
Ratujcie...! Dołączam log z HiJacka, SilentRunners i RSIT.
- Kod: Zaznacz wszystko
- Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 09:33:16, on 2009-09-13
 Platform: Windows Vista (WinNT 6.00.1904)
 MSIE: Internet Explorer v7.00 (7.00.6000.16386)
 Boot mode: Normal
 Running processes:
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Program Files\Windows Defender\MSASCui.exe
 D:\Programy\Avast\ashDisp.exe
 D:\Programy\Winamp\winampa.exe
 C:\Program Files\Vtune\TBPANEL.exe
 C:\Windows\System32\rundll32.exe
 C:\Windows\System32\rundll32.exe
 D:\Programy\Java\bin\jusched.exe
 D:\Programy\Nowe Gadu-Gadu\gg.exe
 C:\Program Files\Planet WL-U350\WlanMonitor.exe
 C:\Windows\system32\taskeng.exe
 D:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe
 C:\Windows\system32\conime.exe
 D:\Programy\Spybot - Search & Destroy\SpybotSD.exe
 D:\Programy\Avast\ashSimpl.exe
 D:\Programy\Mozilla Firefox\firefox.exe
 C:\Program Files\trend micro\Norbert.exe
 D:\Programy\HijackThis\HijackThis.exe
 C:\Windows\system32\DllHost.exe
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
 O1 - Hosts: ::1 localhost
 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll
 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll
 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
 O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
 O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\bin\jusched.exe"
 O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
 O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Nowe Gadu-Gadu\gg.exe"
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
 O4 - Startup: Configuration & Monitor Utility.lnk = ?
 O13 - Gopher Prefix:
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
 O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
 O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
 --
 End of file - 4075 bytes
- Kod: Zaznacz wszystko
- "Silent Runners.vbs", revision 59, http://www.silentrunners.org/
 Operating System: Windows Vista
 Output limited to non-default values, except where indicated by "{++}"
 Startup items buried in registry:
 ---------------------------------
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" [file not found]
 "Nowe Gadu-Gadu" = ""D:\Programy\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
 "avast!" = "D:\Programy\Avast\ashDisp.exe" ["ALWIL Software"]
 "WinampAgent" = "D:\Programy\Winamp\winampa.exe" [null data]
 "TBPanel" = "C:\Program Files\Vtune\TBPanel.exe /A" [null data]
 "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
 "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
 "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
 "SunJavaUpdateSched" = ""D:\Programy\Java\bin\jusched.exe"" ["Sun Microsystems, Inc."]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
 \InProcServer32\(Default) = "D:\Programy\Java\bin\ssv.dll" ["Sun Microsystems, Inc."]
 {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
 \InProcServer32\(Default) = "D:\Programy\Java\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
 -> {HKLM...CLSID} = "avast"
 \InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
 "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
 -> {HKLM...CLSID} = "DesktopContext Class"
 \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
 "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
 -> {HKLM...CLSID} = "NVIDIA CPL Extension"
 \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
 <<!>> "BootExecute" = "autocheck autochk *"|"aswBoot.exe /A:"C:\Program Files;C:\ProgramData;C:\Windows" /L:"English" /KBD:2" ["ALWIL Software"]
 HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
 -> {HKLM...CLSID} = "avast"
 \InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
 HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
 HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
 -> {HKLM...CLSID} = "avast"
 \InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
 Group Policies {GPedit.msc branch and setting}:
 -----------------------------------------------
 Note: detected settings may not have any effect.
