Proszę o sprawdzenie loga - brak ikon.

[Tomasz]

Mam prośbę do bardziej doświadczonych. Coś ściągnęło mi sie ma kompa i w efekcie pozamieniało ikony na pulpicie i w menu start do wszystkich programów. Teraz każda ikona do programu na pulpicie ma rozszerzenie Ink. Na przykład program do zrzutów ekranu MWSnap 3.lnk <=> tak jest podpisana ikona. Ten sam problem jest z deinstalacją programu, bo nie ma ikony tylko Nie wiem jak przywrócic to wszystko do porządku. Po za tym to coś wywaliło mi z systemu Spyware Doctor 6.0 i nie mam zabezpieczonego systemu. Brak ikony nie pozwala mi go włączyc z powrotem. Zrobiłem loga programem hijackthis i odrazu przykuly moją uwagę długie wpisy w 04 są one nienaturalnie długie. Próbowałem skasowac je na własną rękę w tym programie w trybie awaryjnym ale stale otrzymywałem ten komunikat.



Zaznaczam, ze tych prób nie wykonywałem przy wyłączonym przywracaniu systemu, tylko przy włączonym. Nie chciałem dalej sam eksperymentowac na wlasną ręke i prosze o pomoc. W katalogu Windows, System, System 32 miałem kilkanaście takich ikon podpisanych 8jgsfgj5.exe [coś w tym rodzaju] Można było je ręcznie skasować więc je skasowałem a następnie dziwne wpisy w rejestrze wykasowałem za pomocą programu hijackthis. Zostały te długie i po za tym nie wiem czy czegoś nie pominąłem.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:18, on 2009-10-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [f5nqklahmf1mgc2epe220havzsprob59j248qhl698pzaf26e10f4t0afdz86chi8256p9veoobjjxw4r64v9obx368xp7l289bv5imylxiratbjuq3qhuwp29kvgroj133qgbm1mx109uxholzfxeju8802w029nxc47ohgsxxv2753cuacgmeyeisb0d3duo2w3mx4ajhz8guwejepurw5m694l1rvl56ca6sksu8suktmbr2xlrco0pqbpz56krcok9j5p5h9e62es5g9ymmfh448ktqvzrsy5pebbqyu6y8bcpmvlaq3wfo9tlkvfbo7s2j1i4ev16gl387w6scp9sfkhe65p1dvo93q3qvsc9e3y2lhui7zodn73st6i7a6ebm2of4hgklblgdaegary2rzt6uk4x8mwmnn7c2obqbmzemcscd2gdwckryt4hsalk2kdmc7g5agibrxn5z5x5ghksua1ukezzk54tx34a7uwox189ffhqpoteh5ru8o733ef1pgyimc2tlzmuwu6n8767w9ndbfm18fy3ve8j1doykjjs3gxpszap91wih0unm7mow5e821tyi5p6f7qx4oicbh19r9imlw3mnw8gfyak18i2yr6l555k45eh06f1pgx66os8cz6kczbzsdzapnv4v45kesj2ks7260z7r9rkxasihmxh8eohsrx3wc8491e04gpzs141mkbjgiak9ivk9iiaeq66lym1nv0w3d7glttk73a5d5pgkwnzbmxhvqz058vzaijzq4dok9e8podt3w8zzsxz5gorvd45aawced5f1qty8qa3kilhaio1yk19dczlnj2hbt54hq27si000hiyt98bu0lweuk2ckwrfirp1uptdouvf0o0eme56n5sisghxr1s1ejxmo9ykwmbv87jjzbratwt9gquodut19z8zppyy5ijkk2aw9458s1zn3layti3m1x9kib2g3z0knmibq9foz4gtot
O4 - HKLM\..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqy
O4 - HKLM\..\Run: [at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe" -scan
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248693903703
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8465 bytes

[Okocza]

Tomasz, daj log z combofix...

[Tomasz]

Tomasz, daj log z combofix...

Nie mogę spełnić twojej prośby, ponieważ mam stale taki komunikat zarówno jak system jest normalnie i to samo w trybie awaryjnym.


Przeskanowałem system programem RSIT.exe i OTL.exe oto logi z tych programów. Może one ci pomogą.

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by xxx at 2009-10-22 22:19:39
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 4 GB (20%) free of 19 GB
Total RAM: 2038 MB (79% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F685C3-20D9-4943-95E4-EB4224056C3F}]
Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll [2008-09-19 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{85F685C3-20D9-4943-95E4-EB4224056C3F} - Expressivo - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll [2008-09-19 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-16 149280]
"f5nqklahmf1mgc2epe220havzsprob59j248qhl698pzaf26e10f4t0afdz86chi8256p9veoobjjxw4r64v9obx368xp7l289bv5imylxiratbjuq3qhuwp29kvgroj133qgbm1mx109uxholzfxeju8802w029nxc47ohgsxxv2753cuacgmeyeisb0d3duo2w3mx4ajhz8guwejepurw5m694l1rvl56ca6sksu8suktmbr2xlrco0pqbpz56krcok9j5p5h9e62es5g9ymmfh448ktqvzrsy5pebbqyu6y8bcpmvlaq3wfo9tlkvfbo7s2j1i4ev16gl387w6scp9sfkhe65p1dvo93q3qvsc9e3y2lhui7zodn73st6i7a6ebm2of4hgklblgdaegary2rzt6uk4x8mwmnn7c2obqbmzemcscd2gdwckryt4hsalk2kdmc7g5agibrxn5z5x5ghksua1ukezzk54tx34a7uwox189ffhqpoteh5ru8o733ef1pgyimc2tlzmuwu6n8767w9ndbfm18fy3ve8j1doykjjs3gxpszap91wih0unm7mow5e821tyi5p6f7qx4oicbh19r9imlw3mnw8gfyak18i2yr6l555k45eh06f1pgx66os8cz6kczbzsdzapnv4v45kesj2ks7260z7r9rkxasihmxh8eohsrx3wc8491e04gpzs141mkbjgiak9ivk9iiaeq66lym1nv0w3d7glttk73a5d5pgkwnzbmxhvqz058vzaijzq4dok9e8podt3w8zzsxz5gorvd45aawced5f1qty8qa3kilhaio1yk19dczlnj2hbt54hq27si000hiyt98bu0lweuk2ckwrfirp1uptdouvf0o0eme56n5sisghxr1s1ejxmo9ykwmbv87jjzbratwt9gquodut19z8zppyy5ijkk2aw9458s1zn3layti3m1x9kib2g3z0knmibq9foz4gtot"=C:\hi []
"63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp"=C:\hi []
"at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21"=C:\bludick []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"PrevxRootkitRemovalTool"=C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe -scan []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2008-11-24 869888]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe"="C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe:*:Enabled:Nero Express"
"C:\Documents and Settings\xxx\Pulpit\Metin2 pl\metin2.bin"="C:\Documents and Settings\xxx\Pulpit\Metin2 pl\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\xxx\Moje dokumenty\Folder Janusza\Doom2\skulltag.exe"="C:\Documents and Settings\xxx\Moje dokumenty\Folder Janusza\Doom2\skulltag.exe:*:Enabled:Skulltag"
"C:\Documents and Settings\xxx\Moje dokumenty\Folder Janusza\Doom2\IdeSE.exe"="C:\Documents and Settings\xxx\Moje dokumenty\Folder Janusza\Doom2\IdeSE.exe:*:Enabled:IdeSE"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"F:\Sonic Robo Blast 1.0.9.4\srb2JTE.exe"="F:\Sonic Robo Blast 1.0.9.4\srb2JTE.exe:*:Enabled:srb2JTE"
"C:\Documents and Settings\xxx\Pulpit\Metin2 pl\metin2client.bin"="C:\Documents and Settings\xxx\Pulpit\Metin2 pl\metin2client.bin:*:Enabled:metin2client"
"F:\Worms 4\WORMS 4 MAYHEM\WORMS 4 MAYHEM.EXE"="F:\Worms 4\WORMS 4 MAYHEM\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - open -
.bat - edit -
.cmd - open -
.cmd - edit -
.inf - open -
.inf - install -
.ini - open -
.js - edit -
.js - open -
.com - open -
.reg - edit -
.reg - open -
.scr - open -
.scr - install -
.scr - config -
.txt - open -
.cpl - cplopen -

