Olhrwef.exe -nie mozna wejsc na dyski i brak plikow ukrytych

[odzio]

witam, zeby nie zakladac nowego tematu podepne swoj problem tutaj
pare dni mialem problem z wejsciem na dysk c lub d z poziomu mojego komputera - wyskakuje mi komunikat Outposta ze program probuje zmodyfikowac pliki systemowe, potem kolejny ze probuje uruchomic proces z dostepem do sieci. puscilem skana hijackiem i usunalem olhrwef.exe - myslalem ze juz bedzie dobrze ale niestety nie i tu sie zwracam z prosba do was. troszke poszperalem po forum i sprobowalem tego i owego, po uruchomieniu SDFix'a dzialanie sytemu nieco sie poprawilo ale dalej wyskakuja komunikaty przy wchodzieniu na dyski i wciaz nie ma plikow ukrytych, oto log:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by TXP on 2009-07-04 at 11:38

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default ScreenSaver value
Restoring Missing Security Center Service

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\blphcg8kj0el51.scr - Deleted
C:\autorun.inf - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 12:03:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b0727fa0
"s2"=dword:bfb94333
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:50,5a,c8,60,fc,9e,f0,6d,ce,2c,05,4e,f3,6e,12,dc,b0,5e,31,18,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,df,ba,b6,5a,a5,14,8d,b2,fb,c4,a0,cd,61,9f,5d,46,01,..
"khjeh"=hex:7a,ec,74,e7,8e,d3,50,a4,bd,55,b3,d2,f0,03,53,9b,fc,fe,6f,2f,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:67,48,20,fc,62,2d,46,df,27,b8,f8,5d,ec,76,9a,23,bf,57,d8,36,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:50,5a,c8,60,fc,9e,f0,6d,ce,2c,05,4e,f3,6e,12,dc,b0,5e,31,18,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,df,ba,b6,5a,a5,14,8d,b2,fb,c4,a0,cd,61,9f,5d,46,01,..
"khjeh"=hex:7a,ec,74,e7,8e,d3,50,a4,bd,55,b3,d2,f0,03,53,9b,fc,fe,6f,2f,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:67,48,20,fc,62,2d,46,df,27,b8,f8,5d,ec,76,9a,23,bf,57,d8,36,67,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 30 Jun 2009       108,386 ..SHR --- "C:\2nuk.com"
Thu  2 Jul 2009       106,352 ..SHR --- "C:\cj1m.com"
Tue 30 Jun 2009       107,917 ..SHR --- "C:\hifdmgt.com"
Mon 29 Jun 2009       106,931 ..SHR --- "C:\n0euybx.exe"
Mon  8 Dec 2008             0 ..SH. --- "C:\WINDOWS\SB2DF70A4.tmp"
Mon 17 Mar 2008       126,976 A..H. --- "C:\Documents and Settings\NetworkService\NTUSER.bak"
Mon 17 Mar 2008     1,048,576 A..H. --- "C:\Documents and Settings\TXP\NTUSER.bak"
Fri  3 Jul 2009       105,984 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll"
Thu  2 Jul 2009       105,984 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll"
Thu  2 Jul 2009       106,352 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe"
Sun 24 May 2009    10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Mon 17 Mar 2008       262,144 A..H. --- "C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.bak"
Mon 17 Mar 2008       262,144 A..H. --- "C:\Documents and Settings\TXP\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.bak"

[b]Finished![/b]


ktos jeszcze otrzymal rade zeby wkleic loga z OTL'a wiec od razu tez wrzucam

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-04 12:56:29 - Run 2
OTL by OldTimer - Version 3.0.6.4     Folder = C:\Documents and Settings\TXP\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

510,73 Mb Total Physical Memory | 79,95 Mb Available Physical Memory | 15,65% Memory free
1,23 Gb Paging File | 0,82 Gb Available in Paging File | 66,27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45,27 Gb Total Space | 2,89 Gb Free Space | 6,38% Space Free | Partition Type: NTFS
Drive D: | 29,26 Gb Total Space | 3,25 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 44,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 620450A6811A41F
Current User Name: TXP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2007-12-06 22:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-01-15 16:12:35 | 01,549,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-02-14 19:27:38 | 00,314,584 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2008-11-14 23:11:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-03-17 19:48:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007-01-12 23:47:22 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe
PRC - [2008-03-17 19:48:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2008-03-23 12:41:41 | 00,387,584 | ---- | M] () -- C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
PRC - [2008-02-14 19:27:32 | 00,863,448 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2007-05-16 10:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007-05-16 10:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009-06-12 20:20:43 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005-05-24 23:41:09 | 00,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe
PRC - [2009-07-04 12:29:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-12-06 22:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
SRV - [2008-08-05 16:50:50 | 01,238,344 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv [Auto | Running])
SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-02-14 19:27:38 | 00,314,584 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS [Auto | Running])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-02-04 14:51:05 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-11-14 23:11:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2008-03-17 19:48:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2007-01-12 23:47:22 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - File not found --  -- (UPHClean [Disabled | Stopped])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-08-14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2003-03-13 12:34:48 | 00,100,224 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005-02-23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2008-06-30 18:16:00 | 00,030,864 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\DRIVERS\afw.sys -- (afw [On_Demand | Running])
DRV - [2008-06-30 18:16:14 | 00,234,640 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys -- (afwcore [On_Demand | Running])
DRV - [2008-03-17 19:48:24 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2008-07-11 16:42:08 | 00,033,408 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\Filt\ASWFilt.dll -- (ASWFilt [On_Demand | Stopped])
DRV - File not found --  -- (catchme [On_Demand | Running])
DRV - [2008-02-14 19:27:42 | 00,715,992 | R--- | M] (cFos Software GmbH) -- C:\WINDOWS\System32\DRIVERS\cfosspeed.sys -- (cFosSpeed [On_Demand | Running])
DRV - [2006-02-26 17:19:20 | 00,147,456 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
DRV - [2007-02-16 02:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2007-08-07 21:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2006-07-19 13:27:26 | 00,013,568 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
DRV - [2008-03-17 19:48:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007-01-31 19:54:54 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2006-11-08 00:02:36 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004-05-05 22:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2004-03-09 11:45:49 | 00,077,184 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004-03-09 12:18:09 | 00,065,504 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2003-09-06 14:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-07-11 16:41:28 | 00,673,920 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\DRIVERS\SandBox.sys -- (SandBox [System | Running])
DRV - [2008-08-02 22:48:03 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004-04-26 04:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Stopped])
DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2003-06-02 07:42:14 | 00,578,304 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006-09-24 15:28:47 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008-03-26 21:29:49 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.pl
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.pl/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig?hl=pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.2.2
FF - prefs.js..extensions.enabledItems: {40520fe7-6336-4df2-bab1-1f1f8e11bf27}:0.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:0.9.8.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.2
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2a4ea141-f5c9-413d-9d11-af76170d33cb}:0.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.0.8
FF - prefs.js..extensions.enabledItems: {4217f6d7-406e-4b66-856d-d1a373e4f41a}:2.6.42
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.02.3
FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-11-14 23:11:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-15 04:29:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-12 20:20:47 | 00,000,000 | ---D | M]