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
 "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Behavior Of The Elevation Prompt For Standard Users}
 "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Detect Application Installations And Prompt For Elevation}
 "EnableLUA" = (REG_DWORD) dword:0x00000000
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Run All Administrators In Admin Approval Mode}
 "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Only elevate UIAccess applications that are installed in secure locations}
 "EnableVirtualization" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Virtualize file and registry write failures to per-user locations}
 "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Switch to the secure desktop when prompting for elevation}
 "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Shutdown: Allow system to be shut down without having to log on}
 "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Devices: Allow undock without having to log on}
 "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 User Account Control: Admin Approval Mode for the Built-in Administrator Account}
 Active Desktop and Wallpaper:
 -----------------------------
 Active Desktop may be disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
 HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
 "Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures\LewJudy.jpg"
 Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Users\Norbert\Pictures\LewJudy.jpg"
 Enabled Screen Saver:
 ---------------------
 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "C:\Windows\system32\AvastSS.scr" ["ALWIL Software"]
 Windows Portable Device AutoPlay Handlers
 -----------------------------------------
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 MPCPlayCDAudioOnArrival\
 "Provider" = "Media Player Classic"
 "InvokeProgID" = "MediaPlayerClassic.Autorun"
 "InvokeVerb" = "PlayCDAudio"
 HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"]
 MPCPlayDVDMovieOnArrival\
 "Provider" = "Media Player Classic"
 "InvokeProgID" = "MediaPlayerClassic.Autorun"
 "InvokeVerb" = "PlayDVDMovie"
 HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]
 MPCPlayMusicFilesOnArrival\
 "Provider" = "Media Player Classic"
 "InvokeProgID" = "MediaPlayerClassic.Autorun"
 "InvokeVerb" = "PlayMusicFiles"
 HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]
 MPCPlayVideoFilesOnArrival\
 "Provider" = "Media Player Classic"
 "InvokeProgID" = "MediaPlayerClassic.Autorun"
 "InvokeVerb" = "PlayVideoFiles"
 HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]
 VLCPlayCDAudioOnArrival\
 "Provider" = "VideoLAN VLC media player"
 "InvokeProgID" = "VLC.CDAudio"
 "InvokeVerb" = "play"
 HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = ""D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]
 VLCPlayDVDMovieOnArrival\
 "Provider" = "VideoLAN VLC media player"
 "InvokeProgID" = "VLC.DVDMovie"
 "InvokeVerb" = "play"
 HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = ""D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]
 WinampMTPHandler\
 "Provider" = "Winamp"
 "ProgID" = "Shell.HWEventHandlerShellExecute"
 "InitCmdLine" = "D:\Programy\Winamp\winamp.exe"
 HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
 -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
 \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
 WinampPlayMediaOnArrival\
 "Provider" = "Winamp"
 "InvokeProgID" = "Winamp.File"
 "InvokeVerb" = "Play"
 HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""D:\Programy\Winamp\winamp.exe" "%1"" ["Nullsoft"]
 HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
 -> {HKLM...CLSID} = (no title provided)
 \LocalServer32\(Default) = ""D:\Programy\Winamp\winamp.exe"" ["Nullsoft"]
 Startup items in "Norbert" & "All Users" startup folders:
 ---------------------------------------------------------
 C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 "Configuration & Monitor Utility" -> shortcut to: "C:\Program Files\Planet WL-U350\WlanMonitor.exe" ["ATMEL"]
 Non-disabled Scheduled Tasks:
 -----------------------------
 C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
 "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
 "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
 -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
 \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
 "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
 -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
 \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
 "UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
 -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
 \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
 "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
 "OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
 "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
 "Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
 "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
 "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
 "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
 "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
 "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
 "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
 -> {HKLM...CLSID} = "HotStart User Agent"
 \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
 "TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
 -> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
 \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\MUI
 "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
 "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
 -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
 \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
 "NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
 -> {HKLM...CLSID} = "Nap ITask Handler Implementation"
 \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
 "ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\RAC
 "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
 "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Shell
 "CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
 -> {HKLM...CLSID} = "CrawlStartPages Task Handler"
 \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
 "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
 -> {HKLM...CLSID} = "GadgetsManager Class"
 \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
 "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
 "IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
 "IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
 "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
 -> {HKLM...CLSID} = "MsCtfMonitor task handler"
 \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
 "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\WDI
 "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
 -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
 \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
 "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
 C:\Windows\System32\Tasks\Microsoft\Windows\Wired
 "GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]
 C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
 "GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]
 C:\Windows\System32\Tasks\Microsoft\Windows Defender
 "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
 Winsock2 Service Provider DLLs:
 -------------------------------
 Namespace Service Providers
 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
 Transport Service Providers
 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\mswsock.dll [MS], 01 - 18
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
 avast! Antivirus, avast! Antivirus, ""D:\Programy\Avast\ashServ.exe"" ["ALWIL Software"]
 avast! iAVS4 Control Service, aswUpdSv, ""D:\Programy\Avast\aswUpdSv.exe"" ["ALWIL Software"]
 avast! Mail Scanner, avast! Mail Scanner, ""D:\Programy\Avast\ashMaiSv.exe" /service" ["ALWIL Software"]
 avast! Web Scanner, avast! Web Scanner, ""D:\Programy\Avast\ashWebSv.exe" /service" ["ALWIL Software"]
 EvdoServer, EvdoServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\EvdoServer.dll" ["X-Ways Software Technology"]}
 Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
 Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
 SBSD Security Center Service, SBSDWSCService, "D:\Programy\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]
 sofatnet Service, sofatnet, "C:\Windows\system32\sofatnet.exe" ["Sigma Designs Inc"]
 Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
 Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
 ---------- (launch time: 2009-09-13 09:31:54)
 <<!>>: Suspicious data at a malware launch point.
