Wolny komp, mam wirusa sality

[kotosha]

Z tego co zauważyłem to na każdy dysk jaki posiadam, twardy i przenośny, kopiują się pliki: autorun.ini, p.exe oraz folder RECYCLED. pliki te pojawiają się na każdym dysku. Mam partycje linuksa, widoczne także pod Windows XP i na nich też te pliki są. Po skanie Avastem dowiedziałem się, że posiadam wirusa Sality, który po skanowaniu usunąłem.

Poniżej log z HijackThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:06, on 2009-07-15
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
e:\HijackThis\HijackThis.exe
C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] E:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

--
End of file - 4444 bytes


[Okocza]

kotosha, daj log z combofix... jeśli rzeczywiście jest to sality, to bez formatu się nie obędzie..

[kotosha]

Oto log z ComboFix:

Kod: Zaznacz wszystko

ComboFix 09-07-14.08 - kotosha 2009-07-15 18:07.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.230 [GMT 2:00]
Uruchomiony z: c:\documents and settings\kotosha\Moje dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\p.exe
c:\windows\system32\AutoRun.inf
D:\Autorun.inf
D:\p.exe
E:\Autorun.inf
E:\p.exe
F:\autorun.inf
F:\p.exe
G:\Autorun.inf
G:\p.exe
J:\Autorun.inf . . . . nie udało się usunąć
J:\p.exe . . . . nie udało się usunąć
K:\autorun.inf . . . . nie udało się usunąć
K:\p.exe . . . . nie udało się usunąć

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_AVPsys


(((((((((((((((((((((((((   Pliki utworzone od 2009-06-15 do 2009-07-15  )))))))))))))))))))))))))))))))
.

2009-07-15 08:13 . 2009-07-15 08:13   --------   d--h--w-   c:\windows\system32\GroupPolicy
2009-07-14 18:55 . 2005-07-28 06:18   685056   ----a-w-   c:\windows\system32\drivers\hardlock.sys
2009-07-14 18:55 . 2009-07-14 18:55   6656   ----a-w-   c:\windows\system32\haspvdd.dll
2009-07-14 18:55 . 2009-07-14 18:55   47616   ----a-w-   c:\windows\system32\drivers\Haspnt.sys
2009-07-14 18:55 . 2009-07-14 18:55   383   ----a-w-   c:\windows\system32\haspdos.sys
2009-07-14 18:54 . 2004-12-13 00:05   356437   ----a-w-   c:\windows\system32\Gds32.dll
2009-07-14 18:54 . 2009-07-14 18:54   --------   d-----w-   c:\program files\Common Files\Borland Shared
2009-07-14 18:54 . 2009-07-14 18:54   --------   d-----w-   c:\program files\Borland
2009-07-13 19:15 . 2009-07-13 19:15   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\GARMIN
2009-07-13 19:09 . 2003-09-23 14:42   7296   ----a-w-   c:\windows\system32\drivers\grmnusb.sys
2009-07-13 19:09 . 2003-09-23 14:42   17024   ----a-w-   c:\windows\system32\drivers\grmngen.sys
2009-07-13 19:09 . 2009-07-13 19:09   --------   d-----w-   C:\Garmin
2009-07-13 18:59 . 2009-07-13 19:00   --------   d-----w-   C:\Garmin1
2009-07-13 10:05 . 2001-08-17 19:52   18688   -c--a-w-   c:\windows\system32\dllcache\cdaudio.sys
2009-07-13 10:05 . 2001-08-17 19:52   18688   ----a-w-   c:\windows\system32\drivers\cdaudio.sys
2009-07-09 14:27 . 2009-07-09 14:27   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\OpenFM
2009-07-09 08:17 . 2009-07-09 08:18   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\Nowe Gadu-Gadu
2009-07-07 06:08 . 2009-07-07 06:08   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-07-07 06:08 . 2009-07-07 06:08   --------   d-----w-   c:\program files\DAEMON Tools Toolbar
2009-07-07 06:04 . 2009-07-07 06:04   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-07-07 06:04 . 2009-07-07 06:10   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\DAEMON Tools Lite
2009-07-05 19:54 . 2001-10-26 15:29   5632   ----a-w-   c:\windows\system32\ptpusb.dll
2009-07-05 19:54 . 2008-04-14 17:20   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2009-07-02 18:04 . 2009-07-02 18:04   --------   d-----w-   c:\documents and settings\kotosha\Ustawienia lokalne\Dane aplikacji\Temp
2009-06-28 11:01 . 2000-12-08 19:59   122880   ----a-w-   c:\windows\UnGins.exe
2009-06-28 10:10 . 2009-06-28 10:10   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\AdobeUM
2009-06-22 13:23 . 2009-06-22 13:23   239088   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll
2009-06-20 07:51 . 2009-06-20 07:51   4096   ----a-w-   c:\windows\d3dx.dat
2009-06-19 19:17 . 2009-06-19 19:17   --------   d-----w-   c:\windows\l2schemas
2009-06-19 19:17 . 2009-06-19 19:17   --------   d-----w-   c:\windows\system32\pl
2009-06-19 19:17 . 2009-06-19 19:17   --------   d-----w-   c:\windows\system32\bits
2009-06-19 19:14 . 2009-06-19 19:18   --------   d-----w-   c:\windows\ServicePackFiles