[2008-12-07 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Extensions
[2008-12-07 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-04 01:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions
[2008-10-17 09:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2009-04-12 23:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{2a4ea141-f5c9-413d-9d11-af76170d33cb}
[2008-06-01 12:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{40520fe7-6336-4df2-bab1-1f1f8e11bf27}
[2009-06-29 15:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2009-06-13 16:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009-05-28 13:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009-04-09 10:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2008-03-20 03:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009-04-16 18:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-05-03 00:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008-11-23 19:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009-02-19 17:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-06-29 15:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\autopager@mozilla.org
[2008-06-20 19:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\faviconizetab@espion.just-size.jp
[2009-06-29 15:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\firegestures@xuldev.org
[2008-12-02 14:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\max@subfighter.com
[2008-05-26 00:55:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\youplayer@addons.mozilla.org
[2009-07-04 01:20:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-06-12 20:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-03-17 19:58:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2008-11-14 23:11:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009-06-12 20:20:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-06-12 20:20:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008-11-14 23:11:18 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006-12-12 11:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-06-12 20:20:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Licence] C:\WINDOWS\System32\Licence.exe ()
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\TXP\Ustawienia lokalne\Temp\olhrwef.exe ()
O4 - HKCU..\Run: [CFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKCU..\Run: [Labtec Keyboard] C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O9 - Extra 'Tools' menuitem : IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O9 - Extra Button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Key error. (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.244.140.241 89.228.6.83
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-17 19:03:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-04-09 00:28:17 | 00,000,000 | ---D | M] - C:\Automap -- [ NTFS ]
O32 - AutoRun File - [2009-07-04 11:32:59 | 00,000,061 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004-06-24 00:40:52 | 00,000,050 | R--- | M] () - F:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2004-06-24 00:28:58 | 00,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05e1cfd5-f447-11dc-bab2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{05e1cfd5-f447-11dc-bab2-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.bat -- [2004-06-24 00:40:52 | 00,000,050 | R--- | M] ()
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\AutoRun\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\open\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\AutoRun\command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\open\Command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\{b9b8c5b3-f456-11dc-80e0-000c6e9d438a}\Shell\AutoRun\command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\{b9b8c5b3-f456-11dc-80e0-000c6e9d438a}\Shell\open\Command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\open\Command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat -- [2004-06-24 00:40:52 | 00,000,050 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-07-04 12:29:27 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe
[2009-07-04 12:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-07-04 12:22:07 | 00,000,000 | ---D | C] -- C:\rsit
[2009-07-04 12:21:30 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\RSIT.exe
[2009-07-04 11:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Dane aplikacji\WinRAR
[2009-07-04 11:37:27 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-07-04 11:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-07-04 10:55:14 | 00,000,000 | ---D | C] -- C:\SDFix
[2009-07-04 10:54:14 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\SDFix.exe
[2009-07-03 23:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Pulpit\ekonomeria
[2009-07-03 23:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Pulpit\Miarecka
[2009-07-03 23:26:07 | 00,107,500 | RHS- | C] () -- C:\3j2h0tf.bat
[2009-07-02 21:29:24 | 00,136,192 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska dl czesc 2.doc
[2009-07-02 19:13:33 | 00,381,440 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska w2.doc
[2009-07-02 18:35:01 | 02,145,889 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\(11529) wsip_R_I-VII.pdf
[2009-07-02 18:34:54 | 00,091,648 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\(12430) tows_swot.xls
[2009-07-02 18:33:53 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\(12565) Projekt ze strategii.doc
[2009-07-02 18:13:50 | 00,106,352 | RHS- | C] () -- C:\cj1m.com
[2009-07-01 18:07:29 | 00,106,656 | RHS- | C] () -- C:\ix8bmwx.bat
[2009-06-30 19:55:54 | 00,107,917 | RHS- | C] () -- C:\hifdmgt.com
[2009-06-30 13:54:40 | 00,108,386 | RHS- | C] () -- C:\2nuk.com
[2009-06-30 13:54:14 | 00,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-06-30 13:53:58 | 00,106,931 | RHS- | C] () -- C:\n0euybx.exe
[2009-06-30 13:53:31 | 00,106,352 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-06-30 13:53:31 | 00,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-06-30 11:27:50 | 00,103,424 | ---- | C] (MailShare.pl) -- C:\WINDOWS\System32\Http Client_nat.dll
[2009-06-30 11:12:20 | 00,000,000 | ---D | C] -- C:\Program Files\MailShare
[2009-06-29 18:56:55 | 00,013,819 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\METODY PŁATNOŚCI.docx
[2009-06-26 12:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Pulpit\Therion - 1997 - A' arab Zaraq Lucid Dreaming
[2009-06-24 19:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Dane aplikacji\SmsDiscount
[2009-06-24 19:21:22 | 00,000,000 | ---D | C] -- C:\Program Files\SmsDiscount.com
[2009-06-23 01:48:58 | 00,012,237 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\dolica.docx
[2009-06-17 02:10:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\glp.INI
[2009-01-12 02:27:12 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009-01-12 01:31:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-01-12 01:31:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-01-12 01:31:06 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-01-12 01:31:06 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008-10-27 19:05:50 | 00,003,071 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-10-27 19:05:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-06 11:00:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2008-10-06 10:52:58 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008-09-22 14:55:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-22 00:05:51 | 00,000,559 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-07-23 03:12:04 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008-07-23 03:12:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008-05-29 16:22:32 | 00,000,235 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008-05-29 16:21:04 | 00,002,672 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-03-21 13:21:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2008-03-17 19:56:58 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-17 19:56:58 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-17 19:56:58 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-17 19:56:58 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-03-17 19:52:08 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008-03-17 19:48:44 | 00,000,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-17 19:48:25 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008-03-17 19:46:59 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-03-17 19:46:57 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008-03-17 19:46:46 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008-03-17 19:46:16 | 00,143,360 | ---- | C] ( ) -- C:\WINDOWS\System32\ICSharpCode.SharpZipLib.dll
[2008-03-17 19:46:15 | 00,315,392 | ---- | C] () -- C:\WINDOWS\System32\tidylib.dll
[2008-03-17 19:46:15 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ue32ctmn.dll
[2008-03-17 19:46:10 | 00,409,184 | ---- | C] () -- C:\WINDOWS\System32\WCMICONS.DLL
[2008-03-17 19:46:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WCMZIP32.ORG.DLL
[2008-03-17 19:46:10 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wcmzip32.dll
[2008-03-17 19:46:09 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2008-03-17 19:46:09 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TCUNZLIB.DLL
[2008-03-17 19:46:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2008-03-17 19:46:09 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\CABRK.DLL
[2008-03-17 19:46:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\FRERES32.DLL
[2008-03-17 19:45:54 | 00,014,828 | ---- | C] () -- C:\WINDOWS\System32\wincmd.ini
[2008-03-17 19:45:54 | 00,003,083 | ---- | C] () -- C:\WINDOWS\System32\ShellDetails.ini
[2008-03-17 19:45:54 | 00,001,419 | ---- | C] () -- C:\WINDOWS\System32\color.ini
[2008-03-17 19:45:54 | 00,001,319 | ---- | C] () -- C:\WINDOWS\System32\DirSizeCalc.ini
[2008-03-17 19:45:54 | 00,001,237 | ---- | C] () -- C:\WINDOWS\System32\visualdirsize.ini
[2008-03-17 19:45:54 | 00,000,636 | ---- | C] () -- C:\WINDOWS\System32\fsplugin.ini
[2008-03-17 19:45:54 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\pkplugin.ini
[2008-03-17 19:45:54 | 00,000,055 | ---- | C] () -- C:\WINDOWS\System32\buttonbar.ini
[2008-03-17 19:45:41 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008-03-17 19:45:41 | 00,000,096 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-03-17 19:45:40 | 00,054,784 | ---- | C] () -- C:\WINDOWS\System32\sfextra.dll
[2008-03-17 19:45:38 | 00,003,752 | ---- | C] () -- C:\WINDOWS\RegWorkshop.ini
[2008-03-17 19:45:36 | 01,197,936 | ---- | C] () -- C:\WINDOWS\System32\everest_cpuid.dll
[2008-03-17 19:45:36 | 01,131,888 | ---- | C] () -- C:\WINDOWS\System32\everest_mondiag.dll
[2008-03-17 19:45:36 | 00,256,880 | ---- | C] () -- C:\WINDOWS\System32\everest_rcs.dll
[2008-03-17 19:45:36 | 00,250,736 | ---- | C] () -- C:\WINDOWS\System32\everest_rcc.dll
[2008-03-17 19:45:36 | 00,185,176 | ---- | C] () -- C:\WINDOWS\System32\everest_xpicons.dll
[2008-03-17 19:45:36 | 00,133,968 | ---- | C] () -- C:\WINDOWS\System32\everest_icons.dll
[2008-03-17 19:45:36 | 00,055,160 | ---- | C] () -- C:\WINDOWS\System32\everest_zipdll.dll
[2008-03-17 19:45:31 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\VSLWP.DLL
[2008-03-17 19:45:30 | 01,567,232 | ---- | C] () -- C:\WINDOWS\System32\LWPAPIN.DLL
[2008-03-17 19:45:30 | 01,085,440 | ---- | C] () -- C:\WINDOWS\System32\mxlinkdb.dll
[2008-03-17 19:45:30 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SCSILIB.dll
[2008-03-17 19:45:19 | 00,000,156 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008-03-17 19:45:18 | 00,000,063 | ---- | C] () -- C:\WINDOWS\System32\FTPsrv.ini
[2008-03-17 19:25:26 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2001-10-26 18:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2001-07-22 01:16:20 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-07-04 12:29:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe
[2009-07-04 12:21:36 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\RSIT.exe
[2009-07-04 12:04:53 | 00,003,752 | ---- | M] () -- C:\WINDOWS\RegWorkshop.ini
[2009-07-04 11:47:08 | 00,478,184 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-07-04 11:47:07 | 01,055,160 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-07-04 11:47:07 | 00,420,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-07-04 11:47:07 | 00,079,498 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-07-04 11:47:07 | 00,063,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-07-04 11:42:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-04 11:42:17 | 00,352,401 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009-07-04 11:38:33 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009-07-04 11:37:27 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-07-04 10:54:54 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\SDFix.exe
[2009-07-04 10:40:13 | 00,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-07-04 10:40:13 | 00,000,232 | -HS- | M] () -- C:\boot.ini
[2009-07-04 10:40:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-07-03 23:46:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-03 23:25:39 | 00,107,500 | RHS- | M] () -- C:\3j2h0tf.bat
[2009-07-03 23:24:53 | 00,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-07-03 15:31:15 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-07-02 21:29:25 | 00,136,192 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska dl czesc 2.doc
[2009-07-02 19:13:37 | 00,381,440 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska w2.doc
[2009-07-02 18:35:17 | 02,145,889 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\(11529) wsip_R_I-VII.pdf
[2009-07-02 18:34:55 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\(12430) tows_swot.xls
[2009-07-02 18:33:54 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\(12565) Projekt ze strategii.doc
[2009-07-02 18:13:20 | 00,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-07-02 18:13:18 | 00,106,352 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-07-02 18:13:18 | 00,106,352 | RHS- | M] () -- C:\cj1m.com
[2009-07-02 16:07:45 | 00,002,672 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-07-01 18:07:01 | 00,106,656 | RHS- | M] () -- C:\ix8bmwx.bat
[2009-07-01 10:05:42 | 02,323,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-30 22:39:13 | 00,066,168 | ---- | M] () -- C:\Documents and Settings\TXP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-06-30 19:55:13 | 00,107,917 | RHS- | M] () -- C:\hifdmgt.com
[2009-06-30 13:54:13 | 00,108,386 | RHS- | M] () -- C:\2nuk.com
[2009-06-30 11:27:50 | 00,103,424 | ---- | M] (MailShare.pl) -- C:\WINDOWS\System32\Http Client_nat.dll
[2009-06-29 18:56:57 | 00,013,819 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\METODY PŁATNOŚCI.docx
[2009-06-29 10:00:00 | 00,106,931 | RHS- | M] () -- C:\n0euybx.exe
[2009-06-23 01:48:59 | 00,012,237 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\dolica.docx
[2009-06-17 02:10:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\glp.INI
< End of report >