======List of files/folders created in the last 1 months======

2009-10-22 21:55:59 ----D---- C:\_OTL
2009-10-22 21:52:30 ----D---- C:\rsit
2009-10-22 21:45:50 ----D---- C:\32788R22FWJFW
2009-10-22 21:38:25 ----A---- C:\ComboFix.exe
2009-10-22 20:18:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-22 20:02:51 ----D---- C:\Program Files\WashAndGo
2009-10-22 20:00:20 ----RSD---- C:\WINDOWS\assembly
2009-10-22 19:59:51 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-22 16:54:40 ----D---- C:\Program Files\GRISOFT
2009-10-22 16:08:34 ----D---- C:\Program Files\EMCO
2009-10-22 15:56:37 ----D---- C:\Documents and Settings\xxx\Dane aplikacji\Malwarebytes
2009-10-22 15:56:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-22 15:56:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2009-10-22 12:42:34 ----D---- C:\WINDOWS\temp
2009-10-22 12:31:25 ----RASHD---- C:\cmdcons
2009-10-22 12:30:02 ----A---- C:\WINDOWS\zip.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\SWSC.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\SWREG.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\sed.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-22 12:30:02 ----A---- C:\WINDOWS\grep.exe
2009-10-22 12:29:57 ----D---- C:\WINDOWS\ERDNT
2009-10-22 09:06:26 ----D---- C:\WINDOWS\ERUNT
2009-10-21 15:11:14 ----SHD---- C:\WINDOWS\CSC
2009-10-20 17:25:45 ----D---- C:\Program Files\GIF Movie Gear
2009-10-15 14:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 14:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 14:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 14:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 14:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-14 16:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 16:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 16:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 16:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-12 21:35:51 ----D---- C:\Program Files\YouTube Downloader
2009-10-10 22:11:05 ----D---- C:\Documents and Settings\xxx\Dane aplikacji\MilkShape 3D 1.x.x
2009-10-09 08:52:59 ----D---- C:\Program Files\MWSnap
2009-10-07 19:45:51 ----D---- C:\Program Files\VirtuallTek
2009-10-06 20:10:14 ----D---- C:\Program Files\Gimnazjum klasa 1 - Puls zycia
2009-10-06 19:51:52 ----D---- C:\Program Files\Gimnazjum - Chemia Nowej Ery
2009-10-06 19:51:40 ----A---- C:\WINDOWS\IsUn0415.exe
2009-10-04 12:55:57 ----D---- C:\Documents and Settings\xxx\Dane aplikacji\Opera
2009-10-04 12:55:47 ----D---- C:\Program Files\Opera
2009-10-02 16:52:49 ----D---- C:\Program Files\Metin2
2009-09-30 10:00:45 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-09-30 10:00:44 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-09-30 10:00:44 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-09-30 10:00:44 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-09-30 10:00:41 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-09-30 10:00:39 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-09-27 17:45:19 ----D---- C:\Soldat
2009-09-27 17:45:19 ----D---- C:\Documents and Settings\xxx\Dane aplikacji\Soldat

======List of files/folders modified in the last 1 months======

2009-10-22 21:56:02 ----D---- C:\WINDOWS\Prefetch
2009-10-22 21:41:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-22 20:35:44 ----D---- C:\Program Files\Xvid
2009-10-22 20:35:44 ----D---- C:\Program Files\QuickTime Alternative
2009-10-22 20:35:43 ----D---- C:\Program Files\Real Alternative
2009-10-22 20:35:42 ----D---- C:\Program Files\Messenger
2009-10-22 20:18:19 ----D---- C:\WINDOWS
2009-10-22 20:17:00 ----SD---- C:\Documents and Settings\xxx\Dane aplikacji\Microsoft
2009-10-22 20:14:05 ----D---- C:\WINDOWS\Debug
2009-10-22 20:11:29 ----D---- C:\WINDOWS\system32
2009-10-22 20:11:29 ----D---- C:\Program Files\Spyware Doctor
2009-10-22 20:02:51 ----RD---- C:\Program Files
2009-10-22 20:02:45 ----SHD---- C:\WINDOWS\Installer
2009-10-22 20:02:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-22 20:00:21 ----D---- C:\WINDOWS\WinSxS
2009-10-22 20:00:02 ----HD---- C:\WINDOWS\inf
2009-10-22 19:59:55 ----D---- C:\WINDOWS\system32\mui
2009-10-22 19:59:55 ----D---- C:\Program Files\Internet Explorer
2009-10-22 18:49:35 ----D---- C:\WINDOWS\system
2009-10-22 18:44:06 ----D---- C:\WINDOWS\system32\drivers
2009-10-22 18:39:52 ----D---- C:\WINDOWS\system32\1025
2009-10-22 17:01:55 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-10-22 16:11:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-22 12:40:34 ----A---- C:\WINDOWS\system.ini
2009-10-22 12:36:10 ----SHD---- C:\RECYCLER
2009-10-22 12:34:17 ----D---- C:\WINDOWS\AppPatch
2009-10-22 12:34:13 ----D---- C:\Program Files\Common Files
2009-10-22 12:31:30 ----RASH---- C:\boot.ini
2009-10-22 12:12:41 ----D---- C:\WINDOWS\system32\config
2009-10-22 09:07:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-21 19:28:42 ----D---- C:\WINDOWS\Minidump
2009-10-21 15:11:18 ----D---- C:\Documents and Settings
2009-10-17 12:35:55 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-14 21:24:06 ----RSD---- C:\WINDOWS\Fonts
2009-10-14 16:06:31 ----D---- C:\WINDOWS\ie8updates
2009-10-14 16:06:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-03 13:17:14 ----D---- C:\WINDOWS\network diagnostic
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-02 16:57:45 ----D---- C:\WINDOWS\system32\Restore
2009-10-01 14:25:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-01 14:24:32 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-30 10:01:45 ----D---- C:\WINDOWS\Help
2009-09-30 07:18:50 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S3 awgkrpb5;awgkrpb5; C:\WINDOWS\system32\drivers\awgkrpb5.sys []
S3 BthEnum;Sterownik Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Sterownik komunikacyjny modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Sterownik portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\xxx\USTAWI~1\Temp\catchme.sys []
S3 KS-959;MA-620 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-22 19034]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\4.tmp []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-16 153376]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-08-31 1097096]