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + To search all directories of local fixed drives for DESKTOP.INI
 DLL launch points, use the -supp parameter or answer "No" at the
 first message box and "Yes" at the second message box.
 ---------- (total run time: 30 seconds, including 5 seconds for message boxes)
- Kod: Zaznacz wszystko
- Logfile of random's system information tool 1.06 (written by random/random)
 Run by Norbert at 2009-09-13 09:33:43
 Microsoft® Windows Vista™ Home Premium
 System drive C: has 85 GB (85%) free of 100 GB
 Total RAM: 2047 MB (67% free)
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 09:33:45, on 2009-09-13
 Platform: Windows Vista (WinNT 6.00.1904)
 MSIE: Internet Explorer v7.00 (7.00.6000.16386)
 Boot mode: Normal
 Running processes:
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Program Files\Windows Defender\MSASCui.exe
 D:\Programy\Avast\ashDisp.exe
 D:\Programy\Winamp\winampa.exe
 C:\Program Files\Vtune\TBPANEL.exe
 C:\Windows\System32\rundll32.exe
 C:\Windows\System32\rundll32.exe
 D:\Programy\Java\bin\jusched.exe
 D:\Programy\Nowe Gadu-Gadu\gg.exe
 C:\Program Files\Planet WL-U350\WlanMonitor.exe
 C:\Windows\system32\taskeng.exe
 D:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe
 C:\Windows\system32\conime.exe
 D:\Programy\Spybot - Search & Destroy\SpybotSD.exe
 D:\Programy\Avast\ashSimpl.exe
 D:\Programy\Mozilla Firefox\firefox.exe
 C:\Program Files\trend micro\Norbert.exe
 C:\Windows\System32\WScript.exe
 D:\Programy\RSIT.exe
 D:\Programy\HijackThis\Norbert.exe
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
 O1 - Hosts: ::1 localhost
 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll
 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll
 O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
 O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
 O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\bin\jusched.exe"
 O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
 O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Nowe Gadu-Gadu\gg.exe"
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
 O4 - Startup: Configuration & Monitor Utility.lnk = ?
 O13 - Gopher Prefix:
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
 O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
 O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
 --
 End of file - 4094 bytes
 ======Registry dump======
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
 Java(tm) Plug-In SSV Helper - D:\Programy\Java\bin\ssv.dll [2009-09-10 321312]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
 Java(tm) Plug-In 2 SSV Helper - D:\Programy\Java\bin\jp2ssv.dll [2009-09-10 41760]
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
 "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
 "avast!"=D:\Programy\Avast\ashDisp.exe [2009-08-17 81000]
 "WinampAgent"=D:\Programy\Winamp\winampa.exe [2009-07-01 58368]
 "TBPanel"=C:\Program Files\Vtune\TBPanel.exe [2008-01-29 2170880]
 "NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-08 86016]
 "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-08 8530464]
 "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-08 81920]
 "SunJavaUpdateSched"=D:\Programy\Java\bin\jusched.exe [2009-09-10 149280]
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
 "Gadu-Gadu"=D:\Programy\Gadu-Gadu\gg.exe /tray []
 "Nowe Gadu-Gadu"=D:\Programy\Nowe Gadu-Gadu\gg.exe [2009-09-12 11391592]
 C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 Configuration & Monitor Utility.lnk - C:\Program Files\Planet WL-U350\WlanMonitor.exe
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
 "EnableLUA"=0
 "dontdisplaylastusername"=0
 "legalnoticecaption"=
 "legalnoticetext"=
 "shutdownwithoutlogon"=1
 "undockwithoutlogon"=1
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 "C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{836621e5-9dfe-11de-beed-806e6f6e6963}]
 shell\AutoRun\command - F:\Nvsetup.exe
 ======List of files/folders created in the last 1 months======
 2013-09-08 13:18:42 ----A---- C:\Windows\system32\W32N50.dll
 2009-09-13 09:32:08 ----D---- C:\rsit
 2009-09-13 09:32:08 ----D---- C:\Program Files\trend micro