[odzio2]

witam, niestety nie uzyskalem odpowiedzi na tamtego posta... pewnie podalem za malo szczegolow? co jeszcze jest potrzebne do analizy problemu? dodaje tu przykladowy komunikat outposta, czesto mi sie pojawiaja takie okienka. wiele problemow dotyczy pliku cdaudio.sys. dorzuce tez loga z hijackthis. jesli potrzeba moge tez dac loga z RISTa. bardzo prosze o pomoc

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 15:17:30, on 2009-07-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Licence] Licence.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [Labtec Keyboard] C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
O4 - HKCU\..\Run: [CFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\TXP\USTAWI~1\Temp\olhrwef.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe



[ToServeAndProtect]

ważne: dlaczego założyłeś drugie konto. zdecyduj się tylko na jedno i używaj go. wskaż z którego konta będziesz używać, pozostałe będą wyłączone

[Okocza]

odzio2, daj log z RSIT

[odzio]

ważne: dlaczego założyłeś drugie konto. zdecyduj się tylko na jedno i używaj go. wskaż z którego konta będziesz używać, pozostałe będą wyłączone

tym postem mialem poprosic o wylaczenie odzia2 - po prostu chcialem od razu dodac nowe logi a dlugosc posta byla niewystarczajaca zeby to zrobic w jednym a nie ma mozliwosci napisania 2 postow pod rzad przez jednego uzytkownika. reasumujac odzio2 jest do wylaczenia

