin\Dane aplikacji\Microsoft
2009-05-16 12:39:43 ----D---- C:\Program Files\Common Files
2009-05-16 12:27:36 ----RSD---- C:\WINDOWS\Fonts
2009-05-13 12:03:54 ----D---- C:\Program Files\COMODO
2009-05-13 11:40:51 ----A---- C:\WINDOWS\system32\cssdll32.dll
2009-05-10 12:39:29 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\XnView
2009-05-08 17:41:29 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-15 41856]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-09-06 51744]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-22 21275]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 awmrikg7;awmrikg7; C:\WINDOWS\system32\drivers\awmrikg7.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\USTAWI~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-25 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-25 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; E:\Programy\NOD32\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S2 gupdate1c9c10931822910;Usługa Google Update (gupdate1c9c10931822910); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]
S3 EhttpSrv;ESET HTTP Server; E:\Programy\NOD32\EHttpSrv.exe [2009-02-06 20680]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 hpdj;hpdj; C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product= []

-----------------EOF-----------------

Kod: Zaznacz wszystko

info.txt logfile of random's system information tool 1.06 2009-06-02 20:23:27

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Live Pool-->"E:\GRY\3D Live Pool\unins000.exe"
3DMark03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Active@ File Recovery-->"C:\Program Files\InstallShield Installation Information\{B27901FA-F157-4049-B1EC-BC43890A1DCC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -fE:\Programy\Photoshop\Uninst.isu -cE:\Programy\Photoshop\Uninst.dll
Aktualizacja dla systemu Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
BearShare-->F:\BEARSH~1\UNWISE.EXE F:\BEARSH~1\INSTALL.LOG
CCleaner (remove only)-->"E:\Programy\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9  -removeonly
HijackThis 2.0.2-->"E:\Programy\Bezpieczeństwo\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
IrfanView (remove only)-->E:\Programy\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0415-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->E:\Programy\Mozilla Firefox\uninstall\helper.exe
Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe
PITy 2008 dla Windows kompilacja:1.0.2.0-->"E:\Programy\PITy2008NG\unins000.exe"
Pocket Tanks v1.3-->"E:\GRY\Pocket Tanks 1\unins000.exe"
Pocket Tanks-->"C:\WINDOWS\Pocket Tanks\uninstall.exe" "/U:E:\GRY\Pocket Tanks\Uninstall\uninstall.xml"
Polanie II-->E:\GRY\POLANI~1\UNWISE.EXE /U E:\GRY\POLANI~1\INSTALL.LOG
Poprawka dla programu Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
QT Lite 2.8.0-->"C:\Program Files\QT Lite\unins000.exe"
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9  -removeonly
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15  -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Twierdza Krzyżowiec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0x15
Winamp (remove only)-->"E:\Programy\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

=====HijackThis Backups=====

O20 - AppInit_DLLs:   [2009-05-16]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [2009-05-17]

======System event log======

Computer Name: MAXPOWER
Event Code: 26
Message: Podręczne okno aplikacji:  : Machine Check:

Record Number: 13849
Source Name: Application Popup
Time Written: 20090516180222.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 6005
Message: Uruchomiono usługę Dziennik zdarzeń.

Record Number: 13848
Source Name: EventLog
Time Written: 20090516180155.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free.

Record Number: 13847
Source Name: EventLog
Time Written: 20090516180155.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 6006
Message: Zatrzymano usługę Dziennik zdarzeń.

Record Number: 13846
Source Name: EventLog
Time Written: 20090516164704.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 7036
Message: Usługa Google Software Updater weszła w stan zatrzymania.

