Podejrzenie kyelogera , ew. trojan

[jacek15]

WItam

w niedziele mialem taki problem ze komputer dzialal 5 min i sie resetowal i ten porbolem powtarzal sie przez 1 godzine po godzinie ustapil.....

hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:47, on 2009-07-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ventrilo\Ventrilo -m.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administratorek\Pulpit\OTL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4695 bytes

OTL.txt

Kod: Zaznacz wszystko

OTL logfile created on: 2009-07-21 18:16:08 - Run 1
OTL by OldTimer - Version 3.0.9.2     Folder = C:\Documents and Settings\Administratorek\Pulpit
Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 161,56 Mb Available Physical Memory | 31,59% Memory free
1,22 Gb Paging File | 0,77 Gb Available in Paging File | 63,10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,11 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
Drive D: | 54,98 Gb Total Space | 12,65 Gb Free Space | 23,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACEK
Current User Name: Administratorek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2002-09-20 20:05:24 | 01,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-06-28 13:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2007-06-28 13:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
PRC - [2009-03-03 17:30:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004-07-07 06:45:00 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007-08-09 09:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009-04-25 14:23:51 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009-04-10 19:30:40 | 01,435,488 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2008-11-10 11:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo -m.exe
PRC - [2009-07-17 16:24:40 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-07-21 18:15:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administratorek\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-06-28 13:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP [Auto | Running])
SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-11-14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009-03-03 17:30:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004-07-07 06:45:00 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007-08-09 09:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009-04-25 14:23:51 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-03-01 14:25:40 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2004-09-21 01:09:10 | 00,186,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped])
DRV - [2001-08-17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running])
DRV - [2006-04-12 12:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006-04-12 12:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2009-03-25 08:42:09 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009-03-25 08:42:09 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys -- (klif [System | Running])
DRV - [2007-04-04 15:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2003-04-15 11:16:48 | 00,008,236 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Program Files\Gigabyte\ET5\markfun.w32 -- (MarkFun_NT [On_Demand | Stopped])
DRV - [2006-06-27 11:17:24 | 00,005,000 | ---- | M] () -- C:\Program Files\Dual Vibration Gamepad-Macro A\Mdirect.sys -- (msdirectx [On_Demand | Stopped])
DRV - [2004-07-07 06:39:00 | 01,893,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004-02-20 07:54:00 | 00,126,878 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2004-02-20 07:54:00 | 00,021,634 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvtunep.sys -- (nvTUNEP [Auto | Running])
DRV - [2004-02-20 07:54:00 | 00,013,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Running])
DRV - [2007-10-25 19:31:08 | 00,616,064 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002-03-25 22:02:14 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-03-01 13:34:20 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005-12-22 13:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2005-12-22 13:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2005-12-22 13:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2006-07-24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2008-01-23 23:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tapvpn.sys -- (tapvpn [On_Demand | Stopped])
DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running])
DRV - [2003-07-01 22:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004-03-17 09:22:58 | 00,117,248 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viaudios.sys -- (VIAudio [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\S-1-5-21-1454471165-1580818891-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-03 17:30:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-19 10:51:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-07-17 16:25:09 | 00,000,000 | ---D | M]