oto co otrzymalem z RISTa:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by TXP at 2009-07-07 21:51:46
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 3 GB (7%) free of 46 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:04, on 2009-07-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\TXP\Pulpit\Gry i Programsy\SmsDiscount.exe
C:\Documents and Settings\TXP\Pulpit\RSIT.exe
C:\Program Files\trend micro\TXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Licence] Licence.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [Labtec Keyboard] C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
O4 - HKCU\..\Run: [CFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\TXP\USTAWI~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6812 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Labtec Media Keyboard V5.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7pro BHO - C:\Program Files\IE7pro\IE7pro.dll [2007-02-10 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-01-29 75528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Vistadrv"=C:\Program Files\VistaDrives\vsdrv.exe [2006-07-30 121089]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-03-17 949376]
"Licence"=C:\WINDOWS\system32\Licence.exe [2007-01-08 101651]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-08-22 1157448]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2008-08-05 435528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Labtec Keyboard"=C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE [2008-03-23 387584]
"CFosSpeed"=C:\Program Files\cFosSpeed\cfosspeed.exe [2008-02-14 863448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"cdoosoft"=C:\DOCUME~1\TXP\USTAWI~1\Temp\olhrwef.exe [2009-07-07 111248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aktualizator]
C:\Program Files\ITService\FInwestycyjne\Aktualizator.exe [2009-04-09 2954240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster\VoipBuster.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheap]
C:\Program Files\VoipCheap\VoipCheap.exe [2008-11-10 9192752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
C:\Program Files\VoipCheapCom\VoipCheapCom.exe [2008-09-08 9218872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
C:\Program Files\Voipwise\Voipwise.exe [2008-12-08 8974128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"NoSMBalloonTip"=0
"NoUserNameInStartMenu"=1
"NoSMConfigurePrograms"=1
"NoExpandedNewMenu"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSharedDocuments"=1
"NoThumbnailCache"=1
"NoTaskGrouping"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\TXP\Pulpit\Gry i Programsy\SmsDiscount.exe"="C:\Documents and Settings\TXP\Pulpit\Gry i Programsy\SmsDiscount.exe:*:Enabled:SmsDiscount"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\3j2h0tf.bat
shell\open\command - C:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\3j2h0tf.bat
shell\open\command - D:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05e1cfdb-f447-11dc-bab2-806d6172696f}]
shell\AutoRun\command - C:\9vlgaqms.cmd
shell\open\command - C:\9vlgaqms.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}]
shell\AutoRun\command - G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
shell\open\command - G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}]
shell\AutoRun\command - G:\n0euybx.exe
shell\open\command - G:\n0euybx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b8c5b3-f456-11dc-80e0-000c6e9d438a}]
shell\AutoRun\command - D:\9vlgaqms.cmd
shell\open\command - D:\9vlgaqms.cmd


======List of files/folders created in the last 1 months======

2009-07-07 19:11:59 ----RSH---- C:\9vlgaqms.cmd
2009-07-05 13:21:14 ----RSH---- C:\aphqg.exe
2009-07-05 10:42:51 ----A---- C:\WINDOWS\AhnRpta.exe
2009-07-05 10:24:08 ----A---- C:\WINDOWS\system32\c.exe
2009-07-04 20:50:17 ----RSH---- C:\9kretct.exe
2009-07-04 12:22:15 ----D---- C:\Program Files\trend micro
2009-07-04 12:22:07 ----D---- C:\rsit
2009-07-04 11:48:47 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\WinRAR
2009-07-04 11:35:39 ----D---- C:\WINDOWS\ERUNT
2009-07-04 11:34:35 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-04 10:55:14 ----D---- C:\SDFix
2009-07-03 23:26:07 ----RSH---- C:\3j2h0tf.bat
2009-07-02 18:13:50 ----RSH---- C:\cj1m.com
2009-07-01 18:07:29 ----RSH---- C:\ix8bmwx.bat
2009-07-01 10:06:15 ----A---- C:\WINDOWS\cFosSpeed_Setup_Log.txt
2009-06-30 19:55:54 ----RSH---- C:\hifdmgt.com
2009-06-30 13:54:40 ----RSH---- C:\2nuk.com
2009-06-30 13:54:14 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll
2009-06-30 13:53:58 ----RSH---- C:\n0euybx.exe
2009-06-30 13:53:31 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
2009-06-30 13:53:31 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-06-30 11:27:50 ----A---- C:\WINDOWS\system32\Http Client_nat.dll
2009-06-30 11:12:20 ----D---- C:\Program Files\MailShare
2009-06-24 19:24:49 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\SmsDiscount
2009-06-24 19:21:22 ----D---- C:\Program Files\SmsDiscount.com
2009-06-17 02:10:35 ----A---- C:\WINDOWS\glp.INI

======List of files/folders modified in the last 1 months======

2009-07-07 21:47:20 ----RD---- C:\Program Files\cFosSpeed
2009-07-07 20:07:25 ----D---- C:\WINDOWS\system32\Filt
2009-07-07 19:55:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 19:55:23 ----D---- C:\WINDOWS\system32
2009-07-07 19:49:53 ----RD---- C:\Program Files\Mozilla Firefox
2009-07-07 19:47:24 ----A---- C:\WINDOWS\RegWorkshop.ini
2009-07-07 19:47:09 ----D---- C:\WINDOWS\Temp
2009-07-07 19:01:43 ----RD---- C:\Program Files\FlashGet
2009-07-07 15:17:26 ----RD---- C:\Program Files\hijackthis_199
2009-07-07 10:23:19 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\Microsoft
2009-07-06 03:40:29 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\foobar2000
2009-07-05 23:41:50 ----A---- C:\WINDOWS\wincmd.ini
2009-07-05 10:42:51 ----D---- C:\WINDOWS
2009-07-04 12:22:15 ----RD---- C:\Program Files
2009-07-04 11:47:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-04 11:43:56 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-04 11:37:27 ----D---- C:\WINDOWS\system32\DllCache
2009-07-04 10:40:13 ----SH---- C:\boot.ini
2009-07-04 10:40:13 ----A---- C:\WINDOWS\win.ini
2009-07-04 10:40:13 ----A---- C:\WINDOWS\system.ini
2009-07-03 23:46:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-02 01:17:22 ----RD---- C:\fotki do segregacji
2009-06-30 22:36:38 ----RSD---- C:\WINDOWS\Fonts
2009-06-30 21:43:58 ----SD---- C:\Downloads
2009-06-30 13:50:37 ----D---- C:\WINDOWS\inf
2009-06-29 18:52:15 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\Skype
2009-06-29 16:01:06 ----D---- C:\Documents and Settings\TXP\Dane aplikacji\skypePM
2009-06-24 13:29:50 ----D---- C:\Program Files\VoipCheapCom
2009-06-18 07:53:03 ----RD---- C:\Seminaria
2009-06-16 20:15:26 ----D---- C:\pendrive natalki
2009-06-15 16:39:59 ----D---- C:\Program Files\CryptLoad_1.1.6
2009-06-14 23:25:59 ----D---- C:\WINDOWS\Minidump
2009-06-12 21:24:23 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-03-17 15424]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-11 673920]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-03-17 512096]
R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 30864]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 234640]
R3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [2008-02-14 715992]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2006-02-26 147456]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-31 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-17 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 59264]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-17 20608]
S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-11 33408]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 awok5si5;awok5si5; C:\WINDOWS\system32\drivers\awok5si5.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TXP\USTAWI~1\Temp\catchme.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-02-17 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-08-05 1238344]
R2 cFosSpeedS;cFosSpeed System Service; C:\Program Files\cFosSpeed\spd.exe [2008-02-14 314584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-14 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-03-17 552064]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-01-12 707344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-04 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

-----------------EOF-----------------


Dodano Dzisiaj, 10:42:
o wlasnie tu jest czesta przyczyna problemo - ta biblioteka:

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\TXP\Ustawienia lokalne\Temp\olhrwef.exe ()O32 - AutoRun File - [2009-07-04 11:32:59 | 00,000,061 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004-06-24 00:40:52 | 00,000,050 | R--- | M] () - F:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2004-06-24 00:28:58 | 00,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05e1cfd5-f447-11dc-bab2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{05e1cfd5-f447-11dc-bab2-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.bat -- [2004-06-24 00:40:52 | 00,000,050 | R--- | M] ()
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\AutoRun\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\open\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\AutoRun\command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\open\Command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\{b9b8c5b3-f456-11dc-80e0-000c6e9d438a}\Shell\AutoRun\command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\{b9b8c5b3-f456-11dc-80e0-000c6e9d438a}\Shell\open\Command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\open\Command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat -- [2004-06-24 00:40:52 | 00,000,050 | R--- | M] ()

