• Ogłoszenie:

Komputer zawirusowany mks znalaz 360 wirusów

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: dwa z OTL + Gmer.

Komputer zawirusowany mks znalaz 360 wirusów

Postprzez marcin_atr 26 Sie 2009, 12:04

reklama
Witam od kilku dni walczę z infekcją komputera
Avast po zainstalowaniu się nie uruchamia (przed tym jak się uruchamiał pisał o wirusie w pamięci operacyjnej który niby przy rozruchu kompa wykasował), wyskakuje błąd, mks w trybie awaryjnym usunął przeszło 360 wirusów (trojanów) Brorok.
Obecnie nie otwierają się dyski po dwukrotnym kliknięciu myszką, tylko przez pasek adresu moge je otworzyć, Przed skanowaniem mks jakiekakolwiek próba zapisania jakiegos pliku z internetu kończyła się restartem komputera

o to log z RSIT
Kod: Zaznacz wszystko
Logfile of random's system information tool 1.06 (written by random/random)
Run by z at 2009-08-26 08:55:48
Microsoft Windows XP Home Edition Dodatek Service Pack 2
System drive C: has 6 GB (22%) free of 29 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01:24, on 2009-08-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\z\Pulpit\RSIT.exe
C:\Program Files\trend micro\z.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo! GeoCities</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=0>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=middle width=1%>
O1 - Hosts: <a href="http://geocities.yahoo.com/"><img src=http://us.i1.yimg.com/us.yimg.com/i/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a>
O1 - Hosts: </td>
O1 - Hosts: <td valign=middle>
O1 - Hosts: <table border=0 cellspacing=0 cellpadding=0 width=100%>
O1 - Hosts: <tr><td align=right valign=bottom nowrap>
O1 - Hosts: <font face=arial size=-1><a href="http://www.yahoo.com/">Yahoo!</a></font>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: <hr size=1>
O1 - Hosts: </td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=4>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399>
O1 - Hosts: <font face=Arial size=+1 color=white><b>This page is not available.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td align=center>
O1 - Hosts: <font face=Arial size=-1>
O1 - Hosts: We're sorry, but this page is currently unavailable for viewing. <br>If this site belongs to you, please read this <b><a href="http://help.yahoo.com/help/us/geo/geo-08.html">help page</a></b> for more information and assistance.<br>
O1 - Hosts: <br>For general questions see our main <b><a href="http://help.yahoo.com/help/us/geo/">help area</a></b>, or <b><a href="http://rd.yahoo.com/geosearch/err403/*http://us.geocities.yahoo.com/search">search</a></b> for other member pages.
O1 - Hosts: </font>
O1 - Hosts: </td>
O1 - Hosts: </tr><tr><td height=6></td></tr></table>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=249 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo! GeoCities</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://rd.yahoo.com/geosearch/err403/*http://geocities.yahoo.com/search" method=get>
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <br><font face=arial size=-1><a
O1 - Hosts: href="http://rd.yahoo.com/geosearch/err403/*http://geocities.yahoo.com/search/option">advanced search</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Build Your Own Web Site...</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <font face=arial size=-1>With Yahoo! GeoCities, anyone can build a great web site...for free!
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=center>
O1 - Hosts: <b><font face=arial><a href=http://geocities.yahoo.com/reg>Sign Up Now!</a></font></b>
O1 - Hosts: </td></tr><tr><td align=center>
O1 - Hosts: <a href=http://geocities.yahoo.com/reg><img src=http://us.geo1.yimg.com/pic.geocities.com/us/i/geo/pgs2.gif width=190 height=180 border=0 alt="Yahoo! GeoCities"></a>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right><font face=arial size=-1><a href=http://geocities.yahoo.com/v/info.html>Learn more...</a></font><br><br></td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=425>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001364&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001364&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> &#183; <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> &#183; <A
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-639] "C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Wyslij przez wiadomosc(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Wyślij przez Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 15069 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-03-30 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-28 42088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-17 17508864]
"Barsaka"=C:\WINDOWS\explorer.exe [2004-08-04 1033728]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2006-01-27 102448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-27 148888]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-03-30 970240]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"PDF Converter Registry Controller"=C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe [2003-09-09 102400]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-08-04 226816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Tok-Cirrhatus-639"=C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe []
"Tok-Cirrhatus"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-05-31 2562560]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\z\Menu Start\Programy\Autostart
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office\1045\WFXMSRVR.EXE"="C:\Program Files\Microsoft Office\Office\1045\WFXMSRVR.EXE:*:Disabled:WFXMSRVR"
"D:\dysk E\Kolekcja Klasyki\BrothersInArmsEiB\System\EiB.exe"="D:\dysk E\Kolekcja Klasyki\BrothersInArmsEiB\System\EiB.exe:*:Disabled:Brothers In Arms Earned In Blood"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Java\JRE6\BIN\java.exe"="C:\Program Files\Java\JRE6\BIN\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}]
shell\AutoRun\command - I:\fooool.exe
shell\explore\command - I:\fooool.exe
shell\open\command - I:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e557428-4d6b-11de-a8fa-806d6172696f}]
shell\AutoRun\command - D:\q9.cmd
shell\open\command - D:\q9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e557429-4d6b-11de-a8fa-806d6172696f}]
shell\AutoRun\command - E:\q9.cmd
shell\open\command - E:\q9.cmd


======List of files/folders created in the last 1 months======

2009-08-26 08:55:49 ----D---- C:\Program Files\trend micro
2009-08-26 08:55:48 ----D---- C:\rsit
2009-08-25 13:08:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-25 13:08:05 ----D---- C:\Program Files\Alwil Software
2009-08-16 21:11:57 ----D---- C:\bb5_unlocker
2009-08-09 10:55:43 ----D---- C:\Program Files\Panda Security
2009-08-08 05:03:22 ----SHD---- C:\FOUND.004
2009-08-07 23:58:52 ----D---- C:\Documents and Settings\z\Dane aplikacji\CyberLink
2009-08-07 13:02:23 ----A---- C:\WINDOWS\ModemLog_Nokia 6300 USB Modem #2.txt
2009-08-05 22:37:52 ----SHD---- C:\FOUND.003
2009-08-04 06:59:36 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-08-03 23:06:38 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-08-03 23:06:35 ----HD---- C:\WINDOWS\$NtUninstallWdf01007$
2009-08-03 12:36:10 ----D---- C:\WINDOWS\system32\ivtMobCache