[2009-02-22 13:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Extensions
[2009-02-22 13:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-21 14:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Firefox\Profiles\y5tniubb.default\extensions
[2009-04-27 07:34:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Firefox\Profiles\y5tniubb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-03-26 20:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Firefox\Profiles\y5tniubb.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009-02-28 16:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Firefox\Profiles\y5tniubb.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009-04-30 14:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administratorek\Dane aplikacji\mozilla\Firefox\Profiles\y5tniubb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-04-27 07:35:04 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administratorek\Dane aplikacji\Mozilla\FireFox\Profiles\y5tniubb.default\searchplugins\winamp-search.xml
[2009-07-21 13:43:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-07-17 16:25:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-13 20:40:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-03-03 17:31:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-07-17 16:24:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-07-17 16:24:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-01-16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008-01-23 08:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008-06-24 19:07:32 | 00,927,224 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll
[2008-06-24 19:06:44 | 00,583,152 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBRIDGE.dll
[2008-06-24 19:05:30 | 00,955,904 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPDEMON.dll
[2009-03-03 17:30:44 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-02-19 18:44:32 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2008-06-24 19:06:56 | 00,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMARBLES.dll
[2008-06-24 19:05:58 | 00,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPNAVY.dll
[2009-07-17 16:24:44 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003-07-15 07:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-06-24 19:07:02 | 00,599,544 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPPOKER.dll
[2008-06-24 19:06:22 | 00,591,352 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPROULETTE.dll
[2008-06-24 19:06:28 | 00,550,392 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPSLOTS70.dll
[2008-06-24 19:06:38 | 00,546,296 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPSLOTS90.dll
[2009-07-14 12:20:27 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-07-14 12:20:27 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-07-14 12:20:27 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-07-14 12:20:27 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-07-14 12:20:27 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-07-14 12:20:27 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-07-14 12:20:27 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (305834 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1454471165-1580818891-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1454471165-1580818891-682003330-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\System32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-02-22 13:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-02-22 12:39:14 | 00,000,000 | ---D | M] - D:\Automap -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-07-21 18:15:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administratorek\Pulpit\OTL.exe
[2009-07-21 14:11:40 | 00,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2009-07-21 14:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009-07-21 12:43:28 | 00,382,464 | ---- | C] () -- C:\KillIt.exe
[2009-07-21 10:01:49 | 02,275,254 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\bez tytułu.bmp
[2009-07-19 23:44:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2009-07-18 22:03:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administratorek\Pulpit\Harley-Davidson Radom M1
[2009-07-18 19:00:23 | 03,908,786 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\pitbull - i know you want me.mp31247936744_[mp3.teledyski.info].mp3
[2009-07-18 18:53:13 | 03,204,107 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\jay sean - i wont tell.mp31247935975_[mp3.teledyski.info].mp3
[2009-07-18 18:45:03 | 03,484,138 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\105 dance nation vs. shaun baker - sunshine 2009.mp31247935486_[mp3.teledyski.info].mp3
[2009-07-18 18:27:09 | 03,827,283 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\eddy wata - my dream.mp31247934434_[mp3.teledyski.info].mp3
[2009-07-18 18:16:20 | 03,233,364 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\josef hedinger - one wish us (maxxx edit).mp31247935203_[mp3.teledyski.info].mp3
[2009-07-15 23:58:09 | 10,584,058 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\lol.wav
[2009-07-15 20:02:55 | 13,130,387 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Klaas_meets._Haddaway___What_Is_Love_2k9__Klaas_Club_Mix_www.djmatus.pl.mp3
[2009-07-15 19:57:55 | 09,890,707 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Alexander_Rybak___Fairytale___Digital_Boys___Dj_Tom_Cut_Bootleg__www.djmatus.pl.mp3
[2009-07-15 09:43:16 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\EVEREST Home Edition.lnk
[2009-07-15 09:43:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009-07-15 09:40:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administratorek\Moje dokumenty\Pobieranie
[2009-07-13 16:28:09 | 03,700,223 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\afromental - radio song.mp3.mp3
[2009-07-12 12:20:17 | 01,030,301 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\everybody move your body club mix Jacek.mp3
[2009-07-11 19:37:47 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Symulator.lnk