:Files
C:\autorun.bat
D:\autorun.bat
F:\autorun.bat
C:\3j2h0tf.bat
C:\cj1m.com
C:\ix8bmwx.bat
C:\hifdmgt.com
C:\2nuk.com
D:\n0euybx.exe
D:\3j2h0tf.bat
D:\cj1m.com
D:\ix8bmwx.bat
D:\hifdmgt.com
D:\2nuk.com
D:\n0euybx.exe
F:\3j2h0tf.bat
F:\cj1m.com
F:\ix8bmwx.bat
F:\hifdmgt.com
F:\2nuk.com
F:\n0euybx.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

[odzio]

dzieki wielkie za odpowiedz. niestety cos mi szwankuje, komputer sie nie chce resetowac - znikaja wszystkie procesy, pozostaje tylko OTL ktory po chwili przestaje odpowiadac i musze resetowac system na twardo. poczatkowo myslalem ze moze tylko nie dziala komenda resetowania wiec sprobowalem wkleic poadna formule bez ostatnich 4 linijek niestety nic sie nie zmienilo, system pada gdzies w polowie przetwarzania formuly. na wszelki wypadek wkleje jeszcze raz skana z OTLa. chyba ze mam jeszcze jakies skany dorzucic?

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-11 01:36:33 - Run 3
OTL by OldTimer - Version 3.0.6.4     Folder = C:\Documents and Settings\TXP\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

510,73 Mb Total Physical Memory | 101,46 Mb Available Physical Memory | 19,87% Memory free
1,23 Gb Paging File | 0,88 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45,27 Gb Total Space | 3,11 Gb Free Space | 6,87% Space Free | Partition Type: NTFS
Drive D: | 29,26 Gb Total Space | 3,24 Gb Free Space | 11,07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 620450A6811A41F
Current User Name: TXP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2007-12-06 22:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-01-15 16:12:35 | 01,549,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-03-17 19:48:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2008-03-23 12:41:41 | 00,387,584 | ---- | M] () -- C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE
PRC - [2008-02-14 19:27:32 | 00,863,448 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2007-05-16 10:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2008-02-14 19:27:38 | 00,314,584 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2008-11-14 23:11:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-03-17 19:48:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007-01-12 23:47:22 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe
PRC - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007-05-16 10:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2009-06-12 20:20:43 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-07-04 12:29:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-12-06 22:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
SRV - [2008-08-05 16:50:50 | 01,238,344 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv [Auto | Running])
SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-02-14 19:27:38 | 00,314,584 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS [Auto | Running])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-02-04 14:51:05 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-11-14 23:11:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2008-03-17 19:48:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2007-01-12 23:47:22 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - File not found --  -- (UPHClean [Disabled | Stopped])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-08-14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2003-03-13 12:34:48 | 00,100,224 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005-02-23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2008-06-30 18:16:00 | 00,030,864 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\DRIVERS\afw.sys -- (afw [On_Demand | Running])
DRV - [2008-06-30 18:16:14 | 00,234,640 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys -- (afwcore [On_Demand | Running])
DRV - [2008-03-17 19:48:24 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2008-07-11 16:42:08 | 00,033,408 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\Filt\ASWFilt.dll -- (ASWFilt [On_Demand | Stopped])
DRV - [2008-02-14 19:27:42 | 00,715,992 | R--- | M] (cFos Software GmbH) -- C:\WINDOWS\System32\DRIVERS\cfosspeed.sys -- (cFosSpeed [On_Demand | Running])
DRV - [2006-02-26 17:19:20 | 00,147,456 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
DRV - [2007-02-16 02:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2007-08-07 21:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2006-07-19 13:27:26 | 00,013,568 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
DRV - [2008-03-17 19:48:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007-01-31 19:54:54 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2006-11-08 00:02:36 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004-05-05 22:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2004-03-09 11:45:49 | 00,077,184 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004-03-09 12:18:09 | 00,065,504 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2003-09-06 14:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-07-11 16:41:28 | 00,673,920 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\System32\DRIVERS\SandBox.sys -- (SandBox [System | Running])
DRV - [2008-08-02 22:48:03 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004-04-26 04:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Stopped])
DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2003-06-02 07:42:14 | 00,578,304 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006-09-24 15:28:47 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008-03-26 21:29:49 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.pl
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.pl/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/ig?hl=pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.2.2
FF - prefs.js..extensions.enabledItems: {40520fe7-6336-4df2-bab1-1f1f8e11bf27}:0.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:0.9.8.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.2
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2a4ea141-f5c9-413d-9d11-af76170d33cb}:0.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {4217f6d7-406e-4b66-856d-d1a373e4f41a}:2.6.42
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.03.1
FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-11-14 23:11:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-15 04:29:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-12 20:20:47 | 00,000,000 | ---D | M]