Record Number: 13845
Source Name: Service Control Manager
Time Written: 20090516164052.000000+120
Event Type: informacje
User:

=====Application event log=====

Computer Name: MAXPOWER
Event Code: 0
Message:
Record Number: 5
Source Name: gusvc
Time Written: 20090509201111.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 0
Message:
Record Number: 4
Source Name: gupdate1c9c10931822910
Time Written: 20090509201041.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 1800
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20090509201015.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 0
Message:
Record Number: 2
Source Name: gusvc
Time Written: 20090509201011.000000+120
Event Type: informacje
User:

Computer Name: MAXPOWER
Event Code: 0
Message:
Record Number: 1
Source Name: gupdate1c9c10931822910
Time Written: 20090509201011.000000+120
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Kod: Zaznacz wszystko

OTListIt logfile created on: 2009-06-02 20:31:30 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 123,61 Mb Available Physical Memory | 24,17% Memory free
1,22 Gb Paging File | 0,89 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7,48 Gb Total Space | 2,34 Gb Free Space | 31,31% Space Free | Partition Type: NTFS
Drive D: | 21,82 Gb Total Space | 21,06 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
Drive E: | 41,02 Gb Total Space | 16,19 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
Drive F: | 41,45 Gb Total Space | 13,05 Gb Free Space | 31,48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,86 Gb Total Space | 3,36 Gb Free Space | 86,93% Space Free | Partition Type: FAT32

Computer Name: MAXPOWER
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-15 00:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-04-16 16:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003-09-01 13:42:50 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- E:\Programy\NOD32\egui.exe
PRC - [2006-05-16 11:22:58 | 00,614,400 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2009-04-19 18:09:12 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- E:\Programy\NOD32\ekrn.exe
PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-04-15 00:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009-04-28 18:19:27 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\Programy\Mozilla Firefox\firefox.exe
PRC - [2006-08-01 17:04:46 | 03,313,664 | ---- | M] (Free Peers, Inc.) -- F:\BearShare\BearShare.exe
PRC - [2004-03-26 21:36:07 | 00,970,240 | ---- | M] (Nullsoft) -- E:\Programy\Winamp\winamp.exe
PRC - [2008-04-15 00:51:52 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-06-02 20:26:28 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- E:\Programy\NOD32\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- E:\Programy\NOD32\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2009-04-19 18:09:12 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c10931822910 [Auto | Stopped])
SRV - [2008-04-15 00:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found --  -- (hpdj [Disabled | Stopped])
SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-04-22 12:22:38 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2008-09-24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2008-04-14 22:30:58 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2004-10-25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2003-09-06 14:25:52 | 00,051,744 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2003-09-06 15:37:22 | 00,062,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2003-09-06 14:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2001-08-18 02:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003-10-28 12:02:00 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006-05-04 19:02:58 | 00,380,928 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])
DRV - [2008-04-14 00:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2008-04-14 00:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-09-06 14:27:06 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2009-01-25 20:35:15 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.googe.pl/
IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\S-1-5-21-1343024091-436374069-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\S-1-5-21-1343024091-436374069-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: E:\PROGRAMY\MOZILLA FIREFOX\COMPONENTS [2009-04-28 19:17:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: E:\PROGRAMY\MOZILLA FIREFOX\PLUGINS [2009-05-25 17:20:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\PROGRAMY\NOD32\MOZILLA THUNDERBIRD [2009-05-31 14:43:50 | 00,000,000 | ---D | M]