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 14:10 . 2009-01-05 19:46   1   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-14 13:22 . 2009-01-05 09:17   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-07-12 13:42 . 2009-01-05 09:51   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\Skype
2009-07-12 12:52 . 2009-01-05 10:31   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\skypePM
2009-07-05 15:18 . 2009-01-07 23:54   17280   ----a-w-   c:\documents and settings\kotosha\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-28 11:38 . 2009-01-05 08:55   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-20 07:04 . 2004-08-04 12:00   74230   ----a-w-   c:\windows\system32\perfc015.dat
2009-06-20 07:04 . 2004-08-04 12:00   448004   ----a-w-   c:\windows\system32\perfh015.dat
2009-06-19 19:22 . 2009-01-02 18:20   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-14 09:39 . 2009-06-14 09:39   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\K-Meleon
2009-06-14 07:13 . 2009-06-14 07:13   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\HPAppData
2009-06-13 19:58 . 2009-06-13 19:58   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\HP
2009-06-13 19:39 . 2009-06-13 19:39   16504   ----a-w-   c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-13 19:39 . 2009-06-13 19:39   --------   d-----w-   c:\documents and settings\LocalService\Dane aplikacji\HP
2009-06-13 19:38 . 2009-06-13 19:38   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-06-13 19:38 . 2009-06-13 19:24   153459   ----a-w-   c:\windows\hpoins14.dat
2009-06-13 19:34 . 2009-06-13 19:34   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-06-13 19:34 . 2009-06-13 19:29   --------   d-----w-   c:\program files\HP
2009-06-13 19:33 . 2009-06-13 19:32   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\HP
2009-06-13 19:32 . 2009-06-13 19:32   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-06-13 19:32 . 2009-06-13 19:32   --------   d-----w-   c:\program files\Common Files\HP
2009-06-13 19:31 . 2009-06-13 19:31   --------   d-----w-   c:\program files\Hewlett-Packard
2009-06-13 19:31 . 2009-06-13 19:31   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2009-06-13 19:24 . 2009-06-13 19:24   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-06-13 13:58 . 2009-06-13 13:58   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\Prism
2009-06-13 13:30 . 2009-06-13 13:30   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\WebApps
2009-06-13 04:47 . 2009-06-13 04:38   5   ----a-w-   c:\windows\system32\SySmp3con.dat
2009-06-06 18:51 . 2009-06-06 18:51   152576   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 19:51 . 2009-06-01 19:51   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-05-31 09:16 . 2009-02-12 22:12   --------   d-----w-   c:\program files\Common Files\Adobe
2009-05-31 08:20 . 2009-03-16 08:44   --------   d-----w-   c:\program files\Common Files\fabFORCE
2009-05-29 21:20 . 2009-05-29 21:20   --------   d-----w-   c:\program files\MSXML 4.0
2009-05-28 09:23 . 2009-05-28 09:23   42088   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-28 08:34 . 2009-05-28 08:34   11264   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
2009-05-23 09:04 . 2009-01-05 10:27   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\uTorrent
2009-05-17 20:02 . 2009-01-17 10:42   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\gtk-2.0
2009-05-17 09:07 . 2009-05-17 09:07   --------   d-----w-   c:\documents and settings\kotosha\Dane aplikacji\Apple Computer