[2008-12-07 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Extensions
[2008-12-07 15:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-10 10:23:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions
[2009-07-08 10:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2009-04-12 23:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{2a4ea141-f5c9-413d-9d11-af76170d33cb}
[2008-06-01 12:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{40520fe7-6336-4df2-bab1-1f1f8e11bf27}
[2009-06-29 15:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2009-07-08 10:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009-05-28 13:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009-04-09 10:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2008-03-20 03:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009-04-16 18:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-05-03 00:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008-11-23 19:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009-02-19 17:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-06-29 15:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\autopager@mozilla.org
[2008-06-20 19:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\faviconizetab@espion.just-size.jp
[2009-06-29 15:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\firegestures@xuldev.org
[2008-12-02 14:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\max@subfighter.com
[2008-05-26 00:55:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TXP\Dane aplikacji\mozilla\Firefox\Profiles\sy4fdsjm.default\extensions\youplayer@addons.mozilla.org
[2009-07-10 10:23:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-06-12 20:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-03-17 19:58:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2008-11-14 23:11:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009-06-12 20:20:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-06-12 20:20:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008-11-14 23:11:18 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006-12-12 11:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-06-12 20:20:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009-02-19 16:28:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Licence] C:\WINDOWS\System32\Licence.exe ()
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKCU..\Run: [Labtec Keyboard] C:\Program Files\Labtec Keyboard V5.1\KBDAP32A.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O9 - Extra 'Tools' menuitem : IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (IE7pro.com)
O9 - Extra Button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Key error. (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.244.140.241 89.228.6.83
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-17 19:03:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-04-09 00:28:17 | 00,000,000 | ---D | M] - C:\Automap -- [ NTFS ]
O32 - AutoRun File - [2009-07-11 01:15:19 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-11 01:15:19 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\AutoRun\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{344aaaef-f52d-11dd-8390-000c6e9d438a}\Shell\open\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\AutoRun\command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\{3e8c99ee-656c-11de-8588-000c6e9d438a}\Shell\open\Command - "" = G:\n0euybx.exe -- File not found
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\D\Shell\open\Command - "" = D:\3j2h0tf.bat -- [2009-07-03 23:25:39 | 00,107,500 | RHS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.bat -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-07-11 01:15:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-07-09 09:46:00 | 00,061,291 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\CV Natalia.docx
[2009-07-09 07:51:03 | 00,109,091 | RHS- | C] () -- C:\r6d0.bat
[2009-07-08 23:44:45 | 00,195,584 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\ekonomia menadzerska miarecka egz.doc
[2009-07-07 19:11:59 | 00,111,248 | RHS- | C] () -- C:\9vlgaqms.cmd
[2009-07-07 18:48:51 | 00,108,814 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\podanie_erk_8230.pdf
[2009-07-07 18:36:16 | 00,011,369 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\OPŁATA REKRUTACYJNA.docx
[2009-07-07 10:23:29 | 00,024,903 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\Elektroniczna Rejestracja Kandydatów.docx
[2009-07-07 09:38:59 | 00,092,275 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\dokument_erk_7170.pdf
[2009-07-06 03:39:14 | 00,114,768 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\Untitled.jpg
[2009-07-05 13:21:14 | 00,111,059 | RHS- | C] () -- C:\aphqg.exe
[2009-07-05 10:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Ustawienia lokalne\Dane aplikacji\GHISLER
[2009-07-05 10:42:51 | 00,552,960 | ---- | C] () -- C:\WINDOWS\AhnRpta.exe
[2009-07-05 10:24:08 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\c.exe
[2009-07-04 20:50:17 | 00,109,472 | RHS- | C] () -- C:\9kretct.exe
[2009-07-04 16:26:31 | 00,000,055 | RHS- | C] () -- C:\autorun.inf
[2009-07-04 13:30:12 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\rozklad_jazdy.doc
[2009-07-04 12:29:27 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe
[2009-07-04 12:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-07-04 12:22:07 | 00,000,000 | ---D | C] -- C:\rsit
[2009-07-04 12:21:30 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\RSIT.exe
[2009-07-04 11:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Dane aplikacji\WinRAR
[2009-07-04 11:37:27 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-07-04 11:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-07-04 10:55:14 | 00,000,000 | ---D | C] -- C:\SDFix
[2009-07-04 10:54:14 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\SDFix.exe
[2009-07-03 23:26:07 | 00,107,500 | RHS- | C] () -- C:\3j2h0tf.bat
[2009-07-02 21:29:24 | 00,136,192 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska dl czesc 2.doc
[2009-07-02 19:13:33 | 00,381,440 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska w2.doc
[2009-07-02 18:13:50 | 00,106,352 | RHS- | C] () -- C:\cj1m.com
[2009-07-01 18:07:29 | 00,106,656 | RHS- | C] () -- C:\ix8bmwx.bat
[2009-06-30 19:55:54 | 00,107,917 | RHS- | C] () -- C:\hifdmgt.com
[2009-06-30 13:54:40 | 00,108,386 | RHS- | C] () -- C:\2nuk.com
[2009-06-30 13:54:14 | 00,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-06-30 13:53:58 | 00,106,931 | RHS- | C] () -- C:\n0euybx.exe
[2009-06-30 13:53:31 | 00,106,352 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-06-30 13:53:31 | 00,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-06-30 11:27:50 | 00,103,424 | ---- | C] (MailShare.pl) -- C:\WINDOWS\System32\Http Client_nat.dll
[2009-06-30 11:12:20 | 00,000,000 | ---D | C] -- C:\Program Files\MailShare
[2009-06-29 18:56:55 | 00,013,819 | ---- | C] () -- C:\Documents and Settings\TXP\Moje dokumenty\METODY PŁATNOŚCI.docx
[2009-06-24 19:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TXP\Dane aplikacji\SmsDiscount
[2009-06-24 19:21:22 | 00,000,000 | ---D | C] -- C:\Program Files\SmsDiscount.com
[2009-06-23 01:48:58 | 00,012,237 | ---- | C] () -- C:\Documents and Settings\TXP\Pulpit\dolica.docx
[2009-06-17 02:10:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\glp.INI
[2009-01-12 02:27:12 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009-01-12 01:31:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-01-12 01:31:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-01-12 01:31:06 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-01-12 01:31:06 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008-10-27 19:05:50 | 00,003,071 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-10-27 19:05:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-06 11:00:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2008-10-06 10:52:58 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008-09-22 14:55:24 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-22 00:05:51 | 00,000,559 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-07-23 03:12:04 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008-07-23 03:12:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008-05-29 16:22:32 | 00,000,235 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008-05-29 16:21:04 | 00,002,902 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-03-21 13:21:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2008-03-17 19:56:58 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-17 19:56:58 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-17 19:56:58 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-17 19:56:58 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-03-17 19:52:08 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008-03-17 19:48:44 | 00,000,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-17 19:48:25 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008-03-17 19:46:59 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-03-17 19:46:57 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008-03-17 19:46:46 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008-03-17 19:46:16 | 00,143,360 | ---- | C] ( ) -- C:\WINDOWS\System32\ICSharpCode.SharpZipLib.dll
[2008-03-17 19:46:15 | 00,315,392 | ---- | C] () -- C:\WINDOWS\System32\tidylib.dll
[2008-03-17 19:46:15 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ue32ctmn.dll
[2008-03-17 19:46:10 | 00,409,184 | ---- | C] () -- C:\WINDOWS\System32\WCMICONS.DLL
[2008-03-17 19:46:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WCMZIP32.ORG.DLL
[2008-03-17 19:46:10 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wcmzip32.dll
[2008-03-17 19:46:09 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2008-03-17 19:46:09 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TCUNZLIB.DLL
[2008-03-17 19:46:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2008-03-17 19:46:09 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\CABRK.DLL
[2008-03-17 19:46:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\FRERES32.DLL
[2008-03-17 19:45:54 | 00,014,828 | ---- | C] () -- C:\WINDOWS\System32\wincmd.ini
[2008-03-17 19:45:54 | 00,003,083 | ---- | C] () -- C:\WINDOWS\System32\ShellDetails.ini
[2008-03-17 19:45:54 | 00,001,419 | ---- | C] () -- C:\WINDOWS\System32\color.ini
[2008-03-17 19:45:54 | 00,001,319 | ---- | C] () -- C:\WINDOWS\System32\DirSizeCalc.ini
[2008-03-17 19:45:54 | 00,001,237 | ---- | C] () -- C:\WINDOWS\System32\visualdirsize.ini
[2008-03-17 19:45:54 | 00,000,636 | ---- | C] () -- C:\WINDOWS\System32\fsplugin.ini
[2008-03-17 19:45:54 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\pkplugin.ini
[2008-03-17 19:45:54 | 00,000,055 | ---- | C] () -- C:\WINDOWS\System32\buttonbar.ini
[2008-03-17 19:45:41 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008-03-17 19:45:41 | 00,000,096 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-03-17 19:45:40 | 00,054,784 | ---- | C] () -- C:\WINDOWS\System32\sfextra.dll
[2008-03-17 19:45:38 | 00,003,752 | ---- | C] () -- C:\WINDOWS\RegWorkshop.ini
[2008-03-17 19:45:36 | 01,197,936 | ---- | C] () -- C:\WINDOWS\System32\everest_cpuid.dll
[2008-03-17 19:45:36 | 01,131,888 | ---- | C] () -- C:\WINDOWS\System32\everest_mondiag.dll
[2008-03-17 19:45:36 | 00,256,880 | ---- | C] () -- C:\WINDOWS\System32\everest_rcs.dll
[2008-03-17 19:45:36 | 00,250,736 | ---- | C] () -- C:\WINDOWS\System32\everest_rcc.dll
[2008-03-17 19:45:36 | 00,185,176 | ---- | C] () -- C:\WINDOWS\System32\everest_xpicons.dll
[2008-03-17 19:45:36 | 00,133,968 | ---- | C] () -- C:\WINDOWS\System32\everest_icons.dll
[2008-03-17 19:45:36 | 00,055,160 | ---- | C] () -- C:\WINDOWS\System32\everest_zipdll.dll
[2008-03-17 19:45:31 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\VSLWP.DLL
[2008-03-17 19:45:30 | 01,567,232 | ---- | C] () -- C:\WINDOWS\System32\LWPAPIN.DLL
[2008-03-17 19:45:30 | 01,085,440 | ---- | C] () -- C:\WINDOWS\System32\mxlinkdb.dll
[2008-03-17 19:45:30 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SCSILIB.dll
[2008-03-17 19:45:19 | 00,000,156 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008-03-17 19:45:18 | 00,000,063 | ---- | C] () -- C:\WINDOWS\System32\FTPsrv.ini
[2008-03-17 19:25:26 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007-01-15 16:12:35 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\e8main0.dll
[2001-10-26 18:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2001-07-22 01:16:20 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009-07-11 01:34:25 | 00,003,752 | ---- | M] () -- C:\WINDOWS\RegWorkshop.ini
[2009-07-11 01:33:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-11 01:33:40 | 00,360,549 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009-07-11 01:15:19 | 00,000,055 | RHS- | M] () -- C:\autorun.inf
[2009-07-11 00:50:41 | 00,094,208 | ---- | M] () -- C:\WINDOWS\System32\c.exe
[2009-07-10 10:11:52 | 00,109,091 | RHS- | M] () -- C:\r6d0.bat
[2009-07-10 02:55:46 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-07-09 13:59:55 | 00,061,291 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\CV Natalia.docx
[2009-07-09 10:37:12 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-08 23:55:27 | 00,195,584 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\ekonomia menadzerska miarecka egz.doc
[2009-07-07 19:50:51 | 00,114,768 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\Untitled.jpg
[2009-07-07 19:11:32 | 00,111,248 | RHS- | M] () -- C:\9vlgaqms.cmd
[2009-07-07 18:48:52 | 00,108,814 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\podanie_erk_8230.pdf
[2009-07-07 18:36:17 | 00,011,369 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\OPŁATA REKRUTACYJNA.docx
[2009-07-07 10:23:31 | 00,024,903 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\Elektroniczna Rejestracja Kandydatów.docx
[2009-07-07 09:39:00 | 00,092,275 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\dokument_erk_7170.pdf
[2009-07-06 20:13:04 | 00,111,059 | RHS- | M] () -- C:\aphqg.exe
[2009-07-05 23:41:50 | 00,002,902 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-07-04 20:49:49 | 00,109,472 | RHS- | M] () -- C:\9kretct.exe
[2009-07-04 13:30:13 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\rozklad_jazdy.doc
[2009-07-04 12:29:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TXP\Pulpit\OTL.exe
[2009-07-04 12:21:36 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\RSIT.exe
[2009-07-04 11:47:08 | 00,478,184 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-07-04 11:47:07 | 01,055,160 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-07-04 11:47:07 | 00,420,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-07-04 11:47:07 | 00,079,498 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-07-04 11:47:07 | 00,063,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-07-04 11:38:33 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009-07-04 11:37:27 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-07-04 10:54:54 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\SDFix.exe
[2009-07-04 10:40:13 | 00,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-07-04 10:40:13 | 00,000,232 | -HS- | M] () -- C:\boot.ini
[2009-07-04 10:40:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-07-03 23:25:39 | 00,107,500 | RHS- | M] () -- C:\3j2h0tf.bat
[2009-07-03 23:24:53 | 00,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-07-02 21:29:25 | 00,136,192 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska dl czesc 2.doc
[2009-07-02 19:13:37 | 00,381,440 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\ekonomia menedzerska w2.doc
[2009-07-02 18:13:20 | 00,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-07-02 18:13:18 | 00,106,352 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe
[2009-07-02 18:13:18 | 00,106,352 | RHS- | M] () -- C:\cj1m.com
[2009-07-01 18:07:01 | 00,106,656 | RHS- | M] () -- C:\ix8bmwx.bat
[2009-07-01 10:05:42 | 02,323,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-30 22:39:13 | 00,066,168 | ---- | M] () -- C:\Documents and Settings\TXP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-06-30 19:55:13 | 00,107,917 | RHS- | M] () -- C:\hifdmgt.com
[2009-06-30 13:54:13 | 00,108,386 | RHS- | M] () -- C:\2nuk.com
[2009-06-30 11:27:50 | 00,103,424 | ---- | M] (MailShare.pl) -- C:\WINDOWS\System32\Http Client_nat.dll
[2009-06-29 18:56:57 | 00,013,819 | ---- | M] () -- C:\Documents and Settings\TXP\Moje dokumenty\METODY PŁATNOŚCI.docx
[2009-06-29 10:00:00 | 00,106,931 | RHS- | M] () -- C:\n0euybx.exe
[2009-06-23 01:48:59 | 00,012,237 | ---- | M] () -- C:\Documents and Settings\TXP\Pulpit\dolica.docx
[2009-06-17 02:10:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\glp.INI
< End of report >