-----------------EOF-----------------

LOGI Z OTL

Zobacz

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2748103621-4288258591-4134606762-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp] File not found
O4 - HKLM..\Run: [f5nqklahmf1mgc2epe220havzsprob59j248qhl698pzaf26e10f4t0afdz86chi8256p9veoobjjxw4r64v9obx368xp7l289bv5imylxiratbjuq3qhuwp29kvgroj133qgbm1mx109uxholzfxeju8802w029nxc47ohgsxxv2753cuacgmeyeisb0d3duo2w3mx4ajhz8guwejepurw5m694l1rvl56ca6sksu8suktmbr2xlrco0pqbpz56krcok9j5p5h9e62es5g9ymmfh448ktqvzrsy5pebbqyu6y8bcpmvlaq3wfo9tlkvfbo7s2j1i4ev16gl387w6scp9sfkhe65p1dvo93q3qvsc9e3y2lhui7zodn73st6i7a6ebm2of4hgklblgdaegary2rzt6uk4x8mwmnn7c2obqbmzemcscd2gdwckryt4hsalk2kdmc7g5agibrxn5z5x5ghksua1ukezzk54tx34a7uwox189ffhqpoteh5ru8o733ef1pgyimc2tlzmuwu6n8767w9ndbfm18fy3ve8j1doykjjs3gxpszap91wih0unm7mow5e821tyi5p6f7qx4oicbh19r9imlw3mnw8gfyak18i2yr6l555k45eh06f1pgx66os8cz6kczbzsdzapnv4v45kesj2ks7260z7r9rkxasihmxh8eohsrx3wc8491e04gpzs141mkbjgiak9ivk9iiaeq66lym1nv0w3d7glttk73a5d5pgkwnzbmxhvqz058vzaijzq4dok9e8podt3w8zzsxz5gorvd45aawced5f1qty8qa3kilhaio1yk19dczlnj2hbt54hq27si000hiyt98bu0lweuk2ckwrfirp1uptdouvf0o0eme56n5sisghxr1s1ejxmo9ykwmbv87jjzbratwt9gquodut19z8zppyy5ijkk2aw9458s1zn3layti3m1x9kib2g3z0knmibq9foz4gtot] File not found


:Files
C:\Program Files\AskBarDis
C:\WINDOWS\System32\drivers\sysiowin.dll
C:\WINDOWS\System32\drivers\apisysexl.dll
C:\WINDOWS\System32\drivers\apiexlio.dll
C:\WINDOWS\System32\drivers\mmexlsys.dll
C:\WINDOWS\System32\drivers\exliowin.dll
C:\WINDOWS\System32\drivers\mmwinapi.dll
C:\WINDOWS\System32\drivers\mmwinio.dll
C:\WINDOWS\System32\drivers\apimmexl.dll
C:\WINDOWS\System32\drivers\winexlmm.dll
C:\WINDOWS\System32\drivers\iowinapi.dll
C:\WINDOWS\System32\drivers\exlwinio.dll
C:\WINDOWS\System32\drivers\iosysexl.dll
C:\WINDOWS\System32\drivers\sysexlapi.dll
C:\WINDOWS\System32\drivers\ioapimm.dll
C:\WINDOWS\System32\drivers\ioexlwin.dll
C:\WINDOWS\System32\drivers\sysapimm.dll
C:\WINDOWS\System32\drivers\sysapiio.dll
C:\WINDOWS\System32\drivers\ioexlapi.dll
C:\WINDOWS\System32\drivers\exlmmwin.dll
C:\WINDOWS\System32\drivers\apisyswin.dll
C:\WINDOWS\System32\drivers\winiomm.dll
C:\WINDOWS\System32\drivers\winapiexl.dll
C:\WINDOWS\System32\drivers\sysapiwin.dll
C:\WINDOWS\System32\drivers\exlmmsys.dll
C:\WINDOWS\System32\drivers\apimmsys.dll
C:\WINDOWS\System32\drivers\mmioapi.dll
C:\WINDOWS\System32\drivers\mmapiio.dll
C:\WINDOWS\System32\drivers\apiiosys.dll
C:\WINDOWS\System32\drivers\exlsysapi.dll
C:\WINDOWS\System32\drivers\winapiio.dll
C:\WINDOWS\System32\drivers\syswinexl.dll
C:\WINDOWS\System32\drivers\mmwinexl.dll
C:\WINDOWS\System32\drivers\ioexlsys.dll
C:\WINDOWS\System32\drivers\ioapiexl.dll
C:\WINDOWS\System32\drivers\exlsysmm.dll
C:\WINDOWS\System32\drivers\mmapiwin.dll
C:\WINDOWS\System32\drivers\sysexlwin.dll
C:\WINDOWS\System32\drivers\winiosys.dll
C:\WINDOWS\System32\drivers\apiwinsys.dll
C:\WINDOWS\System32\drivers\apiwinio.dll
C:\WINDOWS\System32\drivers\iosyswin.dll
C:\WINDOWS\System32\drivers\iowinsys.dll
C:\WINDOWS\System32\drivers\winsysio.dll
C:\WINDOWS\System32\drivers\iowinmm.dll
C:\WINDOWS\System32\drivers\winmmsys.dll
C:\WINDOWS\System32\drivers\exlsyswin.dll
C:\WINDOWS\System32\drivers\exliomm.dll
C:\WINDOWS\System32\drivers\syswinapi.dll
C:\WINDOWS\System32\drivers\exlmmapi.dll
C:\WINDOWS\System32\drivers\mmexlio.dll
C:\WINDOWS\System32\drivers\apimmio.dll
C:\WINDOWS\System32\drivers\apisysio.dll
C:\WINDOWS\System32\drivers\mmiowin.dll
C:\WINDOWS\System32\drivers\apiwinmm.dll
C:\WINDOWS\System32\drivers\sysmmexl.dll
C:\WINDOWS\System32\drivers\apimmwin.dll
C:\WINDOWS\System32\drivers\sysmmwin.dll
C:\WINDOWS\System32\drivers\exlwinmm.dll
C:\WINDOWS\System32\drivers\exlapisys.dll
C:\WINDOWS\System32\drivers\iommapi.dll
C:\WINDOWS\System32\drivers\iosysmm.dll
C:\WINDOWS\System32\drivers\exlwinapi.dll
C:\WINDOWS\System32\drivers\sysexlmm.dll
C:\WINDOWS\System32\drivers\apiwinexl.dll
C:\WINDOWS\System32\drivers\sysexlio.dll
C:\WINDOWS\System32\drivers\exlsysio.dll
C:\WINDOWS\System32\drivers\winmmio.dll
C:\WINDOWS\System32\drivers\exliosys.dll
C:\WINDOWS\System32\drivers\sysmmio.dll
C:\WINDOWS\System32\drivers\ioexlmm.dll
C:\WINDOWS\System32\drivers\9gb71fsu5gpw0vo.exe
C:\WINDOWS\System32\drivers\7ur1d3uv9i6wocr.exe
C:\WINDOWS\System32\drivers\1sa7jsrdjugm6az.exe
C:\WINDOWS\System32\drivers\opxk8w7vpdlc2t.exe
C:\WINDOWS\System32\drivers\nlpctwgfkd60d.exe
C:\WINDOWS\System32\drivers\q50d5yb7jrsdx.exe
C:\WINDOWS\System32\drivers\nt4qg1qg1arpt10.exe
C:\WINDOWS\System32\drivers\dhhu2ufgkrqkhb.exe
C:\WINDOWS\System32\drivers\85y3u19bwikgc4h.exe
C:\WINDOWS\System32\drivers\sdewq05cb0wskie.exe
C:\WINDOWS\System32\drivers\lc1vjyu1kybdjn.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