2009-05-08 15:11 . 2009-06-13 13:28   44018   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Mozilla\Firefox\Profiles\p9nkrk02.default\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-06-13 13:28   16896   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Mozilla\Firefox\Profiles\p9nkrk02.default\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-07 15:34 . 2004-08-04 12:00   347648   ----a-w-   c:\windows\system32\localspl.dll
2009-04-29 18:42 . 2009-06-13 13:28   110592   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Mozilla\Firefox\Profiles\p9nkrk02.default\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-06-13 13:28   110592   ----a-w-   c:\documents and settings\kotosha\Dane aplikacji\Mozilla\Firefox\Profiles\p9nkrk02.default\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-29 04:35 . 2009-02-16 19:17   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-04-29 04:35 . 2004-08-04 12:00   669184   ----a-w-   c:\windows\system32\wininet.dll
2009-04-26 07:37 . 2009-04-26 07:26   5632   ----a-w-   c:\windows\system32\drivers\StarOpen.sys
2009-04-19 19:51 . 2004-08-04 12:00   1847424   ----a-w-   c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"Nowe Gadu-Gadu"="e:\gg\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"kartki"="e:\quicknote\kartki.exe" [2004-08-01 1560064]
"avast!"="e:\avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="e:\quicktime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="e:\java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\kotosha\Menu Start\Programy\Autostart\
K-Meleon Loader.lnk - e:\k-meleon\loader.exe [2007-4-15 32768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\kotosha\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\kotosha\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"e:\\Java\\jre6\\bin\\java.exe"=
"e:\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"e:\\Packet Tracer 5.1\\bin\\PacketTracer5.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Java\\jre6\\bin\\javaw.exe"=
"e:\\InstantRails-2.0-win\\apache\\Apache.exe"=
"e:\\InstantRails-2.0-win\\ruby\\bin\\ruby.exe"=
"e:\\eclipse\\eclipse.exe"=
"e:\\Java\\jdk1.6.0_11\\jre\\bin\\java.exe"=
"e:\\GG\\Gadu-Gadu\\gg.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"e:\\pdt-all-in-one-win32-2.0.1\\eclipse\\eclipse.exe"=
"e:\\xampp\\apache\\bin\\httpd.exe"=
"e:\\xampp\\mysql\\bin\\mysqld.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-23 114768]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2009-04-26 651264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-23 20560]
S3 ssbcbus;SAMSUNG Mobile Composite Device (WDM);c:\windows\system32\drivers\ssbcbus.sys [2009-04-26 83328]
S3 ssbcmdfl;SAMSUNG Mobile USB Modem 1.0 (Filter);c:\windows\system32\drivers\ssbcmdfl.sys [2009-04-26 14848]
S3 ssbcmdm;SAMSUNG Mobile USB Modem 1.0;c:\windows\system32\drivers\ssbcmdm.sys [2009-04-26 109696]
S3 Tomcat6;Apache Tomcat;e:\tomcat 6.0\bin\tomcat6.exe [2008-07-22 57344]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-05-13 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003Core.job
- c:\documents and settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-05 09:32]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003UA.job
- c:\documents and settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-05 09:32]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 18:13
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2252)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
e:\avast4\aswUpdSv.exe
e:\avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTSVCCDA.EXE
e:\java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
e:\k-meleon\k-meleon.exe
c:\windows\system32\wscntfy.exe
e:\gg\Nowe Gadu-Gadu\spellchecker_gg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-07-15 18:17 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-07-15 16:17

