Aktualizacje na programosy.pl: Q-Dir PortableQ-DirZD Soft Screen RecorderEventSentryYandex.BrowserMozilla FirefoxGetFLVJ. River Media CenterWashAndGo  

  • Ogłoszenie:

Problem z kontem do windows-(wirus)?

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Problem z kontem do windows-(wirus)?

Postprzez maci 30 Gru 2009, 10:36

reklama
Witam

Włączając dzisiaj komputer,windows zapytam mnie o hasło.Ja nigdy nie używałem haseł do logowania ,wiec się bardzo zdziwiłem.Nic nie mogłem zrobić wszedłem więc w tryb aw z obsługą sieci zmieniłem nazwę użytkownika ze standardowego Xp na Mac i zapodałem mu hasło.Odpaliłem normalnie ,a on się mnie pyta o hasło do użytkownika Xp.Wpisując mu hasło od Mac wyskoczył niebieski ekran i okienko małe z czerwonym okrągłym krzyżykiem i tyle.

Tutaj log z OTL
Kod: Zaznacz wszystko
OTListIt logfile created on: 2009-12-30 09:26:54 - Run 6
OTListIt2 by OldTimer - Version 2.0.15.8     Folder = G:\MACIEK\OCHRONA KOMPA
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

510,68 Mb Total Physical Memory | 241,54 Mb Available Physical Memory | 47,30% Memory free
1,22 Gb Paging File | 1,04 Gb Available in Paging File | 85,70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 32,87 Gb Free Space | 67,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 124,63 Gb Total Space | 105,57 Gb Free Space | 84,71% Space Free | Partition Type: NTFS
Drive F: | 124,63 Gb Total Space | 104,18 Gb Free Space | 83,60% Space Free | Partition Type: NTFS
Drive G: | 97,65 Gb Total Space | 19,53 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive H: | 135,23 Gb Total Space | 37,46 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
Drive I: | 3,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: SPECIAL-XP
Current User Name: Xp
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-12-16 20:28:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-22 06:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009-06-02 13:25:21 | 00,501,248 | ---- | M] (OldTimer Tools) -- G:\MACIEK\OCHRONA KOMPA\OTListIt2.exe
PRC - [2009-02-06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])
SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2002-04-12 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Stopped])
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004-12-13 00:05:20 | 00,065,536 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance [Auto | Stopped])
SRV - [2004-12-13 00:05:20 | 01,527,893 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance [On_Demand | Stopped])
SRV - [2009-04-14 12:42:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-02-12 14:56:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98d19bbddcc46 [Auto | Stopped])
SRV - [2008-11-20 20:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008-04-14 21:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004-10-22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-05-03 04:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008-04-07 08:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2002-09-20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Stopped])
SRV - [2006-12-01 10:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped])
DRV - [2004-05-17 10:23:48 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])
DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])
DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped])
DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007-05-11 02:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Stopped])
DRV - [2007-03-05 05:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Stopped])
DRV - [2004-10-15 04:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
DRV - [2007-03-05 04:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2009-02-14 23:10:11 | 00,371,349 | ---- | M] (Illusion & Hope.) -- C:\WINDOWS\system32\drivers\BT848.sys -- (BT848 [Auto | Stopped])