======List of files/folders modified in the last 1 months======

2009-08-26 08:31:14 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2009-08-26 08:31:10 ----A---- C:\WINDOWS\system32\bscs.ini
2009-08-26 00:57:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-25 23:29:06 ----SH---- C:\boot.ini
2009-08-25 23:29:06 ----A---- C:\WINDOWS\win.ini
2009-08-25 23:29:06 ----A---- C:\WINDOWS\system.ini
2009-08-25 23:16:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-25 13:23:04 ----SH---- C:\AUTOEXEC.BAT
2009-08-25 13:08:26 ----A---- C:\WINDOWS\ODBC.INI
2009-08-18 19:06:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-07 13:30:42 ----A---- C:\WINDOWS\ModemLog_Nokia 5200 Bluetooth Modem.txt
2009-08-07 13:01:44 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI
2009-08-07 13:01:14 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2009-08-03 23:08:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-03 12:49:18 ----A---- C:\WINDOWS\system32\SHORTCUT.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-01-28 24240]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2006-01-28 36176]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-01-28 83968]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-04-30 103872]
R3 EL90XBC;Sterownik karty 3Com EtherLink XL 90XB/C; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-17 5026816]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-05-27 92288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-07-02 29960]
S1 wceusbsh;Sterownik hosta szeregowego USB Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-04 31872]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2006-01-28 16352]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-07-02 38920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2006-01-27 53248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2006-01-27 102448]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-08-04 772096]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-08-01 69735]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2006-01-27 241712]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2006-01-27 364592]

-----------------EOF-----------------
marcin_atr
~user
 
Posty: 34
Dołączenie: 06 Paź 2004, 10:43



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez wojtas 26 Sie 2009, 13:45

Pobierz OTL i daj z niego loga
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18093
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1651



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez marcin_atr 26 Sie 2009, 22:48

log z OTL
Kod: Zaznacz wszystko
OTL logfile created on: 2009-08-26 22:40:38 - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\z\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 527,94 Mb Available Physical Memory | 51,58% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28,43 Gb Total Space | 13,07 Gb Free Space | 45,98% Space Free | Partition Type: FAT32
Drive D: | 30,15 Gb Total Space | 7,67 Gb Free Space | 25,45% Space Free | Partition Type: FAT32
Drive E: | 90,45 Gb Total Space | 25,83 Gb Free Space | 28,55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-4F560FCD4CFC4
Current User Name: z
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004-08-04 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2009-02-17 15:50:32 | 17,508,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006-01-27 23:35:50 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003-10-31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006-02-19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008-08-04 18:04:38 | 00,226,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009-06-25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008-04-01 03:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2009-05-31 00:14:14 | 02,562,560 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [1999-05-17 14:59:04 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
PRC - [2006-02-19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006-07-26 12:38:14 | 00,533,504 | ---- | M] () -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2006-01-27 23:51:02 | 00,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-01-27 23:35:46 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008-08-04 18:04:40 | 00,772,096 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008-08-01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009-04-13 15:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008-08-01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2004-08-04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009-05-28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-03-30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-04-14 14:16:46 | 00,142,848 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
PRC - [2007-02-19 16:53:54 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009-08-05 07:30:50 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-07-27 17:42:10 | 10,719,848 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-07-27 16:39:44 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-08-26 22:40:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006-01-27 23:51:02 | 00,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006-01-27 23:35:46 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2006-01-27 23:35:32 | 00,241,712 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2006-01-27 23:35:26 | 00,364,592 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008-08-04 18:04:40 | 00,772,096 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS [Auto | Running])
SRV - [2008-08-01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS [On_Demand | Running])
SRV - [2008-08-01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS [Auto | Running])
SRV - [2004-08-04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-04-13 15:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2006-01-28 00:00:44 | 00,024,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008-08-05 20:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt [On_Demand | Stopped])
DRV - [2009-04-30 02:57:36 | 00,103,872 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2006-01-28 00:04:58 | 00,083,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2006-01-28 00:03:50 | 00,016,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2006-01-28 00:02:40 | 00,036,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008-01-21 19:28:12 | 00,014,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])
DRV - [2008-07-02 14:58:28 | 00,038,920 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2008-07-31 20:45:42 | 00,020,616 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus [Boot | Running])
DRV - [2001-08-17 20:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Running])
DRV - [2009-02-17 19:11:32 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2007-02-16 02:56:50 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006-04-12 12:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2009-02-17 16:55:54 | 05,026,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-07-02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\IvtBtBus.sys -- (IvtBtBUs [On_Demand | Running])
DRV - [2006-05-27 14:03:10 | 00,092,288 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2006-01-04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt [On_Demand | Stopped])
DRV - [2009-02-09 08:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2009-02-09 08:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2009-03-19 14:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2009-03-19 14:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004-08-04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004-08-04 12:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-02-09 08:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2009-02-09 08:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008-01-21 19:27:50 | 00,014,856 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2008-07-02 14:58:36 | 00,029,960 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2004-08-04 00:37:04 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [System | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.0
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-07-23 11:52:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-05-30 23:27:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-05-30 23:27:02 | 00,000,000 | ---D | M]