[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[odzio]

odpalilem skana, widze ze mialem troche syfu na kompie - combofix usunal ponad 1000 plikow, tylko teraz niestety nie moge wkleic loga bo jest za dlugi. nie wiem ktora czesc loga jest najistotniejsza ale poki co wkleje wszystko oprocz listy usunietych plikow, jesli jest potrzebna to dorzuce ja w nastepnym poscie.

Kod: Zaznacz wszystko

ComboFix 09-07-14.08 - TXP 2009-07-19 11:56.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.511.323 [GMT 2:00]
Uruchomiony z: c:\documents and settings\TXP\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.




TU JEST LISTA PLIKOW



.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


(((((((((((((((((((((((((   Pliki utworzone od 2009-06-19 do 2009-07-19  )))))))))))))))))))))))))))))))
.

2009-07-10 23:15 . 2009-07-10 23:15   --------   d-----w-   C:\_OTL
2009-07-09 19:35 . 2009-07-09 19:35   1878984   ----a-w-   c:\documents and settings\TXP\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-05 08:45 . 2009-07-05 08:45   --------   d-----w-   c:\documents and settings\TXP\Ustawienia lokalne\Dane aplikacji\GHISLER
2009-07-04 10:22 . 2009-07-07 19:52   --------   d-----w-   c:\program files\trend micro
2009-07-04 10:22 . 2009-07-04 10:22   --------   d-----w-   C:\rsit
2009-07-04 09:37 . 2009-07-04 09:37   578560   ----a-w-   c:\windows\system32\dllcache\user32.dll
2009-07-04 09:35 . 2009-07-04 09:35   --------   d-----w-   c:\windows\ERUNT
2009-07-04 08:55 . 2009-07-04 10:04   --------   d-----w-   C:\SDFix
2009-06-30 09:27 . 2009-06-30 09:27   103424   ----a-w-   c:\windows\system32\Http Client_nat.dll
2009-06-30 09:12 . 2009-07-01 18:37   --------   d-----w-   c:\program files\MailShare
2009-06-24 17:24 . 2009-06-30 12:21   --------   d-----w-   c:\documents and settings\TXP\Dane aplikacji\SmsDiscount
2009-06-24 17:21 . 2009-06-24 17:21   --------   d-----w-   c:\program files\SmsDiscount.com