DRV - [2007-05-09 00:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2007-03-05 04:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007-03-05 04:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2004-08-22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004-08-22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2002-04-14 16:23:00 | 00,016,588 | ---- | M] (The freeware company) -- E:\RÓŻNE\MORE TV\HWIONT.sys -- (HWIONT [On_Demand | Stopped])
DRV - [2004-06-21 15:03:22 | 00,078,976 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2007-12-05 22:34:18 | 00,004,864 | ---- | M] (ShiningMorning Inc.) -- C:\WINDOWS\system32\drivers\mcctl.sys -- (mcctl [Boot | Running])
DRV - [2007-12-05 22:45:20 | 00,015,872 | ---- | M] (ShiningMorning Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdevice.sys -- (mcdevice [On_Demand | Stopped])
DRV - [2002-09-20 10:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2007-01-24 23:00:00 | 00,039,424 | ---- | M] (WinAbility® Software Corporation) -- C:\Program Files\MySecretFolder XP\MSF32.SYS -- (MSF32 [Auto | Stopped])
DRV - [2008-09-15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008-09-15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008-05-03 04:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007-09-17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2002-03-19 09:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\pclepci.sys -- (PCLEPCI [System | Stopped])
DRV - [2009-04-21 20:02:23 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-11-20 20:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001-08-17 22:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2009-03-25 13:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2008-04-13 23:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006-09-18 13:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
DRV - [2006-09-18 13:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
DRV - [2006-09-18 13:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
DRV - [2006-09-18 13:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])
DRV - [2006-09-18 13:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])
DRV - [2006-09-18 13:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])
DRV - [2006-09-18 13:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])
DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004-04-26 09:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Stopped])
DRV - [2004-08-28 12:54:38 | 00,033,995 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sf.sys -- (sf [System | Stopped])
DRV - [2008-05-02 07:48:55 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112 [Boot | Running])
DRV - [2004-09-01 11:18:40 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2008-07-07 20:53:06 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008-09-15 07:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008-04-13 23:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2006-04-01 16:16:44 | 00,162,176 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0260Vid.sys -- (V0260VID [On_Demand | Stopped])
DRV - [2007-03-05 04:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Stopped])
DRV - [2007-03-05 04:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Stopped])
DRV - [2007-03-05 04:57:14 | 00,019,472 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv [On_Demand | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\S-1-5-21-2025429265-920026266-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\S-1-5-21-2025429265-920026266-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.fastgoogle.pl/"
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:5.6.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009-09-01 09:34:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009-11-04 06:27:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-12-18 13:27:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-12-16 20:28:15 | 00,000,000 | ---D | M]