[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Extensions
[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Firefox\Profiles\rp6whgz7.default\extensions
[2009-07-18 08:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Firefox\Profiles\rp6whgz7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-05-30 23:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-05-30 23:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-08-21 23:06:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009-06-27 17:06:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-08-21 23:06:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2009-08-05 07:30:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-08-05 07:30:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-06-27 17:06:28 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009-08-05 07:30:50 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[2009-07-22 23:04:54 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-08-21 23:06:30 | 00,000,808 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (7595 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo! GeoCities</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=0>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=middle width=1%>
O1 - Hosts: <a href="http://geocities.yahoo.com/"><img src=http://us.i1.yimg.com/us.yimg.com/i/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a>
O1 - Hosts: </td>
O1 - Hosts: <td valign=middle>
O1 - Hosts: <table border=0 cellspacing=0 cellpadding=0 width=100%>
O1 - Hosts: <tr><td align=right valign=bottom nowrap>
O1 - Hosts: <font face=arial size=-1><a href="http://www.yahoo.com/">Yahoo!</a></font>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: <hr size=1>
O1 - Hosts: </td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=4>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399>
O1 - Hosts: <font face=Arial size=+1 color=white><b>This page is not available.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: 104 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe ()
O4 - HKLM..\Run: [Barsaka] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Converter Registry Controller] C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Tok-Cirrhatus-639] C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\z\Menu Start\Programy\Autostart\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Open PDF in Word - C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll (ScanSoft, Inc.)
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Wyslij przez wiadomosc(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: Wyślij przez Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\KesenjanganSosial.exe") - C:\WINDOWS\KesenjanganSosial.exe File not found
O20 - HKLM Winlogon: UserInit - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-25 13:23:04 | 00,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009-05-30 22:40:58 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-05-30 22:40:57 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\AutoRun\command - "" = I:\fooool.exe -- File not found
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\explore\Command - "" = I:\fooool.exe -- File not found
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\open\Command - "" = I:\fooool.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009-08-26 22:40:29 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe
[2009-08-26 22:34:01 | 00,019,944 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\222.JPG
[2009-08-26 13:30:05 | 00,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2009-08-26 13:28:38 | 03,634,762 | ---- | C] (HTTrack                                                     ) -- C:\Documents and Settings\z\Pulpit\httrack-3.43-7.exe
[2009-08-26 08:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-08-26 08:55:48 | 00,000,000 | ---D | C] -- C:\rsit
[2009-08-26 08:55:32 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\RSIT.exe
[2009-08-26 08:49:27 | 00,013,636 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\111.JPG
[2009-08-26 08:41:57 | 00,079,200 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\OTL.exe
[2009-08-25 23:29:04 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2009-08-25 23:29:04 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk
[2009-08-25 23:24:22 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009-08-25 13:12:15 | 00,007,469 | ---- | C] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2009-08-25 13:08:11 | 00,036,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-08-25 13:08:11 | 00,024,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-08-25 13:08:11 | 00,016,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-08-25 13:08:11 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-08-25 13:08:10 | 00,085,760 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-08-25 13:08:10 | 00,083,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-08-25 13:08:07 | 00,503,296 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2009-08-25 13:08:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-08-25 13:08:07 | 00,090,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2009-08-25 13:08:05 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009-08-25 08:22:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-25
[2009-08-24 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-24
[2009-08-23 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-23
[2009-08-22 00:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-22
[2009-08-21 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-21
[2009-08-20 00:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-20
[2009-08-19 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-19
[2009-08-18 05:55:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-18
[2009-08-17 23:44:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2009-08-17 23:43:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2009-08-17 13:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-17
[2009-08-16 21:11:57 | 00,000,000 | ---D | C] -- C:\bb5_unlocker
[2009-08-16 21:11:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Pulpit\bb5
[2009-08-16 21:10:40 | 00,011,391 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\bb5.zip
[2009-08-16 18:47:49 | 18,041,280 | ---- | C] (Sony Ericsson                                               ) -- C:\Documents and Settings\z\Pulpit\Sony_Ericsson_PC_Suite_6.007.00_Web_PL.exe
[2009-08-16 00:11:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Pulpit\Zdjęcia
[2009-08-12 13:30:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Pulpit\all_gameloft_games_240x320(2)
[2009-08-11 12:07:29 | 89,059,326 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\all_gameloft_games_240x320(2).rar
[2009-08-10 23:48:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\all_gameloft_games_240x320.rar
[2009-08-09 10:57:44 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-08-09 10:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-08-09 10:55:39 | 00,175,888 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\activescan2_en.exe
[2009-08-09 00:41:00 | 00,957,476 | ---- | C] () -- C:\Documents and Settings\z\Moje dokumenty\Defoe Daniel - Przypadki Robinsona Kruzoe.pdf
[2009-08-08 05:03:22 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009-08-07 23:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Dane aplikacji\CyberLink
[2009-08-07 23:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Moje dokumenty\CyberLink
[2009-08-06 13:27:38 | 01,572,384 | -H-- | C] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-05 22:37:52 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009-08-04 23:40:23 | 05,778,734 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\armin van buuren ft. sharon den adel - in and out of love (full version).mp3
[2009-08-04 23:39:11 | 03,108,811 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\sylver-shallow water.mp3
[2009-08-04 23:38:05 | 03,227,094 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\sylver-wild horses.mp3
[2009-08-04 23:37:16 | 03,963,121 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\sylver-turn the tide.mp3
[2009-08-04 23:31:43 | 03,405,562 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\dj luba pres. dj dean - if i could be you (remix)rs.mp3
[2009-08-03 23:06:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2009-08-03 23:06:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009-08-03 23:06:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-08-03 23:06:43 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-08-03 23:06:38 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009-08-03 12:36:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ivtMobCache
[2009-08-03 01:16:38 | 00,087,552 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\Funkcjonowanie Policji.doc
[2009-08-03 01:16:31 | 00,124,928 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\Bezpieczenstwo publiczne.doc
[2009-08-03 01:16:21 | 00,156,672 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\ADMINISTRACJA PUBLICZNA.doc
[2009-07-23 11:51:44 | 00,002,763 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2009-07-23 11:51:35 | 00,000,394 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2009-07-23 11:51:29 | 00,004,572 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2009-07-23 11:51:26 | 00,000,107 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2009-07-23 11:46:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\WMV9VCM.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-06-13 22:13:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-13 22:13:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-06-10 11:23:31 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-07 23:06:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009-06-02 11:17:35 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009-05-31 01:21:25 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-05-31 01:21:24 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009-05-31 01:21:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009-05-31 00:13:05 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-05-30 23:22:11 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-30 23:22:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-08-04 18:04:44 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2008-08-04 17:36:50 | 00,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2008-08-01 15:58:50 | 00,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2008-08-01 15:58:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2008-08-01 15:58:14 | 00,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2008-08-01 15:55:40 | 00,118,880 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2008-08-01 15:55:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2008-08-01 15:54:12 | 00,102,499 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008-08-01 15:46:30 | 17,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2008-08-01 15:46:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2004-08-04 12:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 12:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-04 12:00:00 | 00,000,892 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-06 15:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999-01-22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009-08-26 22:40:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe
[2009-08-26 22:34:02 | 00,019,944 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\222.JPG
[2009-08-26 22:32:34 | 00,004,572 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2009-08-26 22:32:30 | 00,001,104 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2009-08-26 22:32:22 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-08-26 22:32:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-26 22:32:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-26 22:32:14 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009-08-26 13:29:22 | 03,634,762 | ---- | M] (HTTrack                                                     ) -- C:\Documents and Settings\z\Pulpit\httrack-3.43-7.exe
[2009-08-26 12:40:30 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-26 11:05:38 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-26 08:55:40 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\RSIT.exe
[2009-08-26 08:49:28 | 00,013,636 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\111.JPG
[2009-08-26 08:41:54 | 00,079,200 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\OTL.exe
[2009-08-26 00:57:34 | 01,572,384 | -H-- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-25 23:29:06 | 00,000,892 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-08-25 23:29:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-08-25 23:29:06 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-08-25 13:23:04 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2009-08-25 13:12:16 | 00,007,469 | ---- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2009-08-25 13:08:26 | 00,000,532 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009-08-25 13:08:12 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-08-25 13:08:12 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-08-25 13:07:18 | 00,001,500 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2009-08-25 11:54:58 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2009-08-16 21:10:40 | 00,011,391 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\bb5.zip
[2009-08-16 18:51:30 | 18,041,280 | ---- | M] (Sony Ericsson                                               ) -- C:\Documents and Settings\z\Pulpit\Sony_Ericsson_PC_Suite_6.007.00_Web_PL.exe
[2009-08-11 12:27:00 | 89,059,326 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\all_gameloft_games_240x320(2).rar
[2009-08-10 23:48:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\all_gameloft_games_240x320.rar
[2009-08-09 10:55:42 | 00,175,888 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\activescan2_en.exe
[2009-08-09 00:41:02 | 00,957,476 | ---- | M] () -- C:\Documents and Settings\z\Moje dokumenty\Defoe Daniel - Przypadki Robinsona Kruzoe.pdf
[2009-08-08 20:20:14 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-08-07 13:01:44 | 00,000,394 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2009-08-07 13:01:14 | 00,000,107 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2009-08-04 23:45:12 | 05,778,734 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\armin van buuren ft. sharon den adel - in and out of love (full version).mp3
[2009-08-04 23:39:06 | 03,108,811 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\sylver-shallow water.mp3
[2009-08-04 23:38:04 | 03,227,094 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\sylver-wild horses.mp3
[2009-08-04 23:36:58 | 03,963,121 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\sylver-turn the tide.mp3
[2009-08-04 23:35:56 | 03,405,562 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\dj luba pres. dj dean - if i could be you (remix)rs.mp3
[2009-08-03 23:08:06 | 00,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-08-03 23:08:06 | 00,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-08-03 23:08:06 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-08-03 23:08:06 | 00,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-08-03 23:08:06 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-08-03 23:06:46 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-08-03 23:06:44 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-08-03 12:49:18 | 00,002,763 | ---- | M] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2009-08-03 08:03:46 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-08-03 01:16:38 | 00,087,552 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\Funkcjonowanie Policji.doc
[2009-08-03 01:16:32 | 00,124,928 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\Bezpieczenstwo publiczne.doc
[2009-08-03 01:16:22 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\ADMINISTRACJA PUBLICZNA.doc
< End of report >