Przed: 723 562 496 bajtów wolnych
Po: 929 267 712 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

237   --- E O F ---   2009-06-21 00:26


[wojtas]

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:

J:\Autorun.inf
J:\p.exe
K:\autorun.inf
K:\p.exe

Klikasz Execute,

wklejasz na forum raport: C:\avenger.txt + log z OTL

[kotosha]

Program daft nie istnieje pod wskazanym linkiem, możesz pszeslać mi go mailem podanym na PW.

Avenger to dobry program, ale sformatuję te partycje. Był tu linux, którego i tak mszę wywalić.

A co do loga z OTL, to proszę bardzo poniżej:

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-17 00:04:09 - Run 1
OTL by OldTimer - Version 3.0.7.1     Folder = C:\Documents and Settings\kotosha\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 245,21 Mb Available Physical Memory | 47,94% Memory free
1,25 Gb Paging File | 0,90 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): C:\pagefile.sys 800 801 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,86 Gb Total Space | 1,20 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 501,00 Mb Total Space | 436,83 Mb Free Space | 87,19% Space Free | Partition Type: FAT32
Drive E: | 10,14 Gb Total Space | 8,47 Gb Free Space | 83,52% Space Free | Partition Type: NTFS
Drive F: | 19,64 Gb Total Space | 6,61 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive G: | 27,53 Gb Total Space | 3,35 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 973,46 Mb Total Space | 0,34 Mb Free Space | 0,03% Space Free | Partition Type: NTFS

Computer Name: KOTOSHA-6EEB6B2
Current User Name: kotosha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-02-05 23:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Avast4\ashDisp.exe
PRC - [2009-02-05 23:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast4\aswUpdSv.exe
PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast4\ashServ.exe
PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2005-09-22 17:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast4\ashWebSv.exe
PRC - [2006-10-02 18:03:00 | 00,188,416 | ---- | M] (Creative Technology Ltd) -- E:\zen\CtDetctu.exe
PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009-06-19 03:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2009-06-19 03:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2009-06-19 03:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2009-06-19 03:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2009-07-15 21:58:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kotosha\Moje dokumenty\Downloads\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-02-16 09:16:35 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-02-05 23:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007-12-05 04:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007-09-28 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-09-22 17:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006-10-22 05:30:20 | 04,493,312 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [Auto | Stopped])
SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-02-05 23:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009-02-05 23:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007-12-05 07:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2003-03-25 02:13:46 | 00,741,583 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])
DRV - [2008-04-13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2003-09-23 16:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2005-07-28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2009-07-14 20:55:35 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2008-04-13 20:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2002-09-06 05:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-07-07 08:04:10 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-07-05 12:38:14 | 00,083,328 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssbcbus.sys -- (ssbcbus [On_Demand | Stopped])
DRV - [2007-07-05 12:38:16 | 00,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ssbcmdfl.sys -- (ssbcmdfl [On_Demand | Stopped])
DRV - [2007-07-05 12:38:16 | 00,109,696 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ssbcmdm.sys -- (ssbcmdm [On_Demand | Stopped])
DRV - [2007-05-02 11:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007-05-02 11:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007-05-02 11:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2009-04-26 09:37:35 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: e:\Mozilla Firefox 2.0\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: e:\Mozilla Firefox 2.0\plugins