[2009-06-02 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Extensions
[2009-06-02 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-12-29 22:05:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions
[2009-11-17 09:58:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009-11-17 09:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2009-12-05 16:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2009-12-17 19:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-09-13 22:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009-11-17 09:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009-12-03 20:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009-09-13 22:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\mozilla\Firefox\Profiles\t6zon6v7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009-11-17 09:58:16 | 00,004,440 | ---- | M] () -- C:\Documents and Settings\Xp\Dane aplikacji\Mozilla\FireFox\Profiles\t6zon6v7.default\searchplugins\hyperwords.xml
[2009-06-02 21:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-12-16 20:28:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-12-16 20:28:09 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-12-16 20:28:09 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-12-05 16:42:12 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-12-05 16:42:12 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-12-05 16:42:12 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-12-05 16:42:12 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-12-05 16:42:12 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-12-05 16:42:12 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-12-05 16:42:12 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start (WinAbility® Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Obszar nazw Bluetooth] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2025429265-920026266-1177238915-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/111111/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-07 12:28:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-02-25 17:24:46 | 00,000,051 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-06-29 23:09:38 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-12-29 09:52:41 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009-12-29 09:52:41 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009-12-29 09:52:41 | 00,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009-12-28 22:41:42 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009-12-28 22:41:11 | 00,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2009-12-22 09:30:17 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-12-19 20:43:10 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\SubEdit-Player.lnk
[2009-12-16 19:58:14 | 00,253,952 | ---- | C] (Jesse Yeager) -- C:\Documents and Settings\Xp\Pulpit\JPEGtoPDF.exe
[2009-12-12 17:50:10 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-12-06 14:04:28 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\Internet Explorer.lnk
[2009-12-06 14:03:29 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\Xp\Pulpit\SopCast.lnk
[2009-12-06 14:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009-12-04 19:58:43 | 00,000,516 | -H-- | C] () -- C:\Documents and Settings\Xp\Pulpit\Szymon Majewski Show 9x12 - Julia Kamińska i Filip Bobek.avi.ini
[2009-10-01 19:02:04 | 00,000,085 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2009-08-18 14:13:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-07-01 09:50:19 | 00,000,440 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009-07-01 09:45:16 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009-07-01 09:44:24 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009-07-01 09:44:05 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009-06-10 20:41:03 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2009-05-21 17:17:11 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-21 17:17:09 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-05-21 17:17:09 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-05-21 17:17:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-05-21 17:17:06 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-21 17:17:06 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-28 11:02:51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\JVideoWindow.dll
[2008-12-28 11:02:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\JVideoSession.dll
[2008-12-28 11:02:19 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\JInstantMessaging.dll
[2008-12-28 11:01:27 | 00,040,517 | ---- | C] () -- C:\WINDOWS\System32\jRegistryKey.dll
[2008-09-24 15:58:11 | 00,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008-08-23 16:18:01 | 00,000,261 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008-08-09 23:18:13 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Grappler.ini
[2008-07-14 14:03:15 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008-07-14 14:03:15 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008-07-14 14:03:15 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008-07-12 16:59:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\logon.ini
[2008-07-12 16:53:11 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav950231.sys
[2008-07-10 18:07:10 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008-07-07 23:31:02 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-07-07 21:12:26 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-07-07 21:04:59 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008-07-07 21:04:59 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008-07-07 20:53:06 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-07-07 16:57:53 | 00,000,879 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008-07-07 16:57:53 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008-07-07 16:57:53 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008-07-07 14:25:45 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-07-07 14:20:18 | 00,003,558 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-07-07 13:46:57 | 00,000,093 | ---- | C] () -- C:\WINDOWS\AVerTV2K.ini
[2008-05-03 08:24:01 | 00,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-05-03 04:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-05-03 04:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-05-03 04:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-05-03 04:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-05-03 04:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-02-29 05:14:04 | 00,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-03-29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-08-22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004-03-18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003-04-08 10:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-03-21 14:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002-03-04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001-07-21 23:16:20 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 23:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009-12-30 09:25:14 | 00,493,500 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-12-30 09:25:14 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-12-30 09:25:14 | 00,084,916 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-12-30 09:25:14 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-12-30 09:25:13 | 01,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-12-30 09:24:26 | 00,003,558 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-12-30 09:21:06 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Xp\Ustawienia lokalne\desktop.ini
[2009-12-30 09:20:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-30 01:31:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-30 01:27:03 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-12-29 14:22:26 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-12-29 14:22:18 | 00,182,851 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-28 18:02:29 | 01,533,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-12-28 09:11:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-22 09:30:17 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2009-12-19 20:43:10 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\SubEdit-Player.lnk
[2009-12-18 23:14:22 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\x.doc
[2009-12-12 17:50:11 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-12-09 20:26:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-12-06 14:04:28 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\Internet Explorer.lnk
[2009-12-06 14:03:29 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\Xp\Pulpit\SopCast.lnk
[2009-12-04 20:55:26 | 00,000,516 | -H-- | M] () -- C:\Documents and Settings\Xp\Pulpit\Szymon Majewski Show 9x12 - Julia Kamińska i Filip Bobek.avi.ini
[2009-12-04 12:28:58 | 00,253,952 | ---- | M] (Jesse Yeager) -- C:\Documents and Settings\Xp\Pulpit\JPEGtoPDF.exe
[2009-12-03 10:05:37 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-12-01 21:06:19 | 25,966,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[color=orange]========== LOP Check ==========[/color]