po uruchomieniu kompa wyswietla:

Image
marcin_atr
~user
 
Posty: 34
Dołączenie: 06 Paź 2004, 10:43



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez wojtas 27 Sie 2009, 15:02

Uruchom OTL i w oknie Custom Scans/Fixes wklej :
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Barsaka] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Tok-Cirrhatus-639] C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O32 - AutoRun File - [2009-05-30 22:40:58 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-05-30 22:40:57 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\AutoRun\command - "" = I:\fooool.exe -- File not found
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\explore\Command - "" = I:\fooool.exe -- File not found
O33 - MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\Shell\open\Command - "" = I:\fooool.exe -- File not found
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\KesenjanganSosial.exe") - C:\WINDOWS\KesenjanganSosial.exe File not found

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]


Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18093
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1651



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez marcin_atr 28 Sie 2009, 12:08

log z czyszczenie to o to chodziło?? (wiem jestem lamka i noob)
czyszczenie wykonałem w trybie awaryjnym bo na normalnym komp się wieszał...

Kod: Zaznacz wszystko
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Barsaka deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus-639 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
D:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
File I:\fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
File I:\fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e557426-4d6b-11de-a8fa-806d6172696f}\ not found.
File I:\fooool.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\WINDOWS\KesenjanganSosial.exe" deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: z
->Temp folder emptied: 87549127 bytes
->Temporary Internet Files folder emptied: 32794359 bytes
->Java cache emptied: 14167244 bytes
->FireFox cache emptied: 51538585 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 21532741 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
Windows Temp folder emptied: 273547 bytes
RecycleBin emptied: 22934164 bytes

Total Files Cleaned = 222,21 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08282009_120221

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


log z otl po czyszczeniu

Kod: Zaznacz wszystko
OTL logfile created on: 2009-08-28 12:03:54 - Run 2
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\z\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 680,33 Mb Available Physical Memory | 66,47% Memory free
2,40 Gb Paging File | 2,14 Gb Available in Paging File | 89,13% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28,43 Gb Total Space | 13,42 Gb Free Space | 47,21% Space Free | Partition Type: FAT32
Drive D: | 30,15 Gb Total Space | 7,67 Gb Free Space | 25,45% Space Free | Partition Type: FAT32
Drive E: | 90,45 Gb Total Space | 14,63 Gb Free Space | 16,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-4F560FCD4CFC4
Current User Name: z
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004-08-04 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004-08-04 12:00:00 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009-02-17 15:50:32 | 17,508,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006-01-27 23:35:50 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-06-27 17:06:28 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003-10-31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006-02-19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008-08-04 18:04:38 | 00,226,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009-06-25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008-04-01 03:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2009-05-31 00:14:14 | 02,562,560 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [1999-05-17 14:59:04 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
PRC - [2006-02-19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006-07-26 12:38:14 | 00,533,504 | ---- | M] () -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2006-01-27 23:51:02 | 00,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-01-27 23:35:46 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008-08-04 18:04:40 | 00,772,096 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008-08-01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009-04-13 15:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008-08-01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2004-08-04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007-02-19 16:53:54 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009-05-28 13:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-03-30 10:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-04-14 14:16:46 | 00,142,848 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
PRC - [2009-08-26 22:40:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006-01-27 23:51:02 | 00,053,248 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2006-01-27 23:35:46 | 00,102,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2006-01-27 23:35:32 | 00,241,712 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2006-01-27 23:35:26 | 00,364,592 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008-08-04 18:04:40 | 00,772,096 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS [Auto | Running])
SRV - [2008-08-01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS [On_Demand | Running])
SRV - [2008-08-01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS [Auto | Running])
SRV - [2004-08-04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-04-13 15:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2006-01-28 00:00:44 | 00,024,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008-08-05 20:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt [On_Demand | Stopped])
DRV - [2009-04-30 02:57:36 | 00,103,872 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2006-01-28 00:04:58 | 00,083,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2006-01-28 00:03:50 | 00,016,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2006-01-28 00:02:40 | 00,036,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008-01-21 19:28:12 | 00,014,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])
DRV - [2008-07-02 14:58:28 | 00,038,920 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2008-07-31 20:45:42 | 00,020,616 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus [Boot | Running])
DRV - [2001-08-17 20:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Running])
DRV - [2009-02-17 19:11:32 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2007-02-16 02:56:50 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006-04-12 12:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2009-02-17 16:55:54 | 05,026,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-07-02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\IvtBtBus.sys -- (IvtBtBUs [On_Demand | Running])
DRV - [2006-05-27 14:03:10 | 00,092,288 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2006-01-04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt [On_Demand | Stopped])
DRV - [2009-02-09 08:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2009-02-09 08:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2009-03-19 14:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2009-03-19 14:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004-08-04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2004-08-04 12:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-02-09 08:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2009-02-09 08:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008-01-21 19:27:50 | 00,014,856 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2008-07-02 14:58:36 | 00,029,960 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2004-08-04 00:37:04 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [System | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.0
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-07-23 11:52:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-05-30 23:27:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-05-30 23:27:02 | 00,000,000 | ---D | M]