[2009-07-11 19:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\GrupaFP
[2009-07-10 21:16:39 | 03,724,884 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\sean kingston - fire burning on the dance floor.mp3
[2009-07-09 22:56:26 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Nowy Dokument programu Microsoft Word (3).doc
[2009-07-09 13:09:54 | 00,002,879 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\liberty bay -2 -3.wpt
[2009-07-08 22:15:34 | 00,025,385 | ---- | C] () -- C:\Documents and Settings\Administratorek\Moje dokumenty\ceb60d3a00006329
[2009-07-08 22:15:01 | 00,025,385 | ---- | C] () -- C:\Documents and Settings\Administratorek\Moje dokumenty\asdsadsa
[2009-07-08 21:41:36 | 03,661,354 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\rocco - everybody 9.0 [dancecore radio edit] (www.centrummp3.eu).mp3
[2009-07-08 21:38:14 | 03,352,064 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\lady gaga - paparazzi.mp31247081876_[mp3.teledyski.info].mp3
[2009-07-08 21:37:32 | 03,698,552 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\lady gaga - love game.mp31247081834_[mp3.teledyski.info].mp3
[2009-07-08 21:32:05 | 03,380,902 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\cascada - evacuate the dancefloor (radio edit).mp31247082889_[mp3.teledyski.info].mp3
[2009-07-04 17:49:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administratorek\Pulpit\ZDJECIE NOWE
[2009-07-04 14:47:01 | 00,572,168 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\sweetlove.mp3
[2009-07-03 21:07:15 | 00,000,262 | ---- | C] () -- C:\WINDOWS\725D14181706233B0D4F0216.hex
[2009-07-03 15:46:32 | 00,016,384 | ---- | C] () -- C:\Program Files\uik.dat
[2009-07-03 15:45:37 | 00,000,004 | ---- | C] () -- C:\Program Files\is.dat
[2009-07-02 23:11:22 | 03,309,013 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\117 jay delano - with you.mp31246173544_[enutka.info].mp3
[2009-07-02 10:35:54 | 06,645,583 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\casteam - time.mp31246525087_[mp3.teledyski.info].mp3
[2009-07-02 10:24:04 | 04,517,334 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\kid cudi - day n nite (crookers first remix).mp31246524377_[mp3.teledyski.info].mp3
[2009-07-02 08:33:54 | 53,396,540 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\VIII oficjalny zlot RadioParty.pl 4 up by LORDD93.mp3
[2009-07-01 10:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administratorek\Pulpit\Paczka Hands Up nr 23 by reL 30.06.2009r www.enutki.pl by reL
[2009-06-30 20:08:22 | 00,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GTA San Andreas.lnk
[2009-06-30 20:08:22 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2009-06-30 17:45:22 | 00,000,000 | ---D | C] -- C:\Program Files\MTA San Andreas
[2009-06-29 15:25:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administratorek\Moje dokumenty\GTA San Andreas User Files
[2009-06-29 15:23:53 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009-06-26 14:19:45 | 00,026,500 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\42c955b39a.jpeg
[2009-06-25 09:19:59 | 00,228,864 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Promocja jako element marketingu (16 stron).doc
[2009-06-24 23:49:53 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Plan marketingowy przedsiebiorstwa.doc
[2009-06-24 23:49:51 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Promocja jako element marketingu.doc
[2009-06-23 12:13:59 | 05,829,694 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Commicon vs. Masters at Work _ Lovestruck in work _Matt Farell 2009 b00tleg_.mp3
[2009-06-22 18:58:57 | 19,423,7056 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\Energy_2000___Enjoy_The_Summer_20.06.2009__www.djraven.pl_.mp3
[2009-06-22 11:47:55 | 00,134,134 | ---- | C] () -- C:\Documents and Settings\Administratorek\Pulpit\2009-06-22-11-47-03-688150.cut.688150-1.pdf
[2009-04-25 14:26:08 | 00,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-04-12 10:57:57 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009-04-09 18:53:14 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-03-11 12:27:11 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-06 09:54:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009-03-04 21:37:52 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-03-04 18:53:24 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-03-01 14:25:40 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009-03-01 13:41:56 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-01 13:41:51 | 00,073,052 | ---- | C] () -- C:\WINDOWS\System32\Gcd3uCpl.dll
[2009-03-01 13:41:50 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Joy5FF.dll
[2009-03-01 13:34:20 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-02-24 17:11:34 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-02-24 17:11:33 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-23 10:53:28 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009-02-22 13:19:22 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-02-22 13:18:48 | 00,126,878 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVCAP.SYS
[2009-02-22 13:13:43 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007-06-29 12:07:36 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2003-04-08 12:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-03-25 22:02:14 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-07-22 02:16:20 | 00,001,038 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-07 04:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009-07-21 18:20:00 | 20,500,512 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-07-21 18:15:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administratorek\Pulpit\OTL.exe
[2009-07-21 16:47:15 | 00,736,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009-07-21 16:00:33 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2009-07-21 12:43:28 | 00,382,464 | ---- | M] () -- C:\KillIt.exe
[2009-07-21 10:01:49 | 02,275,254 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\bez tytułu.bmp