[2009-05-17 07:43:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji
[2009-05-17 07:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia
[2008-07-07 12:28:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft
[2009-11-05 16:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji
[2008-07-07 14:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
[2009-12-12 22:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2009-06-16 22:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple
[2009-06-16 22:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
[2008-07-16 07:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BlazeVideo
[2009-09-12 12:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
[2008-07-10 18:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Brother
[2008-07-14 12:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2008-10-30 12:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2008-07-11 17:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
[2009-04-07 11:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\hps
[2009-02-14 14:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2008-07-10 18:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
[2009-12-28 16:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-07-01 09:46:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MAGIX
[2009-06-04 14:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-12-29 10:47:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
[2009-02-14 14:40:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2008-08-05 20:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-04-17 22:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2009-05-21 17:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2009-11-05 16:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Recisio
[2008-07-10 18:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2009-03-15 19:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype
[2009-04-30 11:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2008-10-16 20:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
[2008-07-13 16:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith
[2009-05-09 11:33:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2008-10-20 17:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
[2009-05-17 07:43:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji
[2009-05-17 07:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Macromedia
[2008-07-07 12:28:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Microsoft
[2008-07-07 12:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji
[2008-07-07 15:31:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-07-07 12:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji
[2008-07-07 12:28:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-12-30 09:03:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji
[2008-07-07 12:28:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji\Microsoft
[2009-12-30 09:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Dane aplikacji
[2009-12-30 09:20:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT.000\Dane aplikacji\Microsoft
[2009-10-07 21:14:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Xp\Dane aplikacji
[2008-07-07 14:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\ACD Systems
[2009-07-06 14:37:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Adobe
[2009-03-16 15:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Ahead
[2009-06-17 14:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Apple Computer
[2009-02-19 00:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\AutoUpdate
[2008-07-07 16:58:21 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Brother
[2009-10-07 21:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\ChomikBox
[2008-10-28 12:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Corel
[2009-05-18 16:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Creative
[2008-10-30 12:12:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\CyberLink
[2008-07-07 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\DAEMON Tools Pro
[2008-07-12 13:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Datalayer
[2008-12-27 19:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Desktopicon
[2009-07-01 10:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\DivX
[2009-03-11 19:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\dvdcss
[2008-08-09 11:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\FarmingSimulator2008
[2009-02-19 00:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Flircik
[2008-07-07 17:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Gadu-Gadu
[2009-04-23 09:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\GeoVid
[2008-07-10 16:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Google
[2008-09-09 16:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\gtk-2.0
[2008-10-06 15:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Help
[2008-07-07 12:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Identities
[2009-06-07 12:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\InfraRecorder
[2008-07-15 14:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Intermedia Software
[2009-12-28 16:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\ipla
[2009-02-28 13:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\KC Softwares
[2008-08-29 14:40:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Leadertech
[2008-07-09 12:24:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Macromedia
[2009-06-04 14:48:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Malwarebytes
[2008-07-07 15:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Media Player Classic
[2009-07-30 19:37:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Microsoft
[2009-06-02 21:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Mozilla
[2009-06-04 22:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\MxBoost
[2008-07-07 21:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Nero
[2009-07-01 09:26:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Nimi
[2009-06-01 06:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Nokia
[2008-07-12 13:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Nokia Multimedia Player
[2009-02-14 17:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Nowe Gadu-Gadu
[2008-08-21 18:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\PC Suite
[2009-05-08 16:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Publish Providers
[2009-05-21 17:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Real
[2008-12-07 00:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Reallusion
[2009-03-18 12:34:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\REAPER
[2008-07-10 18:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\ScanSoft
[2009-03-10 19:28:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\SecuROM
[2009-12-29 16:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Skype
[2009-03-15 19:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\skypePM
[2009-05-08 16:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Sony
[2008-08-17 15:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Sony Ericsson
[2009-05-08 16:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Sony Setup
[2008-12-14 14:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Sports Interactive
[2008-10-17 20:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\streamripper
[2008-07-07 20:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Sun
[2008-08-17 16:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Teleca
[2008-07-07 13:48:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\U3
[2009-10-17 18:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\uTorrent
[2009-03-25 19:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\vlc
[2008-07-09 15:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\WebCompiler3
[2009-11-09 19:01:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\Winamp
[2008-07-07 14:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Xp\Dane aplikacji\WinRAR
[2001-07-21 23:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-12-29 14:22:26 | 00,001,032 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009-12-30 01:27:03 | 00,001,036 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009-12-30 01:31:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========[/color]