[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Extensions
[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-30 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Firefox\Profiles\rp6whgz7.default\extensions
[2009-07-18 08:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\z\Dane aplikacji\mozilla\Firefox\Profiles\rp6whgz7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-05-30 23:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-05-30 23:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-08-21 23:06:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009-06-27 17:06:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-08-21 23:06:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2009-08-05 07:30:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-08-05 07:30:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-06-27 17:06:28 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009-08-05 07:30:50 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
[2009-07-22 23:04:54 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-08-21 23:06:30 | 00,000,808 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (7595 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo! GeoCities</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=0>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=middle width=1%>
O1 - Hosts: <a href="http://geocities.yahoo.com/"><img src=http://us.i1.yimg.com/us.yimg.com/i/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a>
O1 - Hosts: </td>
O1 - Hosts: <td valign=middle>
O1 - Hosts: <table border=0 cellspacing=0 cellpadding=0 width=100%>
O1 - Hosts: <tr><td align=right valign=bottom nowrap>
O1 - Hosts: <font face=arial size=-1><a href="http://www.yahoo.com/">Yahoo!</a></font>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: <hr size=1>
O1 - Hosts: </td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=4>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399>
O1 - Hosts: <font face=Arial size=+1 color=white><b>This page is not available.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: 104 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe ()
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Converter Registry Controller] C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Tok-Cirrhatus-639] C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\z\Menu Start\Programy\Autostart\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Open PDF in Word - C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll (ScanSoft, Inc.)
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Wyslij przez wiadomosc(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: Wyślij przez Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-25 13:23:04 | 00,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-08-28 12:03:25 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009-08-28 11:54:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-08-27 11:37:45 | 00,000,554 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\HTTrack Website Copier.lnk
[2009-08-26 22:40:29 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe
[2009-08-26 13:30:05 | 00,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2009-08-26 13:28:38 | 03,634,762 | ---- | C] (HTTrack                                                     ) -- C:\Documents and Settings\z\Pulpit\httrack-3.43-7.exe
[2009-08-26 08:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-08-26 08:55:48 | 00,000,000 | ---D | C] -- C:\rsit
[2009-08-26 08:55:32 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\RSIT.exe
[2009-08-25 23:29:04 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2009-08-25 23:29:04 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk
[2009-08-25 13:12:15 | 00,007,469 | ---- | C] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2009-08-25 13:08:11 | 00,036,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-08-25 13:08:11 | 00,024,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-08-25 13:08:11 | 00,016,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-08-25 13:08:11 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-08-25 13:08:10 | 00,085,760 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-08-25 13:08:10 | 00,083,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-08-25 13:08:07 | 00,503,296 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2009-08-25 13:08:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-08-25 13:08:07 | 00,090,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2009-08-25 13:08:05 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009-08-25 08:22:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-25
[2009-08-24 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-24
[2009-08-23 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-23
[2009-08-22 00:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-22
[2009-08-21 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-21
[2009-08-20 00:00:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-20
[2009-08-19 00:00:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-19
[2009-08-18 05:55:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-18
[2009-08-17 23:44:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2009-08-17 23:43:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2009-08-17 13:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-17
[2009-08-16 21:11:57 | 00,000,000 | ---D | C] -- C:\bb5_unlocker
[2009-08-16 00:11:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Pulpit\Zdjęcia
[2009-08-09 10:57:44 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-08-09 10:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-08-09 00:41:00 | 00,957,476 | ---- | C] () -- C:\Documents and Settings\z\Moje dokumenty\Defoe Daniel - Przypadki Robinsona Kruzoe.pdf
[2009-08-08 05:03:22 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009-08-07 23:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Dane aplikacji\CyberLink
[2009-08-07 23:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\z\Moje dokumenty\CyberLink
[2009-08-06 13:27:38 | 02,108,922 | -H-- | C] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-05 22:37:52 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009-08-03 23:06:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2009-08-03 23:06:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009-08-03 23:06:44 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-08-03 23:06:43 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-08-03 23:06:38 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009-08-03 12:36:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ivtMobCache
[2009-08-03 01:16:38 | 00,087,552 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\Funkcjonowanie Policji.doc
[2009-08-03 01:16:31 | 00,124,928 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\Bezpieczenstwo publiczne.doc
[2009-08-03 01:16:21 | 00,156,672 | ---- | C] () -- C:\Documents and Settings\z\Pulpit\ADMINISTRACJA PUBLICZNA.doc
[2009-07-23 11:51:44 | 00,002,763 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2009-07-23 11:51:35 | 00,000,394 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2009-07-23 11:51:29 | 00,004,572 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2009-07-23 11:51:26 | 00,000,107 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2009-07-23 11:46:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\WMV9VCM.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2009-06-13 22:13:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-06-13 22:13:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-13 22:13:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-06-10 11:23:31 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-07 23:06:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009-06-02 11:17:35 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009-05-31 01:21:25 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-05-31 01:21:24 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009-05-31 01:21:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009-05-31 00:13:05 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-05-30 23:22:11 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-30 23:22:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-08-04 18:04:44 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2008-08-04 17:36:50 | 00,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2008-08-01 15:58:50 | 00,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2008-08-01 15:58:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2008-08-01 15:58:14 | 00,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2008-08-01 15:55:40 | 00,118,880 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2008-08-01 15:55:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2008-08-01 15:54:12 | 00,102,499 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008-08-01 15:46:30 | 17,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2008-08-01 15:46:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2004-08-04 12:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 12:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-04 12:00:00 | 00,000,892 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-06 15:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999-01-22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-08-28 12:03:44 | 00,004,572 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2009-08-28 12:03:38 | 00,001,104 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2009-08-28 12:03:30 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-08-28 12:03:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-28 12:03:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-28 12:03:26 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009-08-28 08:29:34 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2009-08-27 13:31:16 | 02,108,922 | -H-- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-27 11:37:46 | 00,000,554 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\HTTrack Website Copier.lnk
[2009-08-26 22:40:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\z\Pulpit\OTL(2).exe
[2009-08-26 13:29:22 | 03,634,762 | ---- | M] (HTTrack                                                     ) -- C:\Documents and Settings\z\Pulpit\httrack-3.43-7.exe
[2009-08-26 12:40:30 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-26 11:05:38 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-26 08:55:40 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\RSIT.exe
[2009-08-25 23:29:06 | 00,000,892 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-08-25 23:29:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-08-25 23:29:06 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-08-25 13:23:04 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2009-08-25 13:12:16 | 00,007,469 | ---- | M] () -- C:\Documents and Settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
[2009-08-25 13:08:26 | 00,000,532 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009-08-25 13:08:12 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-08-25 13:08:12 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-08-25 13:07:18 | 00,001,500 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2009-08-09 00:41:02 | 00,957,476 | ---- | M] () -- C:\Documents and Settings\z\Moje dokumenty\Defoe Daniel - Przypadki Robinsona Kruzoe.pdf
[2009-08-08 20:20:14 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-08-07 13:01:44 | 00,000,394 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2009-08-07 13:01:14 | 00,000,107 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2009-08-03 23:08:06 | 00,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-08-03 23:08:06 | 00,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-08-03 23:08:06 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-08-03 23:08:06 | 00,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-08-03 23:08:06 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-08-03 23:06:46 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009-08-03 23:06:44 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009-08-03 12:49:18 | 00,002,763 | ---- | M] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2009-08-03 08:03:46 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-08-03 01:16:38 | 00,087,552 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\Funkcjonowanie Policji.doc
[2009-08-03 01:16:32 | 00,124,928 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\Bezpieczenstwo publiczne.doc
[2009-08-03 01:16:22 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\z\Pulpit\ADMINISTRACJA PUBLICZNA.doc
< End of report >
marcin_atr
~user
 