[Tomasz]

Po zastosowaniu twojej rady wiele rzeczy się usunęło, ale zostały te duże wpisy, których nie mogę nadal usunąć. Ikony w komputerze sie nadal nie zmieniły i są jak przedtem. Zresztą zobacz sam:

1] Log z programu Hijackthis.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:29, on 2009-10-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqy
O4 - HKLM\..\Run: [at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe" -scan
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248693903703
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


End of file - 7658 bytes

2] Logi z programu OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2009-10-26 12:52:49 - Run 5
OTL by OldTimer - Version 3.0.22.1     Folder = C:\Documents and Settings\xxx\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,42% Memory free
3,84 Gb Paging File | 3,35 Gb Available in Paging File | 87,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,81 Gb Total Space | 2,34 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55,69 Gb Total Space | 50,97 Gb Free Space | 91,52% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTEREK2
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-10-26 12:22:41 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxx\Pulpit\OTL.exe
PRC - [2009-08-31 11:00:38 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009-08-31 11:00:17 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009-08-16 20:14:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-08-16 20:14:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009-01-07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-08-03 11:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-08-03 11:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007-08-03 11:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005-04-05 20:19:18 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005-01-28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004-11-02 19:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2004-10-14 13:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-08-31 11:00:17 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009-08-16 20:14:59 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-01-07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-04-14 18:20:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2007-08-03 11:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005-01-28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-09-20 08:08:32 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2009-08-10 17:14:53 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-04-28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007-01-31 14:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit [Boot | Running])
DRV - [2007-01-18 13:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgArCln.sys -- (AvgArCln [System | Running])
DRV - [2005-10-22 09:06:26 | 00,019,034 | R--- | M] (Kingsun Corporation) -- C:\WINDOWS\System32\DRIVERS\KS-959.sys -- (KS-959 [On_Demand | Stopped])
DRV - [2005-04-05 20:46:28 | 00,830,684 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005-03-17 15:30:10 | 00,132,608 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2005-01-27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2004-12-13 22:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004-09-17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004-08-04 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-10-26 12:22:41 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxx\Pulpit\OTL.exe
MOD - [2009-02-13 13:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctgmhk.dll
MOD - [2009-02-13 13:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008-11-13 13:19:40 | 00,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-16 20:15:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-24 21:37:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-10 18:30:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-16 20:15:16 | 00,000,000 | ---D | M]

[2009-08-10 18:30:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dane aplikacji\mozilla\Extensions
[2009-08-10 18:30:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-08-10 14:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dane aplikacji\mozilla\Firefox\extensions
[2009-08-10 14:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dane aplikacji\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009-08-10 18:30:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dane aplikacji\mozilla\Firefox\Profiles\hypsnsri.default\extensions
[2009-09-29 15:43:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-08-10 18:30:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-08-16 20:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-07-31 00:45:28 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-07-31 00:45:28 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-08-16 20:14:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-07-31 00:45:28 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-07-30 23:44:16 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-07-31 00:45:26 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-07-30 23:44:16 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O4 - HKLM..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp]  File not found
O4 - HKLM..\Run: [at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21]  File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PrevxRootkitRemovalTool] C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248693903703 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-27 10:58:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17d7bf94-97ae-11de-9b7c-001372b6388b}\Shell\AutoRun\command - "" = G:\1di1w.exe -- File not found
O33 - MountPoints2\{17d7bf94-97ae-11de-9b7c-001372b6388b}\Shell\open\Command - "" = G:\1di1w.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-10-22 14:56:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-10-23 11:38:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\ArcaBit
[2009-10-23 12:45:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\ArcaMicroScan
[2009-10-22 14:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\Malwarebytes
[2009-10-10 21:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\MilkShape 3D 1.x.x
[2009-10-04 11:55:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\Opera
[2009-09-27 16:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Dane aplikacji\Soldat
[2009-10-22 19:04:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Abelssoft
[2009-09-26 14:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Identities
[2009-10-04 11:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Opera
[2009-10-22 15:08:34 | 00,000,000 | ---D | C] -- C:\Program Files\EMCO
[2009-10-20 16:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\GIF Movie Gear
[2009-10-06 18:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery
[2009-10-06 19:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Gimnazjum klasa 1 - Puls zycia
[2009-10-23 12:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2009-10-22 14:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-10-02 15:52:49 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2
[2009-10-23 22:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-10-09 07:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2009-10-04 11:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009-10-23 22:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-23 19:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\Team17
[2009-10-07 18:45:51 | 00,000,000 | ---D | C] -- C:\Program Files\VirtuallTek
[2009-10-22 19:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\WashAndGo
[2009-10-12 20:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009-10-26 12:26:44 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-10-26 12:22:34 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xxx\Pulpit\OTL.exe
[2009-10-23 22:12:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-10-23 22:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-10-23 22:12:00 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-10-23 22:12:00 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-10-23 22:12:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-10-23 22:11:59 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-10-23 22:11:59 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-10-23 22:11:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-10-23 22:11:59 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-10-23 12:37:29 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009-10-23 12:33:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-10-23 12:28:07 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009-10-23 07:44:38 | 00,593,920 | ---- | C] (Ymir Entertainment) -- C:\Documents and Settings\xxx\Pulpit\metin2.exe
[2009-10-22 19:00:20 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009-10-22 18:59:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009-10-22 18:58:42 | 40,583,616 | ---- | C] (Abelssoft GmbH                                              ) -- C:\Documents and Settings\xxx\Pulpit\washandgo.exe
[2009-10-22 16:18:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe
[2009-10-22 15:54:41 | 00,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2009-10-22 14:56:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-10-22 14:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-10-22 11:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-10-22 11:31:25 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-10-22 11:29:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-10-22 08:07:13 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-10-22 08:06:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-10-21 14:11:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-10-12 19:41:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Moje dokumenty\Musics GVH
[2009-10-06 18:51:40 | 00,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe
[2009-10-04 11:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Softwrap
[2009-10-04 11:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Fonts
[2009-10-04 11:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Config
[2009-09-30 09:00:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009-09-30 09:00:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009-09-30 09:00:44 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009-09-30 09:00:44 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009-09-30 09:00:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009-09-30 09:00:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009-09-30 09:00:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009-09-30 09:00:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009-09-30 09:00:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009-09-30 09:00:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009-09-30 09:00:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009-09-30 09:00:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009-09-27 16:45:19 | 00,000,000 | ---D | C] -- C:\Soldat