[color=orange]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129
< End of report >
maci
~user
 
Posty: 171
Dołączenie: 11 Sie 2005, 05:56


Góra

Problem z kontem do windows-(wirus)?

Postprzez NieWiem 30 Gru 2009, 13:48

1. Czytasz TO i odinstalowujesz napędy wirtualne. Dopóki nie skończymy usuwania ma ich nie być. Będiesz musiał pocierpieć i wytrzymac bez grania.

2. ComboFix

Image
  • Przeczytaj uważnie instrukcję programu ComboFix, po czym wyłącz swój program antywirusowy, firewall i inne programy, które mogą zakłócać nawet pobieranie ComboFixa twierdząc, że jest wirusem. Nie jest! Spokojnie go ściągnij i zapisz na pulpicie.
  • Pobierz z któregoś poniższego linku:
  • Pozamykaj wszystkie otwarte okna, komunikatory, programy. ComboFixowi nie powinno sie przeszkadzać.
  • Uruchom program z dwukliku (VISTA: prawoklik i 'uruchom jako administrator').
  • Pozwól mu spokojnie działać, nie klikaj ani nie stukaj w klawiaturę - to może spwodować zawieszenie się komputera.
  • Zalecane jest też instalowanie konsoli odzyskiwania, jeśli ComboFix o nią poprosi. Dzięki niej można odrolować zmiany w przypadku pomyłki narzędzia.
  • Jeśli będzie potrzeba - zgódź się na restart.
  • Kiedy program skończy, wytworzy loga (będzie on także w pliku C:\ComboFix.txt), którego wklej w odpowiedzi, pamiętając o tagach [code] lub na http://www.wklej.org.
1. Pomocy udzielam wyłącznie na licencji beerware!
2. Jeśli nie odpowiadam od razu w temacie, to znaczy że mam życie poza internetem. Uszanuj mój dobrowolnie poświęcony czas i nie oczekuj wszystkiego natychmiast. Jeśli nie odpowiadam przez 48 godzin, przyślij PW.

STOP ++> trollom, dzieciom neostrady, emo, Forestom, kotożercom i nienawiści [ nie dotyczy wymienionych wcześniej ]
Image
Awatar użytkownika
NieWiem
~user
 
Posty: 2183
Dołączenie: 19 Cze 2009, 17:01
Miejscowość: Okolice Okolic
Pochwały: 171


Góra

Problem z kontem do windows-(wirus)?

Postprzez maci 30 Gru 2009, 14:13

Win32:Sality napisał(a):1. Czytasz TO i odinstalowujesz napędy wirtualne. Dopóki nie skończymy usuwania ma ich nie być. Będiesz musiał pocierpieć i wytrzymac bez grania.


Niestety deamona nie mogę odinstalować,bo siedzę w trybie awaryjnym ,i wyskakuje okno podczas próby odinstalowania że nie ma dostępu do Instalatora Windows.

Co do combofixa mam go już zainstalowanego ,bo kiedyś też nim działałem.Pomagał wojtas.

Co czynić Win32:Sality??


Zacząłęm działać combofixem po chwili wyskoczył komunikat że combo wykrył rootkita i trzeba zresetowac kompa .Oczywiście się zgodziłem ale po restarcie wyskoczył znowu okno do zalogowania się do Windowsa.Musiałem zresetowac i wejsc w tryb awaryjny,a tu już combofix nie dokonczył działania.

Co robić???
maci
~user
 
Posty: 171
Dołączenie: 11 Sie 2005, 05:56


Góra

Problem z kontem do windows-(wirus)?

Postprzez NieWiem 30 Gru 2009, 16:06

Wywalić starą wersję CF, pobrać nową i odpalić. Nie ma co ;)
1. Pomocy udzielam wyłącznie na licencji beerware!
2. Jeśli nie odpowiadam od razu w temacie, to znaczy że mam życie poza internetem. Uszanuj mój dobrowolnie poświęcony czas i nie oczekuj wszystkiego natychmiast. Jeśli nie odpowiadam przez 48 godzin, przyślij PW.