 2009-09-12 11:47:14 ----D---- C:\ProgramData\OpenFM
 2009-09-12 11:47:13 ----D---- C:\Users\Norbert\AppData\Roaming\OpenFM
 2009-09-12 11:43:15 ----D---- C:\Users\Norbert\AppData\Roaming\Nowe Gadu-Gadu
 2009-09-11 13:23:57 ----D---- C:\Users\Norbert\AppData\Roaming\WinRAR
 2009-09-11 13:21:46 ----A---- C:\Windows\WORDPAD.INI
 2009-09-10 20:57:07 ----AD---- C:\ProgramData\TEMP
 2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvunrar36.dll
 2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvunace26.dll
 2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvcabinet.dll
 2009-09-10 20:31:35 ----A---- C:\Windows\system32\unrar3.dll
 2009-09-10 20:31:35 ----A---- C:\Windows\system32\unacev2.dll
 2009-09-10 20:10:41 ----A---- C:\Windows\system32\javaws.exe
 2009-09-10 20:10:41 ----A---- C:\Windows\system32\javaw.exe
 2009-09-10 20:10:41 ----A---- C:\Windows\system32\java.exe
 2009-09-10 20:10:41 ----A---- C:\Windows\system32\deploytk.dll
 2009-09-10 15:24:57 ----D---- C:\ProgramData\Spybot - Search & Destroy
 2009-09-10 15:05:46 ----D---- C:\ProgramData\NVIDIA
 2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvexpbar.dll
 2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvcpluir.dll
 2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvcplui.exe
 2009-09-10 15:03:25 ----A---- C:\Windows\system32\NVUNINST.EXE
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwssr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwss.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwgf2um.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvvitvsr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvvitvs.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvudisp.exe
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvsvc.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvoglv32.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmoblsr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmobls.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmctray.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccssr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccss.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccsrs.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccs.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvgamesr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvgames.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvdispsr.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvdisps.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvd3dum.dll
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvcolor.exe
 2009-09-10 15:03:18 ----A---- C:\Windows\system32\dpinst.exe
 2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcpl.dll
 2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcod100.dll
 2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcod.dll
 2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvapi.dll
 2009-09-10 15:00:15 ----A---- C:\Windows\ntbtlog.txt
 2009-09-10 14:51:24 ----A---- C:\Windows\DFC.INI
 2009-09-10 14:45:43 ----D---- C:\Users\Norbert\AppData\Roaming\Gadu-Gadu
 2009-09-10 14:39:06 ----A---- C:\Windows\system32\xactengine2_10.dll
 2009-09-10 14:39:06 ----A---- C:\Windows\system32\d3dx10_36.dll
 2009-09-10 14:39:06 ----A---- C:\Windows\system32\D3DCompiler_36.dll
 2009-09-10 14:39:05 ----A---- C:\Windows\system32\xactengine2_9.dll
 2009-09-10 14:39:05 ----A---- C:\Windows\system32\d3dx9_36.dll
 2009-09-10 14:39:05 ----A---- C:\Windows\system32\d3dx10_35.dll
 2009-09-10 14:39:05 ----A---- C:\Windows\system32\D3DCompiler_35.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\xinput1_3.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\xactengine2_8.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx9_35.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx9_34.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx10_34.dll
 2009-09-10 14:39:04 ----A---- C:\Windows\system32\D3DCompiler_34.dll
 2009-09-10 14:39:03 ----A---- C:\Windows\system32\xactengine2_7.dll
 2009-09-10 14:39:03 ----A---- C:\Windows\system32\d3dx9_33.dll
 2009-09-10 14:39:03 ----A---- C:\Windows\system32\d3dx10_33.dll
 2009-09-10 14:39:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
 2009-09-10 14:39:02 ----A---- C:\Windows\system32\xactengine2_6.dll
 2009-09-10 14:39:02 ----A---- C:\Windows\system32\xactengine2_5.dll
 2009-09-10 14:39:02 ----A---- C:\Windows\system32\d3dx9_32.dll
 2009-09-10 14:39:02 ----A---- C:\Windows\system32\d3dx10.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\xinput1_2.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_4.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_3.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_2.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
 2009-09-10 14:39:01 ----A---- C:\Windows\system32\d3dx9_31.dll
 2009-09-10 14:39:00 ----A---- C:\Windows\system32\xinput1_1.dll
 2009-09-10 14:39:00 ----A---- C:\Windows\system32\xactengine2_1.dll
 2009-09-10 14:38:55 ----A---- C:\Windows\system32\xactengine2_0.dll
 2009-09-10 14:38:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
 2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_30.dll
 2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_29.dll
 2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_28.dll
 2009-09-10 14:38:54 ----A---- C:\Windows\system32\d3dx9_27.dll
 2009-09-10 14:38:54 ----A---- C:\Windows\system32\d3dx9_26.dll
 2009-09-10 14:38:53 ----A---- C:\Windows\system32\d3dx9_25.dll
 2009-09-10 14:38:53 ----A---- C:\Windows\system32\d3dx9_24.dll
 2009-09-10 14:38:15 ----D---- C:\Program Files\Vtune
 2009-09-10 14:38:12 ----D---- C:\Windows\Panther
 2009-09-10 14:38:00 ----RAS---- C:\BOOTSECT.BAK
 2009-09-10 14:37:59 ----SHD---- C:\Boot
 2009-09-10 14:22:41 ----D---- C:\Users\Norbert\AppData\Roaming\Macromedia
 2009-09-10 14:22:41 ----D---- C:\Users\Norbert\AppData\Roaming\Adobe
 2009-09-10 14:21:01 ----D---- C:\Windows\Minidump
 2009-09-10 14:05:22 ----D---- C:\Program Files\Intel
 2009-09-10 14:02:40 ----D---- C:\Users\Norbert\AppData\Roaming\vlc
 2009-09-10 14:02:33 ----D---- C:\Program Files\Common Files\PX Storage Engine
 2009-09-10 14:02:32 ----D---- C:\Users\Norbert\AppData\Roaming\Winamp
 2009-09-10 14:02:02 ----A---- C:\Windows\system32\rmoc3260.dll
 2009-09-10 14:02:02 ----A---- C:\Windows\system32\pndx5032.dll
 2009-09-10 14:02:02 ----A---- C:\Windows\system32\pndx5016.dll
 2009-09-10 14:02:02 ----A---- C:\Windows\system32\pncrt.dll
 2009-09-10 14:02:01 ----D---- C:\Users\Norbert\AppData\Roaming\Real
 2009-09-10 14:02:01 ----D---- C:\ProgramData\Real
 2009-09-10 14:01:41 ----A---- C:\Windows\system32\unrar.dll
 2009-09-10 14:01:41 ----A---- C:\Windows\avisplitter.ini
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\yv12vfw.dll
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\xvidvfw.dll
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\xvidcore.dll
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\qt-dx331.dll
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\dpl100.dll
 2009-09-10 14:01:40 ----A---- C:\Windows\system32\divx.dll
 2009-09-10 14:01:39 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
 2009-09-10 14:01:39 ----A---- C:\Windows\system32\ff_vfw.dll
 2009-09-10 14:01:08 ----A---- C:\Windows\system32\MSVCR71.dll
 2009-09-10 14:01:08 ----A---- C:\Windows\system32\MSVCP71.dll
 2009-09-10 14:01:08 ----A---- C:\Windows\system32\MFC71.dll
 2009-09-10 14:01:08 ----A---- C:\Windows\system32\aswBoot.exe
 2009-09-10 14:00:46 ----D---- C:\Program Files\InstallShield Installation Information
 2009-09-10 14:00:44 ----D---- C:\Windows\system32\Macromed
 2009-09-10 14:00:43 ----D---- C:\Program Files\Planet WL-U350
 2009-09-10 14:00:28 ----D---- C:\Program Files\Common Files\InstallShield
 2009-09-10 14:00:27 ----SHD---- C:\Windows\Installer
 2009-09-10 13:55:34 ----D---- C:\Users\Norbert\AppData\Roaming\Mozilla
 2009-09-10 13:52:41 ----D---- C:\Users\Norbert\AppData\Roaming\Identities
 2009-09-10 13:52:36 ----SD---- C:\Users\Norbert\AppData\Roaming\Microsoft
 2009-09-10 13:52:36 ----D---- C:\Users\Norbert\AppData\Roaming\Media Center Programs
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Ulubione
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Szablony
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Pulpit
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Menu Start
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Dokumenty
 2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Dane aplikacji
 2009-09-10 13:41:16 ----D---- C:\Windows\SoftwareDistribution
 2009-09-10 13:40:20 ----D---- C:\Windows\system32\catroot2
 2009-09-10 13:40:10 ----D---- C:\Windows\Debug
 2009-09-10 13:39:06 ----D---- C:\Windows\Prefetch
 2009-09-10 13:38:56 ----SHD---- C:\System Volume Information
 ======List of files/folders modified in the last 1 months======
 2009-09-13 09:33:44 ----D---- C:\Windows\Temp
 2009-09-13 09:32:08 ----RD---- C:\Program Files
 2009-09-13 09:17:55 ----D---- C:\Windows\System32
 2009-09-13 09:17:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
 2009-09-13 09:17:54 ----D---- C:\Windows\inf
 2009-09-13 01:08:30 ----D---- C:\Windows
 2009-09-12 11:58:22 ----HD---- C:\Windows\system32\GroupPolicy
 2009-09-12 11:58:22 ----HD---- C:\ProgramData
 2009-09-12 11:43:32 ----D---- C:\Windows\winsxs
 2009-09-12 11:43:20 ----D---- C:\Program Files\Common Files\microsoft shared
 2009-09-11 15:48:26 ----D---- C:\Windows\system32\WDI
 2009-09-10 15:03:46 ----D---- C:\Windows\Help
 2009-09-10 15:03:42 ----D---- C:\Windows\system32\drivers
 2009-09-10 15:03:40 ----D---- C:\Windows\system32\catroot
 2009-09-10 15:03:03 ----RSD---- C:\Windows\assembly
 2009-09-10 14:51:31 ----SD---- C:\Windows\Downloaded Program Files
 2009-09-10 14:38:56 ----D---- C:\Windows\Microsoft.NET
 2009-09-10 14:37:59 ----D---- C:\Windows\system32\pl-PL
 2009-09-10 14:23:43 ----SD---- C:\ProgramData\Microsoft
 2009-09-10 14:02:33 ----D---- C:\Program Files\Common Files
 2009-09-10 14:00:29 ----D---- C:\Windows\system32\restore
 2009-09-10 13:52:50 ----SHD---- C:\$Recycle.Bin
 2009-09-10 13:52:35 ----RD---- C:\Users
 2009-09-10 13:51:37 ----D---- C:\Windows\rescache
 2009-09-10 13:51:06 ----D---- C:\Program Files\Windows NT
 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
 R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
 R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
 R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
 R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
 R2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
 R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
 R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-08 8236960]
 R3 PLANET FVNETusb (AR)(R);PLANET FVNETusb (AR)(R) Service for PLANET WL-U350 Wireless USB Adapter; C:\Windows\system32\DRIVERS\vnetusbr.sys [2003-01-17 93312]
 R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
 S3 Cardex;Cardex; \??\C:\Windows\system32\drivers\TBPANEL.SYS [2007-03-16 12256]
 S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
 S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-09-10 14656]
 S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
 S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
 S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
 S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
 S3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
 S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
 ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 R2 aswUpdSv;avast! iAVS4 Control Service; D:\Programy\Avast\aswUpdSv.exe [2009-08-17 18752]
 R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\ashServ.exe [2009-08-17 138680]
 R2 EvdoServer;EvdoServer; C:\Windows\system32\svchost.exe [2006-11-02 22016]
 R2 SBSDWSCService;SBSD Security Center Service; D:\Programy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
 R2 sofatnet;sofatnet Service; C:\Windows\system32\sofatnet.exe [2006-11-02 115200]
 R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\ashMaiSv.exe [2009-08-17 254040]
 R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\ashWebSv.exe [2009-08-17 352920]
 -----------------EOF-----------------
Dodano 13 Wrz 2009, 09:44:
Dołączam jeszcze screena z problemu, który mam z sytemem:

Nie działa mi łącze microsoft.com... Niech pomoże ktoś bardzo obeznany, to jest ciężka sprawa.


 
	





 Może coś przeoczyłem, ale wydaje mi się że jest czysty...
 Może coś przeoczyłem, ale wydaje mi się że jest czysty... 