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 10:06 . 2008-03-17 17:54   --------   d-----r-   c:\program files\cFosSpeed
2009-07-19 09:50 . 2008-03-17 17:56   --------   d-----r-   c:\program files\FlashGet
2009-07-13 00:27 . 2008-03-17 17:56   --------   d-----w-   c:\documents and settings\TXP\Dane aplikacji\foobar2000
2009-07-07 13:17 . 2008-04-24 14:14   --------   d-----r-   c:\program files\hijackthis_199
2009-07-04 09:47 . 2001-10-26 17:15   478184   ----a-w-   c:\windows\system32\perfh015.dat
2009-07-04 09:47 . 2001-10-26 17:15   79498   ----a-w-   c:\windows\system32\perfc015.dat
2009-06-30 20:39 . 2008-03-17 17:08   66168   ----a-w-   c:\documents and settings\TXP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-29 16:52 . 2008-07-01 14:13   --------   d-----w-   c:\documents and settings\TXP\Dane aplikacji\Skype
2009-06-29 14:01 . 2008-07-01 14:14   --------   d-----w-   c:\documents and settings\TXP\Dane aplikacji\skypePM
2009-06-24 11:29 . 2009-02-04 11:10   --------   d-----w-   c:\program files\VoipCheapCom
2009-06-15 14:39 . 2009-05-30 08:57   --------   d-----w-   c:\program files\CryptLoad_1.1.6
2009-05-02 20:13 . 2009-05-02 20:13   409600   ----a-w-   c:\windows\system32\wrap_oal.dll
2009-05-02 20:13 . 2009-05-02 20:13   114688   ----a-w-   c:\windows\system32\OpenAL32.dll
2009-05-01 18:30 . 2009-05-01 18:30   3366912   ----a-w-   c:\windows\system32\GPhotos.scr
2009-06-12 18:20 . 2008-12-07 13:44   134648   ----a-w-   c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-07 22:43 . 2008-12-07 22:43   0   --sh--w-   c:\windows\SB2DF70A4.tmp
.

------- Sigcheck -------

[-] 2007-02-17 10:03   578560   6A93565BE9B8422EB7538C66AC732D76   c:\windows\system32\user32.dll
[-] 2009-07-04 09:37   578560   6A93565BE9B8422EB7538C66AC732D76   c:\windows\system32\DllCache\user32.dll

[-] 2007-02-17 10:03   667648   B9CD00815EFFA790279A1D2F0D07323F   c:\windows\ie7\wininet.dll
[-] 2007-01-12 08:27   822784   BE43D00D802C92F01C8CC952C6F483F8   c:\windows\system32\wininet.dll

[-] 2007-02-17 10:33   360576   BD8686216E34E22C4ED45A2320B2BEA1   c:\windows\system32\drivers\tcpip.sys

[-] 2007-02-17 10:02   2018816   54DF9001110934C98ECFF5691B332F5F   c:\windows\system32\ntkrnlpa.exe

[-] 2007-02-17 10:02   2139136   22B96841DF0B4186FCE1498D8F695BDF   c:\windows\system32\ntoskrnl.exe

[-] 2007-01-15 14:12   1549312   E5241037518F63E806DCF75F78DC84A8   c:\windows\explorer.exe


[-] 2007-02-17 10:03   57856   AD3D9D191AEA7B5445FE1D82FFBB4788   c:\windows\system32\spoolsv.exe

[-] 2007-02-15 14:36   113664   E94C91139359A5A56ECBE4713D41E391   c:\windows\system32\wuauclt.exe

[-] 2007-02-17 10:02   1014272   100644E8387D798754A51CF05DE04EC5   c:\windows\system32\kernel32.dll

[-] 2006-01-03 17:54   1548288   30219C10F43FD0FDC0424F628D929406   c:\windows\system32\sfcfiles.dll

[-] 2007-02-15 14:35   832512   6AD47A499C341AE9C581CFFEA917844F   c:\windows\system32\comres.dll



[-] 2007-02-17 10:01   617472   19CDC3435A7C6DA3117F4E0B2C79AC5F   c:\windows\system32\comctl32.dll
[7] 2001-08-18 07:37   921088   AEF3D788DBF40C7C4D204EA45EB0C505   c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-08-25 06:51   1054208   6944354E1163DE1E6BB63F9E59B36E61   c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Labtec Keyboard"="c:\program files\Labtec Keyboard V5.1\KBDAP32A.EXE" [2008-03-23 387584]
"CFosSpeed"="c:\program files\cFosSpeed\cfosspeed.exe" [2008-02-14 863448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-17 949376]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-08-22 1157448]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
"Licence"="Licence.exe" - c:\windows\system32\Licence.exe [2007-01-08 101651]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-01-08 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"NoExpandedNewMenu"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"NoExpandedNewMenu"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\TXP\\Pulpit\\Gry i Programsy\\SmsDiscount.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-03-17 15424]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-02-11 673920]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-02-11 1238344]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-02-11 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-11 234640]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-02-11 33408]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - HELPSVC
*NewlyCreated* - SECLOGON
*NewlyCreated* - SPEEDFAN

NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Zawartość folderu 'Zaplanowane zadania'

2008-04-28 c:\windows\Tasks\Labtec Media Keyboard V5.job
- c:\progra~1\LABTEC~1.1\KBDAP32A.EXE [2008-03-23 10:41]
.
.
------- Skan uzupełniający -------
.
uStart Page = www.google.pl
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\TXP\Dane aplikacji\Mozilla\Firefox\Profiles\sy4fdsjm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig?hl=pl
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Reader 8.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 12:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1764)
c:\windows\system32\sfc_os.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\cFosSpeed\spd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2009-07-19 12:10 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-07-19 10:10

Przed: 4 802 117 632 bajtów wolnych
Po: 4 759 162 880 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=AlwaysOff

1383

tu wrzucilem calego loga na serwer megaupload

Kod: Zaznacz wszystko

http://www.megaupload.com/?d=S1KMJ4MU

[wojtas]

Wklejasz do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,54,00,65,00,72,00,6d,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,\ 73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,\
00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,\
6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,\
00,70,00,72,00,6f,00,76,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> uruchom ten plik.


1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware

[odzio]

dzieki wielkie za pomoc, zrobilem wszystko co poleciles, tylko wystapil jeden problem - przy odpalaniu msconfig wyskoczyl mi komunikat o takiej tresci

jednak i tak zamiast niego uzywam jv16 powertools wiec nie ma z tym problemu.

co to skana anti-malware to znalazl kilka swinstw ale usunal wszystko, oto log;

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.39
Wersja bazy definicji: 2421
Windows 5.1.2600 Dodatek Service Pack 2

2009-07-20 23:48:54
mbam-log-2009-07-20 (23-48-54).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 192787
Upłynęło: 19 minute(s), 10 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 2
Zainfekowane foldery: 0
Zainfekowane pliki: 2

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
c:\program files\cryptload_1.1.6\router\fritz!box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TC_UP.exe (Malware.Packer) -> Quarantined and deleted successfully.


[Okocza]

Wklej do notatnika:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE]
@=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,\
00,5c,00,70,00,63,00,68,00,65,00,61,00,6c,00,74,00,68,00,5c,00,68,00,65,00,\
6c,00,70,00,63,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,4d,00,53,00,43,00,4f,00,4e,00,46,00,49,00,47,00,2e,00,45,00,\
58,00,45,00,00,00

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

[odzio]

Błąd podczas ładowania pliku rejestru. Niewłaściwy format pliku rejestru.

taki komunikacik wyskoczyl po uruchomieniu pliku