STOP ++> trollom, dzieciom neostrady, emo, Forestom, kotożercom i nienawiści [ nie dotyczy wymienionych wcześniej ]
Image
Awatar użytkownika
NieWiem
~user
 
Posty: 2183
Dołączenie: 19 Cze 2009, 17:01
Miejscowość: Okolice Okolic
Pochwały: 171


Góra

Problem z kontem do windows-(wirus)?

Postprzez maci 30 Gru 2009, 16:56

Zrobione,nowym combem.W pewnym momencie pyta on o restart ,restartuje po czym wyskakuje okno do wpisania hasła do windowsa,musze uruchomić komputer z opcji która jest w tym oknie wejsc w tryb awaryjny z obsł sieci.Po tej czynności combofix dokończył swoją robotę w trybie awaryjnym:

Log wklejam w code.Wklej.org nie działa.

Kod: Zaznacz wszystko
ComboFix 09-12-29.05 - Xp 2009-12-30  15:39:51.3.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.371 [GMT 1:00]
Uruchomiony z: g:\ściągane z neta\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Xp\Dane aplikacji\Desktopicon
c:\documents and settings\Xp\Dane aplikacji\Desktopicon\config.ini
c:\documents and settings\Xp\Dane aplikacji\Desktopicon\eBayShortcuts.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-28 do 2009-12-30  )))))))))))))))))))))))))))))))
.

2009-12-30 13:59 . 2009-12-30 13:59   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.005
2009-12-30 13:12 . 2009-12-30 13:09   396288   ----a-w-   c:\windows\system32\CF21273.exe
2009-12-30 11:59 . 2009-12-30 11:59   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.004
2009-12-30 11:05 . 2009-12-30 11:05   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.003
2009-12-30 10:11 . 2009-12-30 10:11   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.002
2009-12-30 09:39 . 2009-12-30 09:39   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.001
2009-12-30 08:20 . 2009-12-30 08:20   --------   d-sh--w-   c:\documents and settings\NetworkService.ZARZĄDZANIE NT.000
2009-12-29 08:52 . 2009-08-06 18:23   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-12-29 08:52 . 2009-08-06 18:23   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-12-28 21:41 . 2009-12-28 21:41   --------   d-----w-   c:\program files\Haali
2009-12-28 21:41 . 2009-12-28 21:41   --------   d-----w-   c:\program files\CoreCodec
2009-12-20 14:16 . 2009-12-20 14:16   --------   d-----w-   c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\Unity
2009-12-06 13:03 . 2009-12-06 13:03   --------   d-----w-   c:\program files\SopCast