[2009-07-21 09:25:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-07-21 09:25:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-07-20 23:31:45 | 00,073,988 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009-07-20 23:31:44 | 00,277,568 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-07-19 23:44:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
[2009-07-18 19:03:36 | 03,908,786 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\pitbull - i know you want me.mp31247936744_[mp3.teledyski.info].mp3
[2009-07-18 18:55:54 | 03,204,107 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\jay sean - i wont tell.mp31247935975_[mp3.teledyski.info].mp3
[2009-07-18 18:47:56 | 03,484,138 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\105 dance nation vs. shaun baker - sunshine 2009.mp31247935486_[mp3.teledyski.info].mp3
[2009-07-18 18:30:19 | 03,827,283 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\eddy wata - my dream.mp31247934434_[mp3.teledyski.info].mp3
[2009-07-18 18:18:53 | 03,233,364 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\josef hedinger - one wish us (maxxx edit).mp31247935203_[mp3.teledyski.info].mp3
[2009-07-17 12:34:29 | 00,042,176 | ---- | M] () -- C:\Documents and Settings\Administratorek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-07-15 23:58:10 | 10,584,058 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\lol.wav
[2009-07-15 20:10:01 | 13,130,387 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Klaas_meets._Haddaway___What_Is_Love_2k9__Klaas_Club_Mix_www.djmatus.pl.mp3
[2009-07-15 20:01:43 | 09,890,707 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Alexander_Rybak___Fairytale___Digital_Boys___Dj_Tom_Cut_Bootleg__www.djmatus.pl.mp3
[2009-07-15 17:05:49 | 00,138,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-07-15 17:05:40 | 00,201,440 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-07-15 09:43:16 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\EVEREST Home Edition.lnk
[2009-07-13 16:31:12 | 03,700,223 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\afromental - radio song.mp3.mp3
[2009-07-12 12:21:05 | 01,030,301 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\everybody move your body club mix Jacek.mp3
[2009-07-11 19:37:47 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Symulator.lnk
[2009-07-11 17:31:52 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-11 06:53:45 | 00,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-07-10 21:19:42 | 03,724,884 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\sean kingston - fire burning on the dance floor.mp3
[2009-07-09 23:39:32 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Nowy Dokument programu Microsoft Word (3).doc
[2009-07-09 13:09:53 | 00,002,879 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\liberty bay -2 -3.wpt
[2009-07-09 09:32:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-07-08 22:09:52 | 00,025,385 | ---- | M] () -- C:\Documents and Settings\Administratorek\Moje dokumenty\ceb60d3a00006329
[2009-07-08 22:09:52 | 00,025,385 | ---- | M] () -- C:\Documents and Settings\Administratorek\Moje dokumenty\asdsadsa
[2009-07-08 21:44:39 | 03,661,354 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\rocco - everybody 9.0 [dancecore radio edit] (www.centrummp3.eu).mp3
[2009-07-08 21:40:59 | 03,352,064 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\lady gaga - paparazzi.mp31247081876_[mp3.teledyski.info].mp3
[2009-07-08 21:40:36 | 03,698,552 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\lady gaga - love game.mp31247081834_[mp3.teledyski.info].mp3
[2009-07-08 21:35:11 | 03,380,902 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\cascada - evacuate the dancefloor (radio edit).mp31247082889_[mp3.teledyski.info].mp3
[2009-07-04 14:47:04 | 00,572,168 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\sweetlove.mp3
[2009-07-03 21:07:15 | 00,000,262 | ---- | M] () -- C:\WINDOWS\725D14181706233B0D4F0216.hex
[2009-07-03 15:46:32 | 00,016,384 | ---- | M] () -- C:\Program Files\uik.dat
[2009-07-03 15:45:37 | 00,000,004 | ---- | M] () -- C:\Program Files\is.dat
[2009-07-02 23:14:04 | 03,309,013 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\117 jay delano - with you.mp31246173544_[enutka.info].mp3
[2009-07-02 10:41:27 | 06,645,583 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\casteam - time.mp31246525087_[mp3.teledyski.info].mp3
[2009-07-02 10:27:50 | 04,517,334 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\kid cudi - day n nite (crookers first remix).mp31246524377_[mp3.teledyski.info].mp3
[2009-07-02 08:37:30 | 53,396,540 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\VIII oficjalny zlot RadioParty.pl 4 up by LORDD93.mp3
[2009-06-30 20:08:22 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GTA San Andreas.lnk
[2009-06-29 15:23:54 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009-06-29 15:23:25 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-06-29 00:19:38 | 03,172,198 | -H-- | M] () -- C:\Documents and Settings\Administratorek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-06-28 09:44:04 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Administratorek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-26 14:19:51 | 00,026,500 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\42c955b39a.jpeg
[2009-06-26 13:03:08 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Plan marketingowy przedsiebiorstwa.doc
[2009-06-25 12:48:13 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Promocja jako element marketingu.doc
[2009-06-23 12:15:05 | 05,829,694 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Commicon vs. Masters at Work _ Lovestruck in work _Matt Farell 2009 b00tleg_.mp3
[2009-06-22 19:28:02 | 19,423,7056 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\Energy_2000___Enjoy_The_Summer_20.06.2009__www.djraven.pl_.mp3
[2009-06-22 11:47:53 | 00,134,134 | ---- | M] () -- C:\Documents and Settings\Administratorek\Pulpit\2009-06-22-11-47-03-688150.cut.688150-1.pdf

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317
< End of report >


[Okocza]

jacek15, daj log z rsit

[jacek15]

Rsit

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administratorek at 2009-07-21 18:30:25
Microsoft Windows XP Professional Dodatek Service Pack. 1
System drive C: has 2 GB (11%) free of 20 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:00, on 2009-07-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ventrilo\Ventrilo -m.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administratorek\Pulpit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administratorek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4701 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-09-20 845340]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-07-07 2904064]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-07-07 46080]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-07-21 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\System32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-21 18:28:19 ----D---- C:\rsit
2009-07-21 14:11:40 ----D---- C:\Program Files\Steam
2009-07-21 12:43:28 ----A---- C:\KillIt.exe
2009-07-15 09:43:07 ----D---- C:\Program Files\Lavalys
2009-07-11 19:37:46 ----D---- C:\Program Files\GrupaFP
2009-06-30 20:08:22 ----D---- C:\Program Files\Rockstar Games
2009-06-30 17:45:22 ----D---- C:\Program Files\MTA San Andreas
2009-06-29 15:23:53 ----A---- C:\WINDOWS\System32\CmdLineExt.dll

======List of files/folders modified in the last 1 months======

2009-07-21 18:30:52 ----D---- C:\WINDOWS\Temp
2009-07-21 18:28:36 ----D---- C:\WINDOWS\Prefetch
2009-07-21 18:28:18 ----D---- C:\WINDOWS\System32\CatRoot2
2009-07-21 18:03:17 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 14:11:44 ----SHD---- C:\WINDOWS\Installer
2009-07-21 14:11:44 ----D---- C:\WINDOWS
2009-07-21 14:11:43 ----HD---- C:\Config.Msi
2009-07-21 14:11:40 ----D---- C:\Program Files
2009-07-21 09:25:53 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-07-21 09:25:28 ----D---- C:\WINDOWS\Debug
2009-07-20 23:31:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 20:09:15 ----D---- C:\WINDOWS\System32\drivers
2009-07-20 12:45:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 23:44:09 ----D---- C:\WINDOWS\system32
2009-07-19 23:44:04 ----HD---- C:\WINDOWS\inf
2009-07-19 17:54:15 ----D---- C:\WINDOWS\Minidump
2009-07-17 12:17:47 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-07-16 10:25:31 ----D---- C:\Documents and Settings\Administratorek\Dane aplikacji\Tibia
2009-07-15 17:05:40 ----A---- C:\WINDOWS\System32\PnkBstrB.exe
2009-07-11 17:31:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-10 12:30:25 ----RSD---- C:\WINDOWS\Fonts
2009-07-06 13:02:07 ----D---- C:\Program Files\TibiaCam TV Lite
2009-07-05 10:25:43 ----D---- C:\Program Files\Tibia
2009-07-02 13:42:10 ----D---- C:\Program Files\Gadu-Gadu
2009-07-02 11:30:18 ----D---- C:\WINDOWS\System32\DirectX
2009-07-02 09:10:34 ----D---- C:\WINDOWS\Help
2009-06-30 20:08:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-30 20:07:50 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-29 15:23:25 ----A---- C:\WINDOWS\system.ini
2009-06-28 09:43:14 ----SD---- C:\Documents and Settings\Administratorek\Dane aplikacji\Microsoft
2009-06-24 16:56:02 ----D---- C:\Program Files\TibiaBot NG
2009-06-23 17:20:02 ----D---- C:\Documents and Settings\Administratorek\Dane aplikacji\GanymedeNet
2009-06-23 10:05:06 ----D---- C:\Program Files\Lavasoft
2009-06-23 10:04:47 ----DC---- C:\WINDOWS\System32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\System32\drivers\StarOpen.sys [2006-07-24 5632]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2004-02-20 126878]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2004-02-20 21634]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2004-02-20 13360]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-03-01 223128]
R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-07 1893536]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\System32\DRIVERS\vcsvad.sys [2008-12-10 17792]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-03-17 117248]
S3 aqe274lo;aqe274lo; C:\WINDOWS\System32\drivers\aqe274lo.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\System32\Drivers\ET5Drv.sys []
S3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 msdirectx;msdirectx; \??\C:\PROGRA~1\DUALVI~1\mdirect.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PAC207;PC Camera; C:\WINDOWS\System32\DRIVERS\PFC027.SYS [2007-10-25 616064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\System32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\System32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\System32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-07-07 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2009-04-25 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


[Okocza]

C:\KillIt.exe

usuwasz ten plik.

potem wykonujesz to co podane jest w tym poście:

zhakowane-konto-wow-a-logi-po-czyszczeniu-vt111408.html#p844321