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] E:\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.233.128.17
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-02 20:21:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-07-15 21:55:49 | 00,000,541 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\HijackThis.lnk
[2009-07-15 21:43:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-07-15 19:34:50 | 00,000,000 | ---D | C] -- C:\Program Files\MIKSOFT
[2009-07-15 18:42:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-07-15 18:17:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-07-15 18:16:16 | 02,190,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009-07-15 18:16:16 | 02,067,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009-07-15 18:16:16 | 01,571,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009-07-15 18:16:16 | 01,035,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009-07-15 18:16:16 | 01,018,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009-07-15 18:16:16 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009-07-15 18:16:16 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009-07-15 18:16:16 | 00,669,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009-07-15 18:16:16 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009-07-15 18:16:16 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009-07-15 18:16:16 | 00,510,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009-07-15 18:16:16 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009-07-15 18:16:16 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009-07-15 18:16:16 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009-07-15 18:16:16 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009-07-15 18:16:16 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009-07-15 18:16:16 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009-07-15 18:16:16 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009-07-15 18:16:16 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009-07-15 18:16:16 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009-07-15 18:16:16 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009-07-15 18:16:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009-07-15 18:16:16 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009-07-15 18:16:16 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009-07-15 18:16:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009-07-15 18:16:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009-07-15 18:16:16 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009-07-15 18:16:16 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009-07-15 18:16:16 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009-07-15 18:16:16 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009-07-15 18:16:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009-07-15 18:16:16 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009-07-15 18:16:16 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009-07-15 18:16:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009-07-15 18:16:16 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009-07-15 18:16:16 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009-07-15 18:16:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009-07-15 18:05:53 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009-07-15 18:05:50 | 00,262,400 | ---- | C] () -- C:\cmldr
[2009-07-15 18:05:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-07-15 17:48:10 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009-07-15 17:48:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-07-15 17:48:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-07-15 17:48:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-07-15 17:48:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-07-15 17:48:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-07-15 17:48:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-07-15 17:46:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-07-15 17:43:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-07-15 10:13:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009-07-14 20:56:17 | 00,017,995 | ---- | C] () -- C:\WINDOWS\ewmapa.ini
[2009-07-14 20:56:17 | 00,000,663 | ---- | C] () -- C:\WINDOWS\baza.ini
[2009-07-14 20:55:40 | 08,405,015 | ---- | C] () -- C:\WINDOWS\TempFile
[2009-07-14 20:55:40 | 00,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2009-07-14 20:55:35 | 00,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2009-07-14 20:55:35 | 00,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2009-07-14 20:55:35 | 00,002,627 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
[2009-07-14 20:55:35 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009-07-14 20:54:34 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL
[2009-07-14 20:54:31 | 02,023,424 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vcl50.bpl
[2009-07-14 20:54:31 | 00,633,280 | ---- | C] (Borland International, Inc.) -- C:\WINDOWS\System32\Vcldb30.dpl
[2009-07-14 20:54:31 | 00,558,080 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vcldb50.bpl
[2009-07-14 20:54:31 | 00,556,544 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Qrpt50.bpl
[2009-07-14 20:54:31 | 00,356,437 | ---- | C] (The Firebird Project) -- C:\WINDOWS\System32\Gds32.dll
[2009-07-14 20:54:31 | 00,300,032 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vclbde50.bpl
[2009-07-14 20:54:31 | 00,248,832 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vclx50.bpl
[2009-07-14 20:54:31 | 00,219,584 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Vclx30.dpl
[2009-07-14 20:54:31 | 00,085,504 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vcldbx50.bpl
[2009-07-14 20:54:31 | 00,079,816 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Vcldbx30.dpl
[2009-07-14 20:54:31 | 00,066,048 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\Vclsmp50.bpl
[2009-07-14 20:54:31 | 00,061,880 | ---- | C] (Borland International, Inc.) -- C:\WINDOWS\System32\Vclsmp30.dpl
[2009-07-14 20:54:30 | 01,287,088 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Vcl30.dpl
