TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

Proszę o sprawdzenie loga HijackThis

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź

Proszę o sprawdzenie loga HijackThis

Postprzez longer_007 » 27 Lut 2010, 17:03

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:50, on 2010-02-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8723AE5E-4E2F-4589-9976-A965B8DE42C0}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10227 bytes


Po pierwsze po wciśnięciu Ctrl+Alt+Del wyskakuje "Menadżer zadań został wyłączony przez administratora", polecenie gpedit.msc nie jest dostepna a tryb awaryjny wywala wyjątek krytyczny.
Dodatkowo cały czas wyskakuje instalator programu "Status", prosi o płytę CD ale nie mam pojęcia o co chodzi dokładnie.
longer_007
Forumowicz
Forumowicz
 
Posty: 4
Dołączenie: 27 Lut 2010, 16:57
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez mateo8898 » 27 Lut 2010, 18:42

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Z logu HijackThis się niewiele dowiemy, więc podaj logi z OTL i GMER
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez longer_007 » 27 Lut 2010, 21:45

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

Kod: Zaznacz wszystko
OTL logfile created on: 2010-02-27 20:42:26 - Run 1
OTL by OldTimer - Version 3.1.30.3     Folder = C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178,80 Gb Total Space | 140,72 Gb Free Space | 78,70% Space Free | Partition Type: FAT32
Drive D: | 115,33 Gb Total Space | 88,66 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ESTERKA
Current User Name: ekusia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-02-27 20:41:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-02-21 15:44:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-02-08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010-01-20 13:05:04 | 012,169,832 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-01-11 19:43:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-12 22:06:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:36 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:22 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-03-17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-03-17 17:59:40 | 002,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007-09-12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
PRC - [2007-09-12 18:27:26 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-09-12 18:27:26 | 000,492,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
PRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007-07-05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007-06-29 15:44:06 | 000,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-06-28 17:40:12 | 000,090,112 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007-06-13 15:23:50 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-01 11:00:20 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-06-01 10:48:24 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-06-01 10:41:30 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-05-23 16:56:14 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007-05-14 04:54:36 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007-04-17 13:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007-01-17 10:09:00 | 000,226,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
PRC - [2007-01-13 06:59:00 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007-01-08 09:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006-11-17 18:21:28 | 016,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-11-13 15:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 15:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006-02-19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-02-27 20:41:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2009-11-25 00:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006-08-25 08:51:14 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010-02-27 15:43:24 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009-12-12 22:06:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-25 00:51:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008-03-17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007-09-12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-12 18:27:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-06-01 11:00:20 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-06-01 10:48:24 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-06-01 10:41:30 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-05-14 04:54:36 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007-01-17 08:11:00 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007-01-16 04:40:00 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007-01-08 09:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004-07-15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010-02-27 15:47:46 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-02-27 14:53:00 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-02-16 09:31:32 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100227.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-02-16 09:31:32 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-02-16 09:31:32 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100227.007\NAVENG.SYS -- (NAVENG)
DRV - [2010-02-10 21:11:14 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100224.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009-11-25 00:51:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008-07-12 08:12:20 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-11-13 12:25:56 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-31 17:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-10-01 07:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-08-09 07:29:20 | 005,776,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-08-02 21:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-06-21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R)
DRV - [2007-05-29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-04-14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-27 19:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-01-15 03:22:00 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007-01-15 03:22:00 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007-01-15 03:22:00 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007-01-12 23:32:00 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007-01-12 23:32:00 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007-01-12 23:32:00 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007-01-12 23:32:00 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007-01-12 23:32:00 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007-01-12 23:32:00 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006-12-17 16:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-18 15:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-10-15 19:28:44 | 000,198,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-08-10 14:13:50 | 000,980,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006-03-02 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-10-21 02:47:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001-08-17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
 
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\S-1-5-21-1872343154-3806910920-3962427295-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\S-1-5-21-1872343154-3806910920-3962427295-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-01 18:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-01 18:39:40 | 000,000,000 | ---D | M]
 