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 14:43 . 2001-10-26 16:15   84916   ----a-w-   c:\windows\system32\perfc015.dat
2009-12-30 14:43 . 2001-10-26 16:15   493500   ----a-w-   c:\windows\system32\perfh015.dat
2009-12-29 15:09 . 2008-07-09 16:26   --------   d-----w-   c:\documents and settings\Xp\Dane aplikacji\Skype
2009-12-28 18:42 . 2008-07-07 18:16   68880   ----a-w-   c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-28 15:28 . 2009-06-06 21:14   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ipla
2009-12-28 15:22 . 2009-06-06 21:14   --------   d-----w-   c:\documents and settings\Xp\Dane aplikacji\ipla
2009-12-28 15:22 . 2009-06-06 21:13   --------   d-----w-   c:\program files\ipla
2009-12-26 16:36 . 2008-07-12 22:16   --------   d-----w-   c:\program files\Google
2009-12-19 19:43 . 2008-12-29 17:14   --------   d-----w-   c:\program files\SubEdit-Player
2009-12-19 15:35 . 2008-07-07 11:53   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-15 15:41 . 2008-08-09 15:20   --------   d-----w-   c:\program files\Winamp
2009-12-15 14:52 . 2009-10-07 20:12   --------   d-----w-   c:\program files\ChomikBox
2009-12-12 16:50 . 2008-07-07 18:16   --------   d-----w-   c:\program files\Common Files\Adobe
2009-11-16 19:25 . 2009-06-13 16:28   --------   d-----w-   c:\program files\Burn4Free
2009-11-16 15:48 . 2009-11-16 15:48   --------   d-----w-   c:\program files\AMR to MP3 Converter
2009-11-09 18:01 . 2008-08-09 15:20   --------   d-----w-   c:\documents and settings\Xp\Dane aplikacji\Winamp
2009-11-05 15:23 . 2009-11-05 15:23   --------   d-----w-   c:\program files\KaraFun
2009-11-05 15:23 . 2009-11-05 15:23   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Recisio
2009-10-29 07:44 . 2008-03-01 14:02   832512   ----a-w-   c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2008-05-02 06:47   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2008-05-02 06:47   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2008-04-14 20:50   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 20:50   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 22:23   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-16 19:53 . 2009-05-21 16:17   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2009-10-13 10:34 . 2008-04-14 20:50   271360   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 20:50   79872   ----a-w-   c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 20:50   150016   ----a-w-   c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-24 99920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"atapi"="c:\windows\Regedit.exe" [2008-04-14 149504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-10-29 124928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
backup=c:\windows\pss\icwsetup.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 15:42   933888   ------w-   c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00   299008   ------w-   c:\program files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05   81920   ----a-w-   c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
2002-12-11 22:14   46592   ----a-w-   c:\windows\system32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2007-04-17 11:12   2113536   ----a-w-   c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 12:45   40960   ----a-w-   c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSF_Monitor]
2007-01-24 22:00   99920   ----a-w-   c:\progra~1\MYSECR~1\MSFMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:51   1695232   ------w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-03-26 16:41   1232896   ----a-w-   c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 03:46   13529088   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 03:46   86016   ----a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 03:46   1630208   ----a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 12:25   57393   ----a-w-   c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-04-16 10:53   1079808   ----a-w-   c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2008-03-26 16:41   1232896   ----a-w-   c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 16:02   49152   ------w-   c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-06 21:54   24095528   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 06:27   860160   ----a-w-   c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-07-27 11:48   1388544   ----a-w-   c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 08:22   155648   ----a-r-   c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"h:\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"e:\\RÓŻNE\\CS1.6\\hl.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-07-07 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-07-07 5248]
R0 mcctl;mcctl;c:\windows\system32\drivers\mcctl.sys [2009-04-17 4864]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2008-07-07 371349]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S2 gupdate1c98d19bbddcc46;Google Update Service (gupdate1c98d19bbddcc46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2009-09-26 39424]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-04-17 15872]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-08-15 162176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-07-07 685816]
.
Zawartość folderu 'Zaplanowane zadania'

2009-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:56]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 13:56]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 174.142.24.201:3128
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Xp\Dane aplikacji\Mozilla\Firefox\Profiles\t6zon6v7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fastgoogle.pl/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Xp\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-RunOnce-ComboFix_Pre - c:\combofix\Res.bat
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
MSConfigStartUp-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\gg.exe
MSConfigStartUp-PinnacleDriverCheck - c:\windows\system32\PSDrvCheck.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-CSI Kryminalne Zagadki Las Vegas - Mroczne Motywy - c:\windows\CSI Kryminalne Zagadki Las Vegas - Mroczne Motywy\uninstall.exe
AddRemove-HijackThis - g:\ściągane z neta\HijackThis.exe
AddRemove-{9FB04E44-1339-4A6C-8C50-78BA121AAED5}_is1 - c:\program files\CyberLink\PowerDVD8\Language\Enu\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 15:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x831D8BE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85caf28
\Driver\ACPI -> ACPI.sys @ 0xf8506cb8
\Driver\atapi -> 0x831d8be8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8379bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8386a21
SendHandler -> NDIS.sys @ 0xf836487b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x1d1c4581 size 0x1e4 !
PE file found in sector at 0x01D1C4581 !