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-10-26 12:39:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-26 12:39:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-26 12:38:46 | 04,796,050 | -H-- | M] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-26 12:22:41 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxx\Pulpit\OTL.exe
[2009-10-25 20:29:19 | 03,546,238 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Mortal Combat Ost - Mortal Combat Theme.mp3
[2009-10-25 19:33:01 | 00,181,090 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_12.jpg
[2009-10-25 19:32:53 | 00,173,432 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_18.jpg
[2009-10-25 19:32:38 | 00,158,931 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_17.jpg
[2009-10-25 19:32:17 | 00,176,135 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_26.jpg
[2009-10-25 17:18:36 | 00,021,415 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Mortal.Kombat.project.4.5.2008.PC.torrent
[2009-10-25 16:52:14 | 01,016,374 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\443960cd08c8.bmp
[2009-10-25 16:05:31 | 00,120,688 | ---- | M] () -- C:\WINDOWS\sukienka-czarno-zlota-kr_1832.JPG
[2009-10-25 16:02:36 | 00,211,981 | ---- | M] () -- C:\WINDOWS\20979911.png
[2009-10-25 07:10:23 | 01,087,524 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-25 07:10:23 | 00,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-25 07:10:23 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-25 07:10:23 | 00,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-25 07:10:23 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-24 17:00:50 | 00,522,056 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\2d9z4wj.gif
[2009-10-24 13:28:29 | 00,804,099 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Pwncop.gif
[2009-10-24 05:02:36 | 00,019,280 | ---- | M] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-24 05:00:54 | 00,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-23 20:56:26 | 00,036,839 | ---- | M] () -- C:\WINDOWS\depilacja_golenie2.JPG
[2009-10-23 20:22:50 | 01,320,082 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\D_GHOUL.ogg
[2009-10-23 18:51:02 | 01,243,812 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\THIS SONG CONTAINS TOAST.mp3
[2009-10-23 15:08:00 | 00,049,918 | ---- | M] () -- C:\WINDOWS\g-pic-Julena_Cocktail_Dress__matt_gold.jpg
[2009-10-23 15:06:08 | 00,070,366 | ---- | M] () -- C:\WINDOWS\z6921839X.jpg
[2009-10-23 15:02:54 | 00,162,599 | ---- | M] () -- C:\WINDOWS\sukienka_.jpg
[2009-10-23 14:59:23 | 00,508,467 | ---- | M] () -- C:\WINDOWS\2617007.jpg
[2009-10-23 14:57:38 | 00,246,920 | ---- | M] () -- C:\WINDOWS\sukienka-czarno-zlota-kr_183.jpg
[2009-10-23 14:54:55 | 00,015,170 | ---- | M] () -- C:\WINDOWS\370x-1-c32f80e0d292cc0389a1ffede16f5e64.jpg
[2009-10-23 14:54:22 | 00,041,463 | ---- | M] () -- C:\WINDOWS\depilacja_golenie.jpg
[2009-10-23 14:50:25 | 00,098,846 | ---- | M] () -- C:\WINDOWS\cenzura-spam-czarna-sukienka-min_9.jpg
[2009-10-23 14:47:16 | 00,036,314 | ---- | M] () -- C:\WINDOWS\fc344cf2.jpg
[2009-10-23 14:42:02 | 00,078,875 | ---- | M] () -- C:\WINDOWS\z5678238X.jpg
[2009-10-22 19:03:04 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\1-Klick-EasyClean starten.lnk
[2009-10-22 19:03:04 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\WashAndGo.lnk
[2009-10-22 18:58:44 | 40,583,616 | ---- | M] (Abelssoft GmbH                                              ) -- C:\Documents and Settings\xxx\Pulpit\washandgo.exe
[2009-10-22 16:18:19 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe
[2009-10-22 15:54:41 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.ico
[2009-10-22 15:37:52 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-10-22 15:15:04 | 00,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malware Destroyer.lnk
[2009-10-22 14:56:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.ico
[2009-10-22 11:40:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-22 11:31:30 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-10-22 11:13:08 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009-10-22 08:07:13 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-10-21 12:59:10 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-20 16:25:46 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\GIF Movie Gear.lnk
[2009-10-20 14:06:01 | 00,073,383 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\fbsmall.gif
[2009-10-20 12:22:42 | 00,003,490 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\xmas1.gif
[2009-10-18 18:05:44 | 00,027,375 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Bowser.PNG
[2009-10-18 18:05:19 | 00,030,178 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Super_Mario_Bros_style_M_LSS_Backgounds___Misc_p2a.PNG
[2009-10-18 18:05:01 | 00,042,721 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Super_Mario_Bros_style_M_LSS_Backgounds___Misc_pa.PNG
[2009-10-17 17:56:28 | 04,056,711 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\O Fortuna.mp3
[2009-10-17 11:35:55 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-16 20:28:27 | 00,013,570 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mlpit_shroobs_xando.png
[2009-10-15 18:23:00 | 09,465,756 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\04 With Me.mp3
[2009-10-14 19:53:28 | 00,015,057 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Bombs_large.gif
[2009-10-14 16:19:24 | 00,165,448 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Untitled2.wav
[2009-10-12 20:54:14 | 12,895,011 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Dschinghis Khan - Moskau.mp4
[2009-10-12 20:45:07 | 44,738,555 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Pingas Khan - Pingaskau.mp4
[2009-10-12 20:35:52 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\YouTube Downloader.lnk
[2009-10-12 20:30:42 | 03,096,551 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\YouTubeDownloaderSetup252.exe
[2009-10-11 13:28:26 | 05,254,164 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\The Final Pingas.mp3
[2009-10-10 21:08:39 | 03,589,102 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\PINGAS!.mp3
[2009-10-10 21:05:41 | 01,786,778 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\final pingas.mp3
[2009-10-10 20:58:07 | 00,049,115 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mario-sonic.png
[2009-10-10 18:56:00 | 03,058,701 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\Help me ERIN!!.mp3
[2009-10-10 10:15:29 | 02,527,688 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\enough.snd
[2009-10-10 10:15:21 | 02,527,688 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\mah boi.snd
[2009-10-10 10:15:05 | 02,527,688 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\dinner.snd
[2009-10-09 07:52:59 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\MWSnap 3.lnk
[2009-10-08 17:07:17 | 01,786,775 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\scatman john - scatman's world.mp3
[2009-10-07 18:45:53 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Chars.lnk
[2009-10-07 18:45:53 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Fighter Factory.lnk
[2009-10-07 17:06:16 | 00,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Global.sw2
[2009-10-06 19:23:11 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-06 19:10:15 | 00,001,332 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum klasa 1 - Puls życia.lnk
[2009-10-06 18:51:55 | 00,001,322 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[2009-10-04 11:55:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2009-10-03 17:11:46 | 00,146,628 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\_save94149.sav
[2009-10-03 17:06:47 | 00,153,812 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\auto1
[2009-10-02 19:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-10-02 18:30:20 | 01,071,982 | ---- | M] () -- C:\Documents and Settings\xxx\Moje dokumenty\D_GHOULD.mp3
[2009-10-01 13:25:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009-09-30 12:14:37 | 10,887,1769 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part4.rar
[2009-09-30 11:39:50 | 20,447,2320 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part3.rar
[2009-09-30 10:54:55 | 20,447,2320 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part2.rar
[2009-09-30 10:20:43 | 20,447,2320 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part1.rar
[2009-09-27 16:47:26 | 00,000,000 | R--- | M] () -- C:\logwmemory.bin
[2009-09-26 19:26:50 | 00,109,056 | ---- | M] () -- C:\Documents and Settings\xxx\Pulpit\Codes of Super Mario 64 (All).doc

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-25 20:29:19 | 03,546,238 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Mortal Combat Ost - Mortal Combat Theme.mp3
[2009-10-25 19:33:57 | 00,181,090 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_12.jpg
[2009-10-25 19:33:43 | 00,173,432 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_18.jpg
[2009-10-25 19:32:43 | 00,158,931 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_17.jpg
[2009-10-25 19:32:26 | 00,176,135 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mkd_26.jpg
[2009-10-25 17:18:36 | 00,021,415 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Mortal.Kombat.project.4.5.2008.PC.torrent
[2009-10-25 16:52:14 | 01,016,374 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\443960cd08c8.bmp
[2009-10-25 16:05:31 | 00,120,688 | ---- | C] () -- C:\WINDOWS\sukienka-czarno-zlota-kr_1832.JPG
[2009-10-24 17:02:59 | 00,522,056 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\2d9z4wj.gif
[2009-10-24 14:47:02 | 00,804,099 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Pwncop.gif
[2009-10-24 11:37:11 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009-10-23 20:56:26 | 00,036,839 | ---- | C] () -- C:\WINDOWS\depilacja_golenie2.JPG
[2009-10-23 20:22:50 | 01,320,082 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\D_GHOUL.ogg
[2009-10-23 18:51:01 | 01,243,812 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\THIS SONG CONTAINS TOAST.mp3
[2009-10-23 15:08:14 | 00,049,918 | ---- | C] () -- C:\WINDOWS\g-pic-Julena_Cocktail_Dress__matt_gold.jpg
[2009-10-23 15:06:35 | 00,070,366 | ---- | C] () -- C:\WINDOWS\z6921839X.jpg
[2009-10-23 15:03:03 | 00,162,599 | ---- | C] () -- C:\WINDOWS\sukienka_.jpg
[2009-10-23 15:02:13 | 00,078,875 | ---- | C] () -- C:\WINDOWS\z5678238X.jpg
[2009-10-23 14:59:30 | 00,508,467 | ---- | C] () -- C:\WINDOWS\2617007.jpg
[2009-10-23 14:58:15 | 00,246,920 | ---- | C] () -- C:\WINDOWS\sukienka-czarno-zlota-kr_183.jpg
[2009-10-23 14:56:58 | 00,211,981 | ---- | C] () -- C:\WINDOWS\20979911.png
[2009-10-23 14:55:06 | 00,015,170 | ---- | C] () -- C:\WINDOWS\370x-1-c32f80e0d292cc0389a1ffede16f5e64.jpg
[2009-10-23 14:54:31 | 00,041,463 | ---- | C] () -- C:\WINDOWS\depilacja_golenie.jpg
[2009-10-23 14:50:46 | 00,098,846 | ---- | C] () -- C:\WINDOWS\cenzura-spam-czarna-sukienka-min_9.jpg
[2009-10-23 14:47:59 | 00,036,314 | ---- | C] () -- C:\WINDOWS\fc344cf2.jpg
[2009-10-22 19:03:04 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\1-Klick-EasyClean starten.lnk
[2009-10-22 19:03:04 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\WashAndGo.lnk
[2009-10-22 15:54:41 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.ico
[2009-10-22 15:15:04 | 00,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malware Destroyer.lnk
[2009-10-22 14:56:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.ico
[2009-10-22 11:31:27 | 00,262,400 | ---- | C] () -- C:\cmldr
[2009-10-21 16:55:52 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-10-20 16:25:46 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\GIF Movie Gear.lnk
[2009-10-20 14:06:01 | 00,073,383 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\fbsmall.gif
[2009-10-20 12:22:42 | 00,003,490 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\xmas1.gif
[2009-10-19 18:33:24 | 10,971,194 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\01 Knight of the Wind.mp3
[2009-10-18 18:05:44 | 00,027,375 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Bowser.PNG
[2009-10-18 18:05:19 | 00,030,178 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Super_Mario_Bros_style_M_LSS_Backgounds___Misc_p2a.PNG
[2009-10-18 18:05:01 | 00,042,721 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Super_Mario_Bros_style_M_LSS_Backgounds___Misc_pa.PNG
[2009-10-17 17:56:11 | 04,056,711 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\O Fortuna.mp3
[2009-10-16 20:28:27 | 00,013,570 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mlpit_shroobs_xando.png
[2009-10-15 18:23:00 | 09,465,756 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\04 With Me.mp3
[2009-10-14 19:53:28 | 00,015,057 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Bombs_large.gif
[2009-10-14 16:19:23 | 00,165,448 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Untitled2.wav
[2009-10-12 20:54:14 | 12,895,011 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Dschinghis Khan - Moskau.mp4
[2009-10-12 20:45:07 | 44,738,555 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Pingas Khan - Pingaskau.mp4
[2009-10-12 20:35:52 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\YouTube Downloader.lnk
[2009-10-12 20:29:39 | 03,096,551 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\YouTubeDownloaderSetup252.exe
[2009-10-11 13:28:03 | 05,254,164 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\The Final Pingas.mp3
[2009-10-10 21:07:46 | 03,589,102 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\PINGAS!.mp3
[2009-10-10 21:05:21 | 01,786,778 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\final pingas.mp3
[2009-10-10 20:58:07 | 00,049,115 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mario-sonic.png
[2009-10-10 18:55:22 | 03,058,701 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\Help me ERIN!!.mp3
[2009-10-10 10:15:29 | 02,527,688 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\enough.snd
[2009-10-10 10:15:21 | 02,527,688 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\mah boi.snd
[2009-10-10 10:15:05 | 02,527,688 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\dinner.snd
[2009-10-09 07:52:59 | 00,000,606 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\MWSnap 3.lnk
[2009-10-08 17:06:11 | 01,786,775 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\scatman john - scatman's world.mp3
[2009-10-07 18:45:53 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Chars.lnk
[2009-10-07 18:45:52 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Fighter Factory.lnk
[2009-10-06 19:10:15 | 00,001,332 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum klasa 1 - Puls życia.lnk
[2009-10-06 18:51:55 | 00,001,322 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gimnazjum - Chemia Nowej Ery.lnk
[2009-10-04 11:55:51 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2009-10-04 11:21:36 | 00,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Global.sw2
[2009-10-02 18:30:20 | 01,071,982 | ---- | C] () -- C:\Documents and Settings\xxx\Moje dokumenty\D_GHOULD.mp3
[2009-10-02 16:57:17 | 00,153,812 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\auto1
[2009-09-30 12:14:34 | 10,887,1769 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part4.rar
[2009-09-30 11:39:46 | 20,447,2320 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part3.rar
[2009-09-30 10:54:49 | 20,447,2320 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part2.rar
[2009-09-30 10:20:37 | 20,447,2320 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Fifty.Dead.Men.Walking.2008.PL.DVDRip.XviD_by-jbog.part1.rar
[2009-09-27 16:47:26 | 00,000,000 | R--- | C] () -- C:\logwmemory.bin
[2009-09-26 19:26:50 | 00,109,056 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\Codes of Super Mario 64 (All).doc
[2009-09-26 15:30:27 | 00,146,628 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\_save94149.sav
[2009-09-26 15:22:47 | 03,614,584 | ---- | C] () -- C:\Documents and Settings\xxx\Pulpit\M&L.exe
[2009-08-21 14:22:53 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-19 13:37:27 | 00,000,407 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009-08-14 15:07:29 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-10 17:14:53 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-08-10 14:42:31 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-08-10 14:40:03 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-08-10 14:40:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-10 14:39:34 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-10 14:39:34 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-10 12:40:48 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-08-10 11:14:04 | 00,019,280 | ---- | C] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-07-27 18:15:37 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009-07-27 12:43:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2009-07-27 11:27:27 | 04,796,050 | -H-- | C] () -- C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-07-27 11:27:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-07-27 11:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\xxx\Dane aplikacji\desktop.ini
[2004-08-04 11:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 11:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2A81F9CE
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9591C9FE
< End of report >

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp] File not found
O4 - HKLM..\Run: [at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21] File not found
O33 - MountPoints2\{17d7bf94-97ae-11de-9b7c-001372b6388b}\Shell\AutoRun\command - "" = G:\1di1w.exe -- File not found
O33 - MountPoints2\{17d7bf94-97ae-11de-9b7c-001372b6388b}\Shell\open\Command - "" = G:\1di1w.exe -- File not found

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .



wejdz do konsoli odzyskiwania

W linii komend wpisz polecenie:

chkdsk c: /r

potem exit

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.lnk]
@="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

[HKEY_CLASSES_ROOT\lnkfile]
@="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
@="Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
@="lnkfile"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem restart kompa

poczytaj i zastosuj porady o rozszerzeniu :

http://www.searchengines.pl/index.php?showtopic=79791&st=0&p=395643&#entry395643

[Tomasz]

Powyższe dwa kroki zrobiłem bezproblemowo ale z tym co widzisz jest problem bo na zainfekowanym komputerze nie mogę utworzyć pliku FIX.REG. Na drugim "zdrowym" komputerze utworzyłem ten plik i kiedy go przeniosłem na zainfekowany komputer plik zmienił się w coś takiego i nie mogę scalić z rejestrem. Czy możesz pomóc ?

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.lnk]
@="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

[HKEY_CLASSES_ROOT\lnkfile]
@="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
@="Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
@="lnkfile"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

[wojtas]

zastosuj to:

http://www.searchengines.pl/index.php?showtopic=79791&st=0&p=395643&#entry395643

czyli pobierz: UnHookExec.inf (tam masz opisane co i jak ) potem reset. jesli to nie pomoże to poczytaj:

Jeśli rozszerzenie *.REG jest uszkodzone ( tam masz opis co zrobić) jak uda się to wykonać spróbuj podesłać loga z combofixa

[Tomasz]

Witam

A więc tak:
- Poszedłem na stronę podaną przez Ciebie i pobrałem UnHookExec.inf i dokonałem zmian ikony zostały przywrócone do stanu normalności po za małym wyjątkiem. Na pasku obok Startu mam ikonę pokaż pulpit i ona sie nie zmieniła nadal jest taka sama jak wyżej [Typ pliku SCF] Reszta jest normalnie. Scaliłem też twój plik FIX REG i dodałen do rejestru. Reset kompa i uruchomiłem Combo Fix

LOGI Z COMBOFIX

Kod: Zaznacz wszystko

ComboFix 09-11-02.02 - xxx 2009-11-03  8:39.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1626 [GMT 1:00]
Uruchomiony z: c:\documents and settings\xxx\Pulpit\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-10-03 do 2009-11-03  )))))))))))))))))))))))))))))))
.

2009-11-02 12:58 . 2008-04-14 17:20   221184   ----a-w-   c:\windows\system32\wmpns.dll
2009-11-02 12:58 . 2009-11-02 12:58   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-11-02 12:56 . 2009-11-02 12:56   --------   d-----w-   c:\windows\system32\drivers\UMDF
2009-11-02 08:14 . 2009-11-02 22:26   --------   d-----w-   c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Ashampoo
2009-11-02 08:11 . 2009-11-02 08:11   --------   d-----w-   c:\program files\Ashampoo
2009-10-23 21:12 . 2009-10-23 21:12   --------   d-----w-   c:\windows\system32\XPSViewer
2009-10-23 21:12 . 2009-10-23 21:12   --------   d-----w-   c:\program files\MSBuild
2009-10-23 21:12 . 2009-10-23 21:12   --------   d-----w-   c:\program files\Reference Assemblies
2009-10-23 21:12 . 2008-07-06 12:06   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-23 21:12 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-10-23 21:12 . 2008-07-06 10:50   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-23 21:11 . 2008-07-06 12:06   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-23 21:11 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-10-23 21:11 . 2008-07-06 12:06   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-10-23 21:11 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-10-23 18:05 . 2009-10-23 18:05   --------   d-----w-   c:\program files\Team17
2009-10-23 11:45 . 2009-10-23 11:45   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\ArcaMicroScan
2009-10-23 11:28 . 2009-10-23 11:28   --------   d-----w-   C:\ERDNT
2009-10-23 10:38 . 2009-10-23 10:38   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\ArcaBit
2009-10-22 18:04 . 2009-10-22 18:04   --------   d-----w-   c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Abelssoft
2009-10-22 18:02 . 2009-10-23 11:45   --------   d-----w-   c:\program files\WashAndGo
2009-10-22 14:08 . 2009-10-22 14:08   --------   d-----w-   c:\program files\EMCO
2009-10-22 13:56 . 2009-10-22 13:56   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\Malwarebytes
2009-10-22 13:56 . 2009-10-22 13:56   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-10-22 07:07 . 2009-10-22 07:07   580096   -c--a-w-   c:\windows\system32\dllcache\user32.dll
2009-10-22 07:06 . 2009-10-23 11:42   --------   d-----w-   c:\windows\ERUNT
2009-10-21 15:55 . 2009-10-22 14:37   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-10-21 15:54 . 2009-10-21 15:54   --------   d-----w-   c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera
2009-10-21 13:32 . 2009-10-21 13:32   --------   d-----w-   c:\documents and settings\Administrator\DoctorWeb
2009-10-21 13:11 . 2009-07-27 11:43   --------   d-----w-   c:\documents and settings\Administrator\Moje dokumenty
2009-10-21 13:11 . 2009-07-27 11:43   --------   d-----r-   c:\documents and settings\Administrator\Menu Start
2009-10-21 13:11 . 2009-07-27 09:54   --------   d--h--w-   c:\documents and settings\Administrator\Szablony
2009-10-21 13:11 . 2009-10-22 07:43   --------   d-----w-   c:\documents and settings\Administrator
2009-10-20 15:25 . 2009-10-20 15:25   --------   d-----w-   c:\program files\GIF Movie Gear
2009-10-12 19:35 . 2009-10-12 19:35   --------   d-----w-   c:\program files\YouTube Downloader
2009-10-10 20:11 . 2009-10-10 20:13   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\MilkShape 3D 1.x.x
2009-10-09 06:52 . 2009-10-09 06:53   --------   d-----w-   c:\program files\MWSnap
2009-10-07 17:45 . 2009-10-07 17:45   --------   d-----w-   c:\program files\VirtuallTek
2009-10-06 18:10 . 2009-10-22 18:35   --------   d-----w-   c:\program files\Gimnazjum klasa 1 - Puls zycia
2009-10-06 17:51 . 2009-10-22 18:35   --------   d-----w-   c:\program files\Gimnazjum - Chemia Nowej Ery
2009-10-06 17:51 . 1998-10-07 09:54   327168   ----a-w-   c:\windows\IsUn0415.exe
2009-10-04 10:55 . 2009-10-04 10:55   --------   d-----w-   c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Opera
2009-10-04 10:55 . 2009-10-04 10:55   --------   d-----w-   c:\program files\Opera

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 07:38 . 2009-08-10 14:56   --------   d---a-w-   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-11-02 21:50 . 2009-08-10 14:56   --------   d-----w-   c:\program files\Spyware Doctor
2009-11-02 09:35 . 2009-08-10 14:53   --------   d-----w-   c:\program files\English_Translator_XT_PORTABLE
2009-10-25 06:10 . 2004-08-04 10:00   83660   ----a-w-   c:\windows\system32\perfc015.dat
2009-10-25 06:10 . 2004-08-04 10:00   490284   ----a-w-   c:\windows\system32\perfh015.dat
2009-10-24 11:33 . 2009-08-10 13:30   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\Winamp
2009-10-24 04:02 . 2009-08-10 10:14   19280   ----a-w-   c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-23 06:48 . 2009-10-02 14:52   --------   d-----w-   c:\program files\Metin2
2009-10-22 18:35 . 2009-08-10 13:42   --------   d-----w-   c:\program files\QuickTime Alternative
2009-10-22 18:35 . 2009-08-10 13:39   --------   d-----w-   c:\program files\Xvid
2009-10-22 18:35 . 2009-08-10 13:41   --------   d-----w-   c:\program files\Real Alternative
2009-09-27 15:47 . 2009-09-27 15:47   0   ----a-r-   C:\logwmemory.bin
2009-09-27 15:45 . 2009-09-27 15:45   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\Soldat
2009-09-20 07:08 . 2009-08-10 14:56   206256   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-09-20 07:08 . 2009-09-20 07:08   7396   ----a-w-   c:\windows\system32\drivers\pctcore.cat
2009-09-16 16:58 . 2009-08-10 13:08   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\Nowe Gadu-Gadu
2009-09-12 06:44 . 2009-08-10 13:44   --------   d-----w-   c:\documents and settings\xxx\Dane aplikacji\BESTplayer
2009-09-11 14:19 . 2004-08-04 10:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-04 10:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2006-03-04 03:35   916480   ------w-   c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-04 10:00   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-16 19:14 . 2009-08-16 19:15   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-08-10 17:30 . 2009-08-10 17:30   0   ----a-w-   c:\windows\nsreg.dat
2009-08-10 16:14 . 2009-08-10 16:14   685816   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-08-10 13:22 . 2009-08-10 13:22   51600   ----a-w-   c:\windows\system32\RadLightMPCUninstall.exe
2009-08-05 09:01 . 2004-08-04 10:00   205312   ----a-w-   c:\windows\system32\mswebdvd.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp"="C:\hi" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Burning Rom\\nero.exe"=
"c:\\Documents and Settings\\xxx\\Pulpit\\Metin2 pl\\metin2.bin"=
"c:\\Documents and Settings\\xxx\\Moje dokumenty\\Folder Janusza\\Doom2\\skulltag.exe"=
"c:\\Documents and Settings\\xxx\\Moje dokumenty\\Folder Janusza\\Doom2\\IdeSE.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"f:\\Sonic Robo Blast 1.0.9.4\\srb2JTE.exe"=
"c:\\Documents and Settings\\xxx\\Pulpit\\Metin2 pl\\metin2client.bin"=
"f:\\Worms 4\\WORMS 4 MAYHEM\\WORMS 4 MAYHEM.EXE"=
"c:\\Documents and Settings\\xxx\\Moje dokumenty\\Folder Janusza\\lbz\\lbz3d\\tmp\\co_real.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-10 206256]
S3 esihdrv;esihdrv;\??\c:\docume~1\xxx\USTAWI~1\Temp\esihdrv.sys --> c:\docume~1\xxx\USTAWI~1\Temp\esihdrv.sys [?]
S3 KS-959;MA-620 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2009-08-10 19034]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-08-10 348752]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\hypsnsri.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-PrevxRootkitRemovalTool - c:\documents and settings\xxx\Pulpit\gromozon_rootkit_removal.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 08:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x89DEC8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA611B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA611B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA611B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA611B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA611B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA611B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
Czas ukończenia: 2009-11-03  8:53
ComboFix-quarantined-files.txt  2009-11-03 07:48

Przed: 4 954 271 744 bajtów wolnych
Po: 5 393 641 472 bajtów wolnych

- - End Of File - - 611924EE99A2366C832A3C542B8BF6B0

Komputer się ponownie uruchomił i pojawił mi się taki raport o błędach.



Dodatkowo wstawiam logi z Programu hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:07, on 2009-11-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqy
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe" -scan
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248693903703
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5977 bytes

[wojtas]

Otworz notatnik i wklej w nim to:

Kod: Zaznacz wszystko

File::
c:\windows\system32\4.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqyqp"="=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

co do tego skrótu to nie wiem zabardzo jak go naprawić..