[2009-07-14 20:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2009-07-14 20:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Borland
[2009-07-13 22:50:08 | 01,527,492 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\zdjęcia praca 147.jpg
[2009-07-13 22:50:08 | 01,423,197 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\zdjęcia praca 148.jpg
[2009-07-13 22:24:49 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\IrfanView Thumbnails.lnk
[2009-07-13 22:24:49 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\IrfanView.lnk
[2009-07-13 21:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Dane aplikacji\GARMIN
[2009-07-13 21:10:05 | 00,000,483 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Skrót do MapSource.exe.lnk
[2009-07-13 21:09:21 | 00,017,024 | ---- | C] (Walter Oney Software) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2009-07-13 21:09:21 | 00,007,296 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys
[2009-07-13 21:09:16 | 00,000,000 | ---D | C] -- C:\Garmin
[2009-07-13 21:04:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Moje dokumenty\My Garmin
[2009-07-13 20:59:10 | 00,000,000 | ---D | C] -- C:\Garmin1
[2009-07-13 18:20:28 | 00,077,871 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\stacjonarka.PNG
[2009-07-13 12:05:49 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys
[2009-07-13 12:05:49 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdaudio.sys
[2009-07-12 19:07:34 | 01,938,486 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\maśluchy.bmp
[2009-07-12 19:04:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Nowy Obraz - mapa bitowa.bmp
[2009-07-12 15:16:57 | 00,533,504 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Praca_licencjacka_z_ost Korkosz.doc
[2009-07-12 11:53:36 | 00,002,440 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Nowy OpenDocument Dokument tekstowy.odt
[2009-07-12 11:53:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Pulpit\Nowy folder
[2009-07-12 11:45:13 | 00,051,129 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Sylwia_236x295_kol.jpg
[2009-07-09 16:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Dane aplikacji\OpenFM
[2009-07-09 13:09:33 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\łaka blizej.bmp
[2009-07-09 13:06:15 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\łąka pana mglowski.bmp
[2009-07-09 10:17:10 | 00,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2009-07-09 10:17:10 | 00,000,528 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk
[2009-07-09 10:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Dane aplikacji\Nowe Gadu-Gadu
[2009-07-07 23:32:45 | 01,394,375 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Obraz 053.jpg
[2009-07-07 22:21:24 | 00,847,633 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5933.JPG
[2009-07-07 22:21:21 | 00,966,983 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5932.JPG
[2009-07-07 22:21:19 | 00,752,111 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5931.JPG
[2009-07-07 22:21:17 | 00,657,913 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5930.JPG
[2009-07-07 22:21:15 | 00,647,793 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5929.JPG
[2009-07-07 22:21:14 | 00,781,521 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\100_5928.JPG
[2009-07-07 16:46:14 | 00,001,517 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\a.html
[2009-07-07 08:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Pulpit\Kopia grill
[2009-07-07 08:16:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Pulpit\kotosha  pulpit 7 lipca 2009
[2009-07-07 08:08:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-07-07 08:08:02 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009-07-07 08:07:59 | 00,000,568 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-07-07 08:04:10 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-07-07 08:04:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Dane aplikacji\DAEMON Tools Lite
[2009-07-07 08:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Pulpit\sylwia odt
[2009-07-05 21:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Pulpit\grill
[2009-07-05 21:54:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009-07-05 21:54:00 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009-07-02 20:04:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\Temp
[2009-07-01 05:53:13 | 00,001,140 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003UA.job
[2009-07-01 05:53:13 | 00,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003Core.job
[2009-06-28 13:01:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009-06-28 12:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kotosha\Dane aplikacji\AdobeUM
[2009-06-20 12:10:26 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\kotosha\Pulpit\Skrót do disabledcommunity.081020.lnk
[2009-06-20 09:51:56 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009-06-20 09:02:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009-06-19 21:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009-06-19 21:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl
[2009-06-19 21:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009-06-19 21:14:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009-06-19 21:12:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009-06-19 21:10:28 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009-06-19 21:06:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009-06-13 06:47:51 | 00,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2009-06-13 06:38:31 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-04-26 09:26:39 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-04-05 11:36:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009-04-03 11:36:33 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\fsgscom.dll
[2009-03-01 13:05:45 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-05 20:44:37 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5i.DLL