[2009-01-25 19:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions
[2009-01-25 19:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-25 17:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Firefox\Profiles\yrnrdxv2.default\extensions
[2009-05-25 17:38:30 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\yrnrdxv2.default\searchplugins\ask.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [egui] "E:\Programy\NOD32\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{40584D5A-E1D6-449B-A12B-F08B00286B4A}\\NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-25 18:12:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-06-02 20:26:22 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-06-02 20:25:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTListIt2.exe
[2009-06-02 20:23:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009-06-02 20:18:20 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2009-06-02 20:15:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\R_A_P
[2009-06-01 17:49:16 | 00,002,830 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\best.gif
[2009-06-01 16:44:55 | 00,023,762 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\rakeback.PNG
[2009-05-28 20:55:08 | 31,257,088 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\eav_nt32_plk.msi
[2009-05-27 00:16:32 | 00,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-05-26 13:57:19 | 00,000,589 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\pockettanks.lnk
[2009-05-25 17:20:15 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009-05-25 17:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Foxit
[2009-05-23 19:24:35 | 02,795,832 | ---- | C] (Blitwise Productions, LLC                                   ) -- C:\Documents and Settings\Admin\Pulpit\ptanks.exe
[2009-05-23 19:14:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Pocket Tanks
[2009-05-23 18:51:05 | 31,772,748 | ---- | C] (SpyXenoX) -- C:\Documents and Settings\Admin\Pulpit\Pocket Tanks Deluxe.exe
[2009-05-20 20:25:51 | 72,134,740 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\uyhj.nrg
[2009-05-20 20:23:49 | 71,764,052 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\pokl.nrg
[2009-05-20 20:23:13 | 71,764,052 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\lhkighkjg.nrg
[2009-05-20 20:22:23 | 71,764,052 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\c.nrg
[2009-05-20 19:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu
[2009-05-19 18:33:12 | 78,360,660 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\Image.nrg
[2009-05-16 12:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\Seekapp
[2009-05-16 12:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Seekapp
[2009-05-16 12:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Icons
[2009-05-16 12:50:49 | 00,000,000 | ---D | C] -- C:\Program Files\FileSubmit
[2009-05-13 10:40:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\ESET
[2009-05-13 10:36:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2009-04-29 17:19:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009-04-22 12:22:26 | 00,295,028 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2009-04-02 19:18:54 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-09 18:01:21 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-03-04 21:15:13 | 00,010,518 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009-02-08 00:38:25 | 00,000,372 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009-02-03 21:15:02 | 00,001,104 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2009-01-25 20:35:15 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-01-25 19:53:30 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-01-25 19:11:23 | 00,000,140 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002-03-21 16:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001-07-22 03:16:20 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 03:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-06-02 20:26:28 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTListIt2.exe
[2009-06-02 20:21:33 | 00,000,140 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009-06-02 20:18:53 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe
[2009-06-02 19:45:46 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-06-02 19:45:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\desktop.ini
[2009-06-02 19:45:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-06-02 19:45:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-06-02 19:45:39 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009-06-01 17:49:17 | 00,002,830 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\best.gif
[2009-06-01 16:44:55 | 00,023,762 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\rakeback.PNG
[2009-05-31 14:57:01 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-05-31 14:57:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-05-31 14:57:01 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-05-31 14:48:16 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-05-28 21:08:52 | 31,257,088 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\eav_nt32_plk.msi
[2009-05-27 00:16:32 | 00,001,842 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-05-23 19:42:12 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\pockettanks.lnk
[2009-05-23 19:25:31 | 02,795,832 | ---- | M] (Blitwise Productions, LLC                                   ) -- C:\Documents and Settings\Admin\Pulpit\ptanks.exe
[2009-05-23 19:14:05 | 31,772,748 | ---- | M] (SpyXenoX) -- C:\Documents and Settings\Admin\Pulpit\Pocket Tanks Deluxe.exe
[2009-05-20 20:25:58 | 72,134,740 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\uyhj.nrg
[2009-05-20 20:23:58 | 71,764,052 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\pokl.nrg
[2009-05-20 20:23:21 | 71,764,052 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\lhkighkjg.nrg
[2009-05-20 20:22:33 | 71,764,052 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\c.nrg
[2009-05-19 18:33:36 | 78,360,660 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\Image.nrg
[2009-05-16 13:18:15 | 00,105,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-05-13 11:40:51 | 00,253,688 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2009-05-11 13:20:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

Drugi log z OTList (nie miescil sie)
http://wklej.org/id/99925/

Z gory dzieks

[wojtas]

Wylecz pendriva
Perlovga Removal Tool
Flash Disinfector
lub format



Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1343024091-436374069-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Key error. File not found

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .


1.Uruchom OTListIt2 z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji