Dziwna nazwa plików a autostarcie

[pisula]

Witam.
Po uruchomieniu systemu wyskakuje komunikat o niemożliwości odnalezienia pliku o nazwie ...i tutaj w cudzysłowie zamiast nazwy wyskakują małe kwadraciki,oprócz tego gdy chcę otworzyć dysk lokalny C,otrzymuję pytanie jakim programem chcę to zrobić.Dopiero jak kliknę że IE to się otwiera,do tego dochodzą samoczynne zamknięcia przeglądarek(bez różnicy czy to jest IE,czy Mozilla.Nawet po wyłączeniu w autostarcie w/w "kwadracików",po restarcie znowu są odfajkowane.Deamon odinstalowany,poniżej logi.

Kod: Zaznacz wszystko

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-09 15:37:06
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_SP1603C rev.VL100-50
Running: czuoptwf.exe; Driver: C:\DOCUME~1\arek\USTAWI~1\Temp\pxlyqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xB63FC6C0]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xB63FC770]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xB63FC810]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xB63FC8B0]

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                      Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                                                                                                      Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\prodrv06 \Device\ProDrv06                                                                                           E1CD5C30
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5                                                                                 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12                                                                                prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\prohlp02 \Device\ProHlp02                                                                                           E1005940

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device                                                                                                                                      mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice                                                                                                                              fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                      0x96 0x7A 0xBE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                             C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                             0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                          0xAF 0x98 0x51 0xBC ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                 0x33 0xD3 0xAE 0x0C ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                           0xE1 0x39 0x7C 0xA6 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                           0xEE 0x4E 0x49 0xC0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                           0x2B 0x36 0x3E 0xE0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                           0x3F 0x5C 0x87 0x49 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                             0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                          0x96 0x7A 0xBE 0x01 ...

---- EOF - GMER 1.0.15 ----


Kod: Zaznacz wszystko

OTL logfile created on: 2010-12-09 17:39:17 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\arek\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 478,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 55,90 Gb Free Space | 37,50% Space Free | Partition Type: NTFS

Computer Name: KAROLINA | User Name: arek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-12-09 17:38:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-11-10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-10-28 19:42:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010-10-27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010-10-22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010-10-22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2005-07-06 10:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-12-09 17:38:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-05-21 11:36:53 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2005-07-06 10:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcecoms.exe -- (lxce_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda)
DRV - [2010-11-09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-08-19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007-06-19 09:56:57 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP)
DRV - [2007-04-20 13:34:54 | 000,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006-11-30 14:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006-11-30 14:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006-11-30 14:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-30 14:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006-11-30 14:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006-11-30 14:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006-11-30 14:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2004-08-25 06:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-08-03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-07-19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004-05-02 09:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2004-03-24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003-12-01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002-06-12 03:00:24 | 000,017,632 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002-06-04 12:52:54 | 000,421,792 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) Philips Proteus (7134)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
IE - HKU\S-1-5-21-583907252-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.wp.pl/"
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.51407
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010-12-08 21:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-04 14:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-27 19:46:58 | 000,000,000 | ---D | M]

[2008-08-27 15:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Extensions
[2010-12-08 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\fkdo4vpm.default\extensions
[2010-12-09 12:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-02-22 18:48:38 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010-01-02 14:27:24 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010-05-17 17:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-23 14:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008-09-21 11:33:20 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2008-01-23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-09-15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-10-28 13:00:56 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-28 13:00:56 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-28 13:00:56 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-28 13:00:56 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-28 13:00:56 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-28 13:00:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-05-16 20:38:21 | 000,395,202 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 13648 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKU\S-1-5-21-583907252-1682526488-725345543-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe ()
F3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003 WinNT: Load - (۫粑䝴
) -  File not found
F3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003 WinNT: Run - (۫粑䝴
) -  File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-05 23:11:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-10-29 15:41:19 | 000,000,107 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{05f527e8-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{05f527ea-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\{05f527eb-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
O33 - MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\Shell\AutoRun\command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\Shell\open\Command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\C\Shell\Auto\command - "" = C:\fun.xls.exe -- File not found
O33 - MountPoints2\F\Shell\Auto\command - "" = F:\fun.xls.exe -- File not found
O33 - MountPoints2\G\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\H\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-12-09 13:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\arek\Recent
[2010-12-09 09:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\forum
[2010-12-09 09:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media 3D Audio
[2010-12-09 08:18:26 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010-12-09 08:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-12-09 08:17:43 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010-12-09 07:42:06 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010-12-09 07:41:45 | 000,000,000 | ---D | C] -- C:\Intel
[2010-12-08 21:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\NoEE
[2010-12-08 21:41:21 | 000,045,056 | ---- | C] (Kworld Computer Co., Ltd.) -- C:\WINDOWS\p3xunist.exe
[2010-12-08 21:40:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010-12-08 21:40:47 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010-12-08 21:40:25 | 000,674,048 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\drivers\3xHybrid.sys
[2010-12-08 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\Easeware
[2010-12-08 21:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2010-12-08 21:15:30 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2010-12-08 21:15:30 | 004,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2010-12-08 21:15:30 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2010-12-08 21:15:29 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2010-12-08 21:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-12-08 21:14:27 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2010-12-08 21:14:26 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2010-12-08 21:01:00 | 000,000,000 | RH-D | C] -- C:\AHCache
[2010-12-08 21:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\InstallShield
[2010-12-08 21:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Apple
[2010-12-08 21:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple
[2010-12-08 20:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2010-12-08 20:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010-12-08 20:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\AVG10
[2010-12-08 20:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
[2010-12-08 20:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\FastStone
[2010-12-08 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2010-12-08 09:15:51 | 000,290,816 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34dlg2.dll
[2010-12-08 09:15:51 | 000,036,864 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34ds.dll
[2010-12-08 09:15:51 | 000,024,576 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34PCIurd.dll
[2010-12-08 09:15:51 | 000,024,576 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34I2Curd.dll
[2010-12-08 08:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\stery
[2010-12-05 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2010-12-04 14:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\RDRM
[2010-11-27 19:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-11-27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010-11-24 12:49:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-23 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\Malwarebytes
[2010-11-23 20:48:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-23 20:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-11-23 20:48:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-23 20:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-19 07:58:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\arek\Moje dokumenty\Moje wideo
[2010-11-17 08:18:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-11-16 21:26:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2010-11-16 21:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2010-11-16 21:24:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010-11-16 21:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-11-16 21:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2010-11-16 08:08:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-11-13 16:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
[2010-11-10 18:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\12
[2008-01-05 23:30:18 | 000,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-12-09 17:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-09 09:41:35 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2010-12-09 09:41:32 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-12-09 09:41:30 | 000,000,736 | ---- | M] () -- C:\WINDOWS\setup.ini
[2010-12-09 09:41:29 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010-12-09 09:11:56 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-12-09 08:59:10 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk
[2010-12-09 08:05:34 | 000,014,880 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2010-12-09 08:04:58 | 000,014,842 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-12-09 07:37:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2010-12-09 07:33:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-12-09 07:26:25 | 101,267,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010-12-08 21:40:14 | 001,467,451 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\drv_v1[1].3.3.2_can_070416.zip
[2010-12-08 21:16:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job
[2010-12-08 21:16:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DriverEasy.lnk
[2010-12-08 20:28:56 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FastStone Image Viewer.lnk
[2010-12-08 20:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-12-06 14:47:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-05 20:26:11 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\Microsoft Office Word 2007.lnk
[2010-11-30 13:47:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera_AVG_RESTORED.exe
[2010-11-30 13:47:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2010-11-30 08:03:49 | 000,090,638 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-30 08:03:49 | 000,070,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-30 08:03:49 | 000,043,118 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-30 08:03:49 | 000,033,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-27 19:35:25 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-25 15:19:14 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2011.lnk
[2010-11-24 18:17:22 | 000,011,289 | ---- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Fróhling.docx
[2010-11-23 20:48:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 13:57:39 | 847,446,016 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\the karate kid 2010.avi
[2010-11-19 18:44:18 | 734,550,016 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\shrek_4_forever_dubbing_pl upload by rogowski12(2).avi
[2010-11-18 19:20:00 | 000,010,664 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\1.docx
[2010-11-17 13:21:48 | 184,052,924 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\shrek 4 forever lektor 2010 komedia przed premiera nowosc.avi
[2010-11-16 19:37:59 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-11-13 16:57:58 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-11-12 16:16:36 | 000,076,344 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\912f9b7d6c.jpeg
[2010-11-09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-12-09 09:41:29 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010-12-09 09:41:27 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010-12-09 08:59:10 | 000,038,400 | ---- | C] () -- C:\WINDOWS\Thptbl.tbl
[2010-12-09 08:59:10 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk
[2010-12-09 08:05:34 | 000,014,880 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010-12-09 08:04:57 | 000,014,842 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-12-09 07:38:00 | 000,000,736 | ---- | C] () -- C:\WINDOWS\setup.ini
[2010-12-09 07:26:25 | 101,267,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010-12-08 21:41:21 | 000,004,357 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2010-12-08 21:40:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010-12-08 21:40:49 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010-12-08 21:40:47 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010-12-08 21:40:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2010-12-08 21:40:05 | 001,467,451 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\drv_v1[1].3.3.2_can_070416.zip
[2010-12-08 21:16:07 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job
[2010-12-08 21:16:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DriverEasy.lnk
[2010-12-08 21:15:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-12-08 21:15:30 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010-12-08 21:15:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-12-08 20:28:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FastStone Image Viewer.lnk
[2010-11-30 13:47:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera_AVG_RESTORED.exe
[2010-11-30 13:47:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010-11-24 18:17:21 | 000,011,289 | ---- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Fróhling.docx
[2010-11-23 20:48:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-22 17:41:52 | 847,446,016 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\the karate kid 2010.avi
[2010-11-18 19:19:59 | 000,010,664 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\1.docx
[2010-11-17 12:50:47 | 184,052,924 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\shrek 4 forever lektor 2010 komedia przed premiera nowosc.avi
[2010-11-17 12:50:46 | 734,550,016 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\shrek_4_forever_dubbing_pl upload by rogowski12(2).avi
[2010-11-16 21:25:49 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2011.lnk
[2010-11-13 16:57:58 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-11-12 16:16:34 | 000,076,344 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\912f9b7d6c.jpeg
[2010-10-23 14:43:10 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-01-02 14:28:35 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak
[2010-01-02 14:28:35 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak
[2010-01-02 14:28:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak
[2008-12-11 19:23:28 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008-08-18 20:05:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2008-02-21 21:08:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008-02-21 21:08:44 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008-02-21 21:08:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008-02-21 21:08:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-02-21 21:08:13 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008-02-21 21:07:51 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-02-21 21:04:54 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-29 20:09:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll
[2008-01-29 20:09:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxcejswr.dll
[2008-01-29 20:09:17 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxceinsr.dll
[2008-01-29 20:09:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcecur.dll
[2008-01-14 17:20:32 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI
[2008-01-14 17:20:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2008-01-06 15:20:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-01-06 00:02:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-05 23:38:02 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2008-01-05 23:37:55 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008-01-05 23:37:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008-01-05 23:37:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008-01-05 23:37:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2008-01-05 23:34:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-01-05 23:27:58 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008-01-05 23:19:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004-08-25 06:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004-08-03 23:44:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\sqlsrv32.dll
[2004-08-03 23:44:12 | 000,180,800 | ---- | C] () -- C:\WINDOWS\System32\sqlunirl.dll
[2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-12-08 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-12-08 20:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2010-11-16 21:26:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2010-06-06 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2010-05-16 18:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2010-10-23 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-12-08 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-12-08 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2010-11-01 18:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-05-30 19:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
[2009-12-31 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2008-10-14 12:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\AutoUpdate
[2010-12-08 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\AVG10
[2008-09-21 14:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\DAEMON Tools
[2010-12-08 21:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Easeware
[2008-01-06 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Gadu-Gadu
[2010-12-09 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Gadu-Gadu 10
[2008-01-13 15:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\InterTrust
[2010-12-08 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\ipla
[2008-08-20 11:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Leadertech
[2008-10-14 12:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Listonosz
[2010-10-23 14:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Nowe Gadu-Gadu
[2008-10-14 12:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Onet
[2009-09-13 14:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\OpenFM
[2009-01-27 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Opera
[2009-05-21 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\OTi
[2009-03-09 14:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\PCToolsFirewallPlus
[2009-05-21 11:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\PLAux
[2010-12-04 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\RDRM
[2008-05-30 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Teleca
[2010-05-20 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Uniblue
[2009-09-13 15:49:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\arek\Dane aplikacji\winn
[2008-03-29 13:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\XnView
[2010-12-08 20:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-12-08 21:16:08 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6

< End of report >


http://wklej.org/id/434877/

[wojtas]

bardzo słabe zabezpieczenie Windowsa.. ;

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()
O3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll ()
F3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003 WinNT: Load - (۫粑䝴
) - File not found
F3 - HKU\S-1-5-21-583907252-1682526488-725345543-1003 WinNT: Run - (۫粑䝴
) - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O32 - AutoRun File - [2010-10-29 15:41:19 | 000,000,107 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{05f527e8-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{05f527ea-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\{05f527eb-de03-11df-8c4b-806d6172696f}\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
O33 - MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\Shell\AutoRun\command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\Shell\open\Command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\C\Shell\Auto\command - "" = C:\fun.xls.exe -- File not found
O33 - MountPoints2\F\Shell\Auto\command - "" = F:\fun.xls.exe -- File not found
O33 - MountPoints2\G\Shell\Auto\command - "" = G:\fun.xls.exe -- File not found
O33 - MountPoints2\H\Shell\Auto\command - "" = H:\fun.xls.exe -- File not found
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6

:Files
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
C:\Program Files\Mario Forever Toolbar
C:\Documents and Settings\LocalService\Dane aplikacji\McAfee
C:\WINDOWS\tasks\*.job
AUTORUN.INF /alldrives

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Team17\Worms World Party\Wwp.exe"=-
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=-
"C:\Program Files\BitComet\BitComet.exe"=-

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]
[resethosts]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + Przy podpiętym urządzeniu przenośnym (pendrive itp) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

[pisula]

Proszę:

Kod: Zaznacz wszystko

OTL logfile created on: 2010-12-09 19:47:53 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\arek\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 477,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 59,91 Gb Free Space | 40,20% Space Free | Partition Type: NTFS

Computer Name: KAROLINA | User Name: arek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-12-09 17:38:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-11-10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-10-28 19:42:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010-10-27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010-10-22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010-10-22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2005-07-06 10:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-12-09 17:38:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\arek\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-11-10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-05-21 11:36:53 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2005-07-06 10:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcecoms.exe -- (lxce_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda)
DRV - [2010-11-09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-08-19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007-06-19 09:56:57 | 000,282,624 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP)
DRV - [2007-04-20 13:34:54 | 000,674,048 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006-11-30 14:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006-11-30 14:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006-11-30 14:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-30 14:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006-11-30 14:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006-11-30 14:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006-11-30 14:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2004-08-25 06:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-08-03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-07-19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004-05-02 09:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2004-03-24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003-12-01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002-06-12 03:00:24 | 000,017,632 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002-06-04 12:52:54 | 000,421,792 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) Philips Proteus (7134)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.wp.pl/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010-12-08 21:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-04 14:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-27 19:46:58 | 000,000,000 | ---D | M]

[2008-08-27 15:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Extensions
[2010-12-08 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Mozilla\Firefox\Profiles\fkdo4vpm.default\extensions
[2010-12-09 19:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-02-22 18:48:38 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2010-01-02 14:27:24 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010-05-17 17:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-23 14:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008-01-23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-09-15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-10-28 13:00:56 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-28 13:00:56 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-28 13:00:56 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-28 13:00:56 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-28 13:00:56 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-28 13:00:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-12-09 18:53:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-05 23:11:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-12-09 18:52:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-12-09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-12-09 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010-12-09 18:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2010-12-09 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack
[2010-12-09 18:20:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\arek\Pulpit\AC97
[2010-12-09 18:04:55 | 000,658,136 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\arek\Pulpit\KB835221.exe
[2010-12-09 13:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\arek\Recent
[2010-12-09 09:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\forum
[2010-12-09 09:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media 3D Audio
[2010-12-09 08:18:26 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010-12-09 08:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-12-09 08:17:43 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010-12-09 07:42:06 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010-12-09 07:41:45 | 000,000,000 | ---D | C] -- C:\Intel
[2010-12-08 21:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\NoEE
[2010-12-08 21:41:21 | 000,045,056 | ---- | C] (Kworld Computer Co., Ltd.) -- C:\WINDOWS\p3xunist.exe
[2010-12-08 21:40:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010-12-08 21:40:47 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010-12-08 21:40:25 | 000,674,048 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\drivers\3xHybrid.sys
[2010-12-08 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\Easeware
[2010-12-08 21:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2010-12-08 21:15:30 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2010-12-08 21:15:30 | 004,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2010-12-08 21:15:30 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2010-12-08 21:15:29 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2010-12-08 21:14:27 | 000,315,392 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2010-12-08 21:14:26 | 000,217,088 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2010-12-08 21:01:00 | 000,000,000 | RH-D | C] -- C:\AHCache
[2010-12-08 21:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\InstallShield
[2010-12-08 21:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\Apple
[2010-12-08 21:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple
[2010-12-08 20:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2010-12-08 20:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010-12-08 20:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\AVG10
[2010-12-08 20:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
[2010-12-08 20:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\FastStone
[2010-12-08 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2010-12-08 09:15:51 | 000,290,816 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34dlg2.dll
[2010-12-08 09:15:51 | 000,036,864 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34ds.dll
[2010-12-08 09:15:51 | 000,024,576 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34PCIurd.dll
[2010-12-08 09:15:51 | 000,024,576 | ---- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34I2Curd.dll
[2010-12-08 08:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\stery
[2010-12-05 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2010-12-04 14:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\RDRM
[2010-11-27 19:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010-11-27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010-11-24 12:49:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-23 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Dane aplikacji\Malwarebytes
[2010-11-23 20:48:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-23 20:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-11-23 20:48:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-23 20:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-19 07:58:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\arek\Moje dokumenty\Moje wideo
[2010-11-17 08:18:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-11-16 21:26:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2010-11-16 21:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2010-11-16 21:24:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010-11-16 21:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-11-16 21:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2010-11-16 08:08:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-11-10 18:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\arek\Pulpit\12
[2008-01-05 23:30:18 | 000,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-12-09 18:54:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-09 18:53:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-12-09 18:52:26 | 000,090,974 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-12-09 18:52:26 | 000,071,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-12-09 18:52:26 | 000,043,796 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-12-09 18:52:26 | 000,034,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-09 18:25:56 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk
[2010-12-09 18:16:21 | 101,391,564 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010-12-09 18:05:01 | 000,658,136 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\arek\Pulpit\KB835221.exe
[2010-12-09 09:41:35 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2010-12-09 09:41:32 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-12-09 09:41:30 | 000,000,736 | ---- | M] () -- C:\WINDOWS\setup.ini
[2010-12-09 09:41:29 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010-12-09 09:11:56 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-12-09 08:59:10 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk
[2010-12-09 08:05:34 | 000,014,880 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2010-12-09 08:04:58 | 000,014,842 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-12-09 07:37:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2010-12-09 07:33:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-12-08 21:16:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DriverEasy.lnk
[2010-12-08 20:28:56 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FastStone Image Viewer.lnk
[2010-12-06 14:47:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-05 20:26:11 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\Microsoft Office Word 2007.lnk
[2010-11-30 13:47:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera_AVG_RESTORED.exe
[2010-11-30 13:47:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-27 19:35:25 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-25 15:19:14 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2011.lnk
[2010-11-24 18:17:22 | 000,011,289 | ---- | M] () -- C:\Documents and Settings\arek\Moje dokumenty\Fróhling.docx
[2010-11-23 20:48:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 13:57:39 | 847,446,016 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\the karate kid 2010.avi
[2010-11-19 18:44:18 | 734,550,016 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\shrek_4_forever_dubbing_pl upload by rogowski12(2).avi
[2010-11-18 19:20:00 | 000,010,664 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\1.docx
[2010-11-17 13:21:48 | 184,052,924 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\shrek 4 forever lektor 2010 komedia przed premiera nowosc.avi
[2010-11-16 19:37:59 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-11-13 16:57:58 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-11-12 16:16:36 | 000,076,344 | ---- | M] () -- C:\Documents and Settings\arek\Pulpit\912f9b7d6c.jpeg
[2010-11-09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-12-09 18:21:32 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk
[2010-12-09 18:21:31 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010-12-09 18:16:21 | 101,391,564 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010-12-09 09:41:29 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010-12-09 09:41:27 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010-12-09 08:59:10 | 000,038,400 | ---- | C] () -- C:\WINDOWS\Thptbl.tbl
[2010-12-09 08:59:10 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MpegTV Station PCITV Remote Control.lnk
[2010-12-09 08:05:34 | 000,014,880 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010-12-09 08:04:57 | 000,014,842 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-12-09 07:38:00 | 000,000,736 | ---- | C] () -- C:\WINDOWS\setup.ini
[2010-12-08 21:41:21 | 000,004,357 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2010-12-08 21:40:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010-12-08 21:40:49 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010-12-08 21:40:47 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010-12-08 21:40:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2010-12-08 21:16:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DriverEasy.lnk
[2010-12-08 21:15:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-12-08 21:15:30 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010-12-08 21:15:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-12-08 20:28:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FastStone Image Viewer.lnk
[2010-11-30 13:47:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera_AVG_RESTORED.exe
[2010-11-30 13:47:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010-11-24 18:17:21 | 000,011,289 | ---- | C] () -- C:\Documents and Settings\arek\Moje dokumenty\Fróhling.docx
[2010-11-23 20:48:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-22 17:41:52 | 847,446,016 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\the karate kid 2010.avi
[2010-11-18 19:19:59 | 000,010,664 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\1.docx
[2010-11-17 12:50:47 | 184,052,924 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\shrek 4 forever lektor 2010 komedia przed premiera nowosc.avi
[2010-11-17 12:50:46 | 734,550,016 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\shrek_4_forever_dubbing_pl upload by rogowski12(2).avi
[2010-11-16 21:25:49 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2011.lnk
[2010-11-13 16:57:58 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2010-11-12 16:16:34 | 000,076,344 | ---- | C] () -- C:\Documents and Settings\arek\Pulpit\912f9b7d6c.jpeg
[2010-10-23 14:43:10 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-01-02 14:28:35 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak
[2010-01-02 14:28:35 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak
[2010-01-02 14:28:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak
[2008-12-11 19:23:28 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008-08-18 20:05:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2008-02-21 21:08:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008-02-21 21:08:44 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008-02-21 21:08:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008-02-21 21:08:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-02-21 21:08:13 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008-02-21 21:07:51 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-02-21 21:04:54 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-29 20:09:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll
[2008-01-29 20:09:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxcejswr.dll
[2008-01-29 20:09:17 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxceinsr.dll
[2008-01-29 20:09:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcecur.dll
[2008-01-14 17:20:32 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI
[2008-01-14 17:20:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2008-01-06 15:20:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-01-06 00:02:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-05 23:38:02 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2008-01-05 23:37:55 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008-01-05 23:37:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008-01-05 23:37:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008-01-05 23:37:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2008-01-05 23:34:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\arek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-01-05 23:27:58 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008-01-05 23:19:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004-08-25 06:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004-08-03 23:44:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\sqlsrv32.dll
[2004-08-03 23:44:12 | 000,180,800 | ---- | C] () -- C:\WINDOWS\System32\sqlunirl.dll
[2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-12-08 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-12-08 20:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2010-11-16 21:26:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2010-06-06 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2010-05-16 18:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2010-10-23 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-12-08 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-12-08 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2010-11-01 18:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-05-30 19:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
[2009-12-31 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2008-10-14 12:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\AutoUpdate
[2010-12-08 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\AVG10
[2008-09-21 14:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\DAEMON Tools
[2010-12-08 21:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Easeware
[2008-01-06 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Gadu-Gadu
[2010-12-09 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Gadu-Gadu 10
[2008-01-13 15:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\InterTrust
[2010-12-08 20:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\ipla
[2008-08-20 11:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Leadertech
[2008-10-14 12:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Listonosz
[2010-10-23 14:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Nowe Gadu-Gadu
[2008-10-14 12:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Onet
[2009-09-13 14:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\OpenFM
[2009-01-27 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Opera
[2009-05-21 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\OTi
[2009-03-09 14:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\PCToolsFirewallPlus
[2009-05-21 11:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\PLAux
[2010-12-04 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\RDRM
[2008-05-30 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Teleca
[2010-05-20 09:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\Uniblue
[2009-09-13 15:49:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\arek\Dane aplikacji\winn
[2008-03-29 13:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\arek\Dane aplikacji\XnView

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{463DF6D5-BEC1-4d67-B217-59DB692DFC53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463DF6D5-BEC1-4d67-B217-59DB692DFC53}\ deleted successfully.
C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{463DF6D5-BEC1-4D67-B217-59DB692DFC53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463DF6D5-BEC1-4D67-B217-59DB692DFC53}\ not found.
File C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll not found.
File 䝴 not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load deleted successfully.
File 䝴 not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1682526488-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05f527e8-de03-11df-8c4b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05f527e8-de03-11df-8c4b-806d6172696f}\ not found.
File E:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05f527ea-de03-11df-8c4b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05f527ea-de03-11df-8c4b-806d6172696f}\ not found.
File G:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05f527eb-de03-11df-8c4b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05f527eb-de03-11df-8c4b-806d6172696f}\ not found.
File H:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dd23152-243f-11de-9ebd-00160a0d08b8}\ not found.
File F:\wx8o0bt1.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd23152-243f-11de-9ebd-00160a0d08b8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dd23152-243f-11de-9ebd-00160a0d08b8}\ not found.
File F:\wx8o0bt1.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad9c9636-35ab-11de-9f0c-00160a0d08b8}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
File C:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File F:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\fun.xls.exe not found.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 deleted successfully.
========== FILES ==========
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} folder moved successfully.
C:\Program Files\Mario Forever Toolbar\v2.0.0.3 folder moved successfully.
C:\Program Files\Mario Forever Toolbar folder moved successfully.
C:\Documents and Settings\LocalService\Dane aplikacji\McAfee\sacore folder moved successfully.
C:\Documents and Settings\LocalService\Dane aplikacji\McAfee folder moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job moved successfully.
AUTORUN.INF not found in C:\
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Team17\Worms World Party\Wwp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare Applications\BearShare\BearShare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: arek
->Temp folder emptied: 164047243 bytes
->Temporary Internet Files folder emptied: 6257980 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54735830 bytes
->Opera cache emptied: 28767533 bytes
->Flash cache emptied: 787 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 3630236 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6699961 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 136960 bytes
Windows Temp folder emptied: 37139025 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 288,00 mb


[EMPTYFLASH]

User: All Users

User: arek
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12092010_185214

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Kod: Zaznacz wszystko

############################## | UsbFix 7.035 | [Listing]

User: arek (Administrator) # KAROLINA [ ]
Updated 05/12/10 by El Desaparecido / C_XX
Started at 20:04:18 | 09/12/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU:  Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Free Edition 2011 10.0 [(!) Disabled | Updated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 149 Gb (60 Mb free - 40%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 8 Gb (6 Mb free - 74%) [] # FAT32

################## | Listing |

[17/11/2010 - 08:18:28 | HD ]    C:\$AVG
[08/12/2010 - 21:01:00 | RHD ]    C:\AHCache
[05/01/2008 - 23:11:31 | A | 0]    C:\AUTOEXEC.BAT
[10/10/2010 - 11:03:58 | D ]    C:\Beat Up A Millionaire
[09/12/2010 - 07:33:13 | SH | 211]    C:\boot.ini
[22/07/2001 - 01:13:54 | RASH | 4952]    C:\Bootfont.bin
[08/12/2010 - 21:00:15 | SHD ]    C:\Config.Msi
[05/01/2008 - 23:11:31 | A | 0]    C:\CONFIG.SYS
[05/01/2008 - 23:17:26 | D ]    C:\Documents and Settings
[21/05/2010 - 17:56:18 | D ]    C:\download
[21/05/2010 - 17:56:05 | D ]    C:\Downloads
[15/03/2009 - 14:39:10 | SHD ]    C:\found.000
[30/03/2009 - 20:16:05 | D ]    C:\games
[10/01/2009 - 13:42:03 | A | 115224]    C:\img2-001.raw
[09/12/2010 - 07:41:45 | D ]    C:\Intel
[05/01/2008 - 23:11:31 | RASH | 0]    C:\IO.SYS
[29/01/2008 - 20:09:01 | D ]    C:\Lexmark
[16/05/2010 - 18:12:07 | A | 2722]    C:\lxce.log
[29/01/2008 - 20:09:13 | A | 278]    C:\lxcefire.csv
[29/01/2008 - 20:09:32 | A | 1004]    C:\lxceinst.csv
[04/10/2009 - 18:32:09 | A | 10303]    C:\lxcescan.log
[05/01/2008 - 23:11:31 | RASH | 0]    C:\MSDOS.SYS
[24/01/2008 - 18:08:54 | RHD ]    C:\MSOCache
[23/11/2009 - 19:52:33 | D ]    C:\My Downloads
[03/08/2004 - 21:38:34 | RASH | 47564]    C:\NTDETECT.COM
[03/08/2004 - 21:59:54 | RASH | 250624]    C:\ntldr
[09/12/2010 - 18:54:27 | ASH | 1610612736]    C:\pagefile.sys
[20/04/2008 - 16:06:04 | D ]    C:\Photo_Fun_0_0_5_beta
[20/04/2008 - 16:05:55 | A | 455486]    C:\Photo_Fun_0_0_5_beta.zip
[09/12/2010 - 18:52:23 | RD ]    C:\Program Files
[26/07/2009 - 12:47:13 | D ]    C:\ProgramData
[06/01/2008 - 01:12:15 | SHD ]    C:\RECYCLER
[09/12/2010 - 18:56:08 | SHD ]    C:\System Volume Information
[05/12/2010 - 11:37:35 | D ]    C:\Temp
[21/05/2009 - 11:33:34 | D ]    C:\USB Notebook Data
[09/12/2010 - 20:04:09 | D ]    C:\UsbFix
[09/12/2010 - 20:04:10 | A | 0]    C:\UsbFix.txt
[09/12/2010 - 18:53:04 | D ]    C:\WINDOWS
[09/12/2010 - 18:52:14 | D ]    C:\_OTL
[12/10/2010 - 10:09:42 | RD ]    E:\Pictures
[15/10/2010 - 19:34:10 | RD ]    E:\Videos
[03/07/2010 - 09:11:30 | RD ]    E:\Music

################## | E.O.F |

[wojtas]

wklej to do OTL :

OTL:
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

i daj wykonaj skrypt. następnie :


1.Uruchom OTL z opcji sprzątanie.
2. wykonaj optymalizację Windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Service Pack 3
>>> Java™ 6 Update 23

napisz jak sytuacja po czynnościach

Autor postu otrzymał pochwałę

[pisula]

Sytuacja????.............o niebo lepiej...nie ma dziwnych komunikatów i jak narazie wszystko jest ok.
Dziękuje.