Posty: 34
Dołączenie: 06 Paź 2004, 10:43



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez wojtas 28 Sie 2009, 12:10

wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts

Jeśli są jakieś wpisy pod

# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x
127.0.0.1 localhost


to usun tylko zostaw te pokazane przeze mnie wyzej zapisz edytowany plik


Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18093
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1651



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez marcin_atr 28 Sie 2009, 12:25

nic takiego nie znalazłem w hosts poniżej zawartość pliku z danej lokalizacji

Kod: Zaznacz wszystko
<HTML><HEAD><TITLE>Yahoo! GeoCities</TITLE>
</HEAD><BODY BGCOLOR=white vlink=blue>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE --><center>
<table border=0 width=675 cellspacing=0 cellpadding=0>
<tr>
<td valign=middle width=1%>
<a href="http://geocities.yahoo.com/"><img src=http://us.i1.yimg.com/us.yimg.com/i/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a>
</td>
<td valign=middle>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<tr><td align=right valign=bottom nowrap>
<font face=arial size=-1><a href="http://www.yahoo.com/">Yahoo!</a></font>
</td></tr>
</table>
<hr size=1>
</td></tr></table>
<br>
<table border=0 width=675 cellspacing=0 cellpadding=4>
<tr>
<td bgcolor=003399>
<font face=Arial size=+1 color=white><b>This page is not available.</b></font>
</td>
</tr>
<tr>
<td align=center>
<font face=Arial size=-1>
We're sorry, but this page is currently unavailable for viewing.  <br>If this site belongs to you, please read this <b><a href="http://help.yahoo.com/help/us/geo/geo-08.html">help page</a></b> for more information and assistance.<br>
<br>For general questions see our main <b><a href="http://help.yahoo.com/help/us/geo/">help area</a></b>, or <b><a href="http://rd.yahoo.com/geosearch/err403/*http://us.geocities.yahoo.com/search">search</a></b> for other member pages.
</font>
</td>
</tr><tr><td height=6></td></tr></table>

<table border=0 width=675 cellspacing=0 cellpadding=1>
<tr>
<td valign=top width=249 bgcolor=ffffff>

<table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
<td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
<tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo! GeoCities</b></font></td></tr>
<tr bgcolor=white><td valign=top align=center>
<form action="http://rd.yahoo.com/geosearch/err403/*http://geocities.yahoo.com/search" method=get>
<input size="14" name="p" value="">&nbsp;
<input type="SUBMIT" value="Search">
<br><font face=arial size=-1><a
href="http://rd.yahoo.com/geosearch/err403/*http://geocities.yahoo.com/search/option">advanced search</a></font>
</form></td></tr></table>

<table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
<tr bgcolor=ccccff><td>
<FONT face=arial size=+1>Build Your Own Web Site...</font>
</td></tr>
<tr><td>
<font face=arial size=-1>With Yahoo! GeoCities, anyone can build a great web site...for free!
</td></tr>
<tr><td align=center>
<b><font face=arial><a href=http://geocities.yahoo.com/reg>Sign Up Now!</a></font></b>
</td></tr><tr><td align=center>
<a href=http://geocities.yahoo.com/reg><img src=http://us.geo1.yimg.com/pic.geocities.com/us/i/geo/pgs2.gif width=190 height=180 border=0 alt="Yahoo! GeoCities"></a>
</td></tr>
<tr><td align=right><font face=arial size=-1><a href=http://geocities.yahoo.com/v/info.html>Learn more...</a></font><br><br></td></tr>
</table>
</td></tr></table>
</td>
<td width=1>&nbsp;</td>
<td valign=top align=center width=425>
<script language="JavaScript" type="text/javascript"
src="http://adserver.yahoo.com/a?f=76001364&p=geocities&l=MON&c=sr">
</script>
<noscript>
<iframe
src="http://adserver.yahoo.com/a?f=76001364&p=geocities&l=MON&c=sh&bg=ffffff"
width=470 height=580 marginwidth=0 marginheight=0 hspace=0
vspace=0 frameborder=0 scrolling=no>
</iframe>
</noscript>
</td>
</tr>
</table>
<br>
<table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
<table cellpadding=1 cellspacing=1 border=0 width="100%">
<tr valign=top bgcolor=ffffff><td align=center>
<font face=arial size=-2><A
href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> &#183; <A
href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
</font></td></tr></table></td></tr></table>
<p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright &copy; 2001 <a href="http://www.yahoo.com" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="http://privacy.yahoo.com/privacy/us/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
</center>
<!-- error 403 -->
</body>
</html>
<!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
<IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1250508399&f=us-w2" ALT=1 WIDTH=1 HEIGHT=1>