[2009-01-05 10:53:51 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009-01-04 18:01:23 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-04 18:01:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-01-04 18:01:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-04 18:01:20 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-04 18:01:20 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-01-03 17:06:26 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009-01-03 17:06:26 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009-01-03 17:06:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009-01-03 17:06:21 | 00,026,242 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2009-01-03 17:06:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2008-08-17 11:17:52 | 01,892,352 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2008-08-17 11:17:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004-08-04 14:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2004-08-04 14:00:00 | 00,000,958 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-07-16 23:58:03 | 00,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003UA.job
[2009-07-16 22:27:31 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-07-16 22:27:19 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2009-07-16 22:27:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-07-16 22:27:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-16 22:27:04 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009-07-15 21:55:49 | 00,000,541 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\HijackThis.lnk
[2009-07-15 21:44:22 | 00,000,958 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-07-15 21:44:22 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-07-15 21:44:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-07-15 21:07:23 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-07-15 18:12:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-07-14 21:12:43 | 00,017,995 | ---- | M] () -- C:\WINDOWS\ewmapa.ini
[2009-07-14 20:58:03 | 00,000,663 | ---- | M] () -- C:\WINDOWS\baza.ini
[2009-07-14 20:55:35 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2009-07-14 20:55:35 | 00,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2009-07-14 20:55:35 | 00,002,670 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-07-14 20:55:35 | 00,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys
[2009-07-13 22:45:48 | 01,423,197 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\zdjęcia praca 148.jpg
[2009-07-13 22:45:46 | 01,527,492 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\zdjęcia praca 147.jpg
[2009-07-13 22:24:49 | 00,000,560 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\IrfanView Thumbnails.lnk
[2009-07-13 22:24:49 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\IrfanView.lnk
[2009-07-13 21:09:59 | 00,000,483 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Skrót do MapSource.exe.lnk
[2009-07-13 18:20:29 | 00,077,871 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\stacjonarka.PNG
[2009-07-13 15:33:31 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-07-13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009-07-12 19:07:35 | 01,938,486 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\maśluchy.bmp
[2009-07-12 19:04:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Nowy Obraz - mapa bitowa.bmp
[2009-07-12 15:20:44 | 00,533,504 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Praca_licencjacka_z_ost Korkosz.doc
[2009-07-12 11:53:36 | 00,002,440 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Nowy OpenDocument Dokument tekstowy.odt
[2009-07-11 05:58:01 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-2025429265-725345543-1003Core.job
[2009-07-09 16:29:09 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-09 13:09:33 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\łaka blizej.bmp
[2009-07-09 13:08:57 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\łąka pana mglowski.bmp
[2009-07-09 10:17:10 | 00,000,547 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2009-07-09 10:17:10 | 00,000,528 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk
[2009-07-07 22:35:42 | 01,394,375 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Obraz 053.jpg
[2009-07-07 16:47:01 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\a.html
[2009-07-07 08:07:59 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2009-07-07 08:04:10 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-07-06 14:32:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-05 17:18:01 | 00,017,280 | ---- | M] () -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-06-30 14:29:30 | 00,847,633 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5933.JPG
[2009-06-30 14:29:20 | 00,966,983 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5932.JPG
[2009-06-30 14:28:50 | 00,752,111 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5931.JPG
[2009-06-30 14:28:40 | 00,657,913 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5930.JPG
[2009-06-30 14:28:22 | 00,647,793 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5929.JPG
[2009-06-30 14:27:20 | 00,781,521 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\100_5928.JPG
[2009-06-28 19:12:00 | 06,887,092 | -H-- | M] () -- C:\Documents and Settings\kotosha\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-06-25 15:32:32 | 00,051,129 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Sylwia_236x295_kol.jpg
[2009-06-21 02:26:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-06-20 15:26:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2009-06-20 12:10:26 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\kotosha\Pulpit\Skrót do disabledcommunity.081020.lnk
[2009-06-20 09:51:56 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2009-06-20 09:04:24 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-06-20 09:04:24 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-06-20 09:04:24 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-06-20 09:04:24 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-06-20 09:04:21 | 00,984,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-06-20 09:01:26 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-19 21:11:54 | 00,251,152 | RHS- | M] () -- C:\ntldr
< End of report >


[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware

[kotosha]

Świetnie. Dzięki za pomoc. Wirus widocznie został usunięty. Komputer działa szybciej.

Temat można zamknąć.