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-920026266-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,9d,d5,d4,5a,4f,bd,34,73,8e,6c,74,3e,a7,48,e5,65,07,15,b3,cc,8a,b5,
   c7,3d,80,07,f8,5c,b9,01,11,bc,4e,85,08,da,12,f3,6e,6e,6d,61,64,8b,53,f8,6f,\
"??"=hex:9f,3c,38,3e,ea,9b,99,d9,1f,2d,93,22,dd,63,d9,d0
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
.
Czas ukończenia: 2009-12-30  15:51:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-12-30 14:51

Przed: 35 425 464 320 bajtów wolnych
Po: 35 394 023 424 bajtów wolnych

- - End Of File - - 02801EA10273638AD952FD638C879F04
maci
~user
 
Posty: 171
Dołączenie: 11 Sie 2005, 05:56


Góra

Problem z kontem do windows-(wirus)?

Postprzez NieWiem 30 Gru 2009, 23:53

1. Ściągnij na dysk program MBR i zapisz go bezpośrednio w roocie dysku systemowego (X:\mbr.exe, gdzie X jest literą dysku systemowego).

Uruchom program i pozwól mu spokojnie działać. Wytworzy on loga w pliku X:\mbr.log - proszę go otworzyć za pomocą notatnika i przekleić zawartość w tagach [code] do posta. X: - litera dysku, na którym zapisany był program mbr.exe.

2. Spróbujemy to zrobić w takim razie po rusku... dosłownie :D

Image

Pobierz AVZ Antiviral Toolkit. Ruskie narzędzie do usuwania złośliwych podłości.
  • wypakuj na pulpicie do folderu AVZ4
  • dwuklik na AVZ.exe żeby uruchomić program (lub prawoklik i opcja: uruchom jako administrator)
  • uruchom aktualizację poprzez wciśnięcie przycisku Image i wciśnij start. Jeśli otrzymasz error - wybierz inne źródło.

Potem uruchom AVZ:
  • File => standard scripts => zaznacz opcję
    "Advanced System Analysis with malware removal mode enabled"
  • kliknij Execute Selected Scripts
  • nastąpi automatyczny skan połączony z usuwaniem, jeśli coś zostanie znalezione
  • raport będzie na ekranie (avz_sysinfo.htm) oraz w pliku virusinfo_syscure.zip - zawartość tego drugiego proszę shostować na http://www.speedyshare.com i dać linka do paczki.
  • bezwzględnie zrestartować komputer

Po restarcie znowu uruchom AVZ:
  • File => standard scripts => zaznacz opcję
    "Advanced System Analysis"
  • kliknij Execute Selected Scripts
  • nastąpi automatyczny skan
  • raport będzie na ekranie (avz_sysinfo.htm) oraz w pliku virusinfo_syscheck.zip - zawartość tego drugiego proszę shostować na http://www.speedyshare.com i dać linka do paczki.
  • bezwzględnie zrestartować komputer
1. Pomocy udzielam wyłącznie na licencji beerware!
2. Jeśli nie odpowiadam od razu w temacie, to znaczy że mam życie poza internetem. Uszanuj mój dobrowolnie poświęcony czas i nie oczekuj wszystkiego natychmiast. Jeśli nie odpowiadam przez 48 godzin, przyślij PW.

STOP ++> trollom, dzieciom neostrady, emo, Forestom, kotożercom i nienawiści [ nie dotyczy wymienionych wcześniej ]
Image
Awatar użytkownika
NieWiem
~user
 
Posty: 2183
Dołączenie: 19 Cze 2009, 17:01
Miejscowość: Okolice Okolic
Pochwały: 171


Góra

Problem z kontem do windows-(wirus)?

Postprzez maci 03 Sty 2010, 20:21

Dzięki ,ale tak się porobiło że wziąłem go pod pachę ,do kolegi o poszedł format c :oops: W sumie to i tak mu się należało odświerzenie.

Dziękuję raz jeszcze!!!Temat można ciachnąć.

Szczęśliwego 2010 :)
maci
~user
 
Posty: 171
Dołączenie: 11 Sie 2005, 05:56


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości

Powered by phpBB © Group
Forum Programosy.pl