log z combofix
Kod: Zaznacz wszystko
ComboFix 09-08-27.A0 - z 2009-08-28 12:39.1.2 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1023.500 [GMT 2:00]
Uruchomiony z: c:\documents and settings\z\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\cpuinf32.dll
c:\windows\system32\DivXsm.exe
c:\windows\system32\iconv.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\mdm.exe
c:\windows\system32\mplvpx.dll
c:\windows\system32\ogg.dll
c:\windows\system32\OggDS.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\vorbisenc.dll
c:\windows\system32\WMV9VCM.dll
D:\2a.exe
D:\cqxj.exe
D:\lad.bat
D:\luk1ylq.com
D:\q9.cmd
D:\uxkl0apt.bat
D:\yhh.bat
E:\2a.exe
E:\cqxj.exe
E:\lad.bat
E:\luk1ylq.com
E:\q9.cmd
E:\uxkl0apt.bat
E:\yhh.bat


.
(((((((((((((((((((((((((   Pliki utworzone od 2009-07-28 do 2009-08-28  )))))))))))))))))))))))))))))))
.

2009-08-28 10:07 . 2009-08-17 16:05   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-28 10:07 . 2009-08-17 16:05   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-28 09:54 . 2009-08-28 09:54   --------   d-----w-   C:\_OTL
2009-08-26 11:30 . 2009-08-26 11:30   --------   d-----w-   c:\program files\WinHTTrack
2009-08-26 06:55 . 2009-08-26 06:55   --------   d-----w-   c:\program files\trend micro
2009-08-26 06:55 . 2009-08-26 06:55   --------   d-----w-   C:\rsit
2009-08-25 11:12 . 2009-08-25 11:12   7469   ----a-w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin
2009-08-25 11:08 . 2009-08-17 16:04   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-25 11:08 . 2009-08-17 16:04   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-25 11:08 . 2009-08-17 16:03   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-08-25 11:08 . 2009-08-17 16:06   93392   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-08-25 11:08 . 2009-08-17 16:06   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-08-25 11:08 . 2009-08-17 16:10   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-25 11:08 . 2009-08-17 16:02   97480   ----a-w-   c:\windows\system32\AVASTSS.scr
2009-08-25 11:08 . 2009-08-25 11:08   --------   d-----w-   c:\program files\Alwil Software
2009-08-25 06:22 . 2009-08-25 06:22   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-25
2009-08-23 22:00 . 2009-08-23 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-24
2009-08-22 22:00 . 2009-08-22 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-23
2009-08-21 22:00 . 2009-08-21 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-22
2009-08-21 21:06 . 2009-08-21 21:06   85504   ----a-w-   c:\documents and settings\z\Dane aplikacji\pdfforge\sspatch2.exe
2009-08-20 22:00 . 2009-08-20 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-21
2009-08-19 22:00 . 2009-08-19 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-20
2009-08-18 22:00 . 2009-08-18 22:00   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-19
2009-08-18 03:55 . 2009-08-18 03:55   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-18
2009-08-17 21:44 . 2009-08-17 21:44   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
2009-08-17 21:43 . 2009-08-17 21:43   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
2009-08-17 11:26 . 2009-08-17 11:26   --------   d-----w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-17
2009-08-16 19:11 . 2009-08-16 19:11   --------   d-----w-   C:\bb5_unlocker
2009-08-09 08:57 . 2008-06-19 15:24   28544   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2009-08-09 08:55 . 2009-08-09 08:55   --------   d-----w-   c:\program files\Panda Security
2009-08-09 08:15 . 2009-08-09 08:15   --------   d-----w-   c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
2009-08-09 08:05 . 2009-08-09 08:05   --------   d-----w-   c:\documents and settings\Administrator\Dane aplikacji\Search Settings
2009-08-09 08:05 . 2009-08-09 08:05   --------   d-----w-   c:\documents and settings\Administrator\Dane aplikacji\pdfforge
2009-08-09 08:05 . 2009-08-09 08:05   --------   d-----w-   c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-08-08 03:03 . 2009-08-08 03:03   --------   d-sh--w-   C:\FOUND.004
2009-08-07 21:58 . 2009-08-07 21:58   --------   d-----w-   c:\documents and settings\z\Dane aplikacji\CyberLink
2009-08-06 20:40 . 2009-08-06 20:40   80384   ----a-w-   c:\documents and settings\z\Dane aplikacji\pdfforge\sspatch.exe
2009-08-05 20:37 . 2009-08-05 20:37   --------   d-sh--w-   C:\FOUND.003
2009-08-03 21:06 . 2004-08-03 21:08   25600   ----a-w-   c:\windows\system32\drivers\usbser.sys
2009-08-03 21:06 . 2004-08-03 21:08   25600   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2009-08-03 21:06 . 2008-03-21 11:57   14640   ------w-   c:\windows\system32\spmsgXP_2k3.dll
2009-08-03 10:36 . 2009-08-03 10:36   --------   d-----w-   c:\windows\system32\ivtMobCache

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 11:07 . 2009-05-30 22:08   1500   ----a-w-   c:\windows\unins000.dat
2009-08-03 21:08 . 2004-08-04 10:00   49712   ----a-w-   c:\windows\system32\perfc015.dat
2009-08-03 21:08 . 2004-08-04 10:00   355830   ----a-w-   c:\windows\system32\perfh015.dat
2009-08-03 21:06 . 2009-08-03 21:06   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-03 21:06 . 2009-08-03 21:06   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-23 09:53 . 2009-07-23 09:53   --------   d-----w-   c:\documents and settings\z\Dane aplikacji\PC Suite
2009-07-23 09:53 . 2009-07-23 09:53   --------   d-----w-   c:\documents and settings\z\Dane aplikacji\Nokia
2009-07-23 09:53 . 2009-07-23 09:53   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-07-23 09:52 . 2009-07-23 09:52   --------   d-----w-   c:\program files\Common Files\PCSuite
2009-07-23 09:52 . 2009-07-23 09:52   --------   d-----w-   c:\program files\Common Files\Nokia
2009-07-23 09:52 . 2009-07-23 09:52   --------   d-----w-   c:\program files\DIFX
2009-07-23 09:52 . 2009-07-23 09:52   --------   d-----w-   c:\program files\PC Connectivity Solution
2009-07-23 09:52 . 2009-07-23 09:52   --------   d-----w-   c:\program files\Nokia
2009-07-23 09:52 . 2009-07-23 09:52   95232   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-23 09:52 . 2009-07-23 09:52   8192   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-23 09:52 . 2009-07-23 09:52   61440   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-23 09:52 . 2009-07-23 09:52   10240   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-23 09:51 . 2009-07-23 09:51   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Installations
2009-07-23 09:48 . 2009-07-23 09:52   33984304   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_pol_web.exe
2009-07-23 09:45 . 2009-07-23 09:45   --------   d-----w-   c:\program files\IVT Corporation
2009-07-19 14:26 . 2009-07-19 14:26   --------   d-----w-   c:\program files\ScanSoft
2009-07-15 10:33 . 2009-07-15 10:32   --------   d-----w-   c:\documents and settings\z\Dane aplikacji\Media Player Classic
2009-07-14 21:22 . 2009-07-14 21:22   --------   d-----w-   c:\program files\MagicDisc
2009-07-12 19:27 . 2009-07-12 19:27   --------   d-----w-   c:\program files\SkanerOnline
2009-07-05 18:19 . 2009-07-05 18:19   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-07-05 18:19 . 2009-07-05 18:19   --------   d-----w-   c:\program files\CyberLink
2009-07-02 07:25 . 2009-07-02 07:25   --------   d-----w-   c:\documents and settings\z\Dane aplikacji\Image Zone Express
2009-06-27 15:06 . 2009-06-27 15:06   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-27 14:49 . 2009-06-27 14:49   152576   ----a-w-   c:\documents and settings\z\Dane aplikacji\Sun\Java\jre1.6.0_12\lzma.dll
2009-06-26 08:04 . 2009-06-26 08:04   249856   ------w-   c:\windows\Setup1.exe
2009-06-26 08:04 . 2009-06-26 08:04   73216   ----a-w-   c:\windows\ST6UNST.EXE
2009-06-13 20:13 . 2009-06-13 20:13   468   ----a-w-   c:\windows\system32\xvidvfw.dll
2009-06-13 20:13 . 2009-06-13 20:13   468   ----a-w-   c:\windows\system32\xvidcore.dll
2009-06-07 21:11 . 2009-06-07 21:03   120340   ----a-w-   c:\windows\hpoins11.dat
2009-06-07 11:18 . 2009-06-07 10:54   113548   ----a-w-   c:\windows\hpoins07.dat
2009-06-07 10:54 . 2009-06-07 10:54   20408   ----a-w-   c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-01 10:21 . 2009-05-30 21:02   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 23:21 . 2009-05-30 23:21   5058   ----a-w-   c:\windows\Help\hhcolreg.dat
2009-05-30 22:12 . 2009-05-30 22:12   116144   ----a-w-   c:\documents and settings\z\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-30 22:09 . 2004-08-04 10:00   504832   ----a-w-   c:\windows\system32\winlogon.exe
2009-05-30 21:27 . 2009-05-30 21:27   0   ----a-w-   c:\windows\nsreg.dat
2009-05-30 21:00 . 2009-05-30 21:00   21856   ----a-w-   c:\windows\system32\emptyregdb.dat
1999-05-17 12:58 . 1999-05-17 12:58   99840   ----a-w-   c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 . 1998-12-09 01:53   70144   ----a-w-   c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53   48640   ----a-w-   c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53   31744   ----a-w-   c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53   186368   ----a-w-   c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 . 1998-12-09 01:53   17920   ----a-w-   c:\program files\Common Files\IRASRIAL.DLL
.

------- Sigcheck -------

[-] 2009-05-30 22:09   504832   381221F69D1248864861889A64F100B6   c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-05-04 14:32   650752   ----a-w-   c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-30 2562560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"PDF Converter Registry Controller"="c:\program files\ScanSoft\PDF Converter\RegistryController.exe" [2003-09-09 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\z\Menu Start\Programy\Autostart\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-14 533504]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-5-17 46080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1045\\WFXMSRVR.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\java.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-08-09 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-08-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-08-28 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-05-31 1684736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-07-23 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-07-23 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Tok-Cirrhatus-639 - c:\documents and settings\z\Ustawienia lokalne\Dane aplikacji\br2301on.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
IE: Open PDF in Word - c:\program files\ScanSoft\PDF Converter\IEShellExt.dll /100
IE: Wyslij przez wiadomosc(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Wyślij przez Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\z\Dane aplikacji\Mozilla\Firefox\Profiles\rp6whgz7.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\z\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 12:42
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4c0141c2-c9e0-4881-8a1c-e96c0c302e5a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d6
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3a,6e,32,a6,77,a4,a7,fc,ff,de,1b,59,3f,a3,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a0,14,72,f0,2d,4a,39,19,57,0d,98,02,ca,f7,09,f0,e6,47,e7,6d,2a,
   e1,7a,0f,fc,5b,44,f5,74,95,bc,70,3e,8b,3a,b7,10,2e,72,16,00,00,00,00,00,00,\
.
Czas ukończenia: 2009-08-28 12:43
ComboFix-quarantined-files.txt  2009-08-28 10:43

Przed: 14 290 239 488 bajtów wolnych
Po: 14 258 307 072 bajtów wolnych

254


PS. Idzie jakoś wyłączyć przy restarcie kompa zęby nie pokazywał co wybrać pomiędzy systemem a konsola odzyskiwania danych
marcin_atr
~user
 
Posty: 34
Dołączenie: 06 Paź 2004, 10:43



Komputer zawirusowany mks znalaz 360 wirusów

Postprzez Okocza 28 Sie 2009, 13:53

marcin_atr, zastosuj się do porady:

http://peb.pl/logi-do-sprawdzenia/463324-brontok-brak-opcji-folderow-nie-dziala.html#post1876999
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 7992
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości

cron