[2009-12-01 18:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Mozilla\Extensions
[2009-12-01 18:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Mozilla\Firefox\Profiles\g9jm0bmh.default\extensions
[2009-12-01 18:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2009-12-06 12:43:44 | 000,001,224 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1            activate.adobe.com
O1 - Hosts: 127.0.0.1            practivate.adobe.com
O1 - Hosts: 127.0.0.1            ereg.adobe.com
O1 - Hosts: 127.0.0.1            activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1            wip3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-3.adobe.com
O1 - Hosts: 127.0.0.1            3dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1            adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1            ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1            activate-sea.adobe.com
O1 - Hosts: 127.0.0.1            wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1            activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b]  File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Power2GoExpress]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-12 06:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AUToPlaY\CommanD - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AutoRun\command - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\eXpLore\CoMmand - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\open\cOmMAnD - "" = F:\nbhnep.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-02-27 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-27 15:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton
[2010-02-27 14:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-02-27 14:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010-02-27 14:28:08 | 000,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-02-27 14:28:08 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-02-27 14:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010-02-25 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010-02-25 20:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Dane aplikacji\IObit
[2010-02-25 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-02-25 19:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010-02-25 19:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010-02-25 19:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-02-25 19:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010-02-25 19:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010-02-25 19:26:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010-02-21 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010-02-18 21:55:28 | 300,280,256 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ekusia\Pulpit\X12-46472.exe
[2010-02-11 21:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Pulpit\Zadania - Teoria
[2010-02-11 21:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Pulpit\Zadania - Rozwiązania
[2010-02-05 20:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Dane aplikacji\HpUpdate
[2010-02-05 20:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010-02-03 19:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Xinox Software
[2010-01-31 14:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009-12-27 14:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2009-12-27 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2008-07-12 08:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
[2008-07-12 08:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
[2008-07-12 06:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-07-12 06:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-07-12 06:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-07-12 06:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2007-01-27 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[2004-07-09 04:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2004-07-09 03:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-02-27 20:35:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-27 20:35:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-27 20:35:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-27 20:35:18 | 3212,038,144 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-27 17:08:38 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\ekusia\NTUSER.DAT
[2010-02-27 17:08:38 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ekusia\ntuser.ini
[2010-02-27 15:53:42 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\HijackThis.lnk
[2010-02-27 15:46:44 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2010-02-27 14:53:00 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-02-27 14:53:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-02-27 14:53:00 | 000,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-02-27 14:53:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-02-27 14:45:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - ekusia.job
[2010-02-27 13:50:42 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-27 12:43:20 | 004,230,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-27 12:42:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-25 20:51:12 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Advanced SystemCare.lnk
[2010-02-25 20:51:12 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\IObit Freeware.url
[2010-02-25 19:29:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-02-25 19:27:12 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-22 21:29:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-22 21:27:38 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-22 18:29:50 | 004,319,830 | -H-- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-21 15:49:22 | 000,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010-02-21 15:45:04 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010-02-21 15:44:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010-02-21 15:44:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010-02-21 15:44:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010-02-21 15:40:28 | 000,090,480 | ---- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-18 22:35:20 | 300,280,256 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ekusia\Pulpit\X12-46472.exe
[2010-02-18 19:52:38 | 000,197,140 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\Microsoft-Office-Professional-Plus,Program,Windows,15400.html
[2010-02-11 21:05:46 | 000,722,061 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\mat.rar
[2010-02-10 21:21:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-09 18:13:56 | 000,000,268 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-03 07:47:46 | 000,420,931 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\Esmertec Java.zip
[2010-01-31 21:04:56 | 001,280,000 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\po śląsku
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-02-27 15:53:40 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\HijackThis.lnk
[2010-02-27 14:54:24 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\coh.cache
[2010-02-27 14:45:19 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - ekusia.job
[2010-02-27 14:28:08 | 000,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-02-27 14:28:08 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-02-25 20:51:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Advanced SystemCare.lnk
[2010-02-25 20:51:10 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\IObit Freeware.url
[2010-02-21 15:49:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010-02-21 15:45:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-21 15:45:08 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-18 19:52:35 | 000,197,140 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\Microsoft-Office-Professional-Plus,Program,Windows,15400.html
[2010-02-16 18:20:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-02-11 21:05:42 | 000,722,061 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\mat.rar
[2010-02-03 07:47:44 | 000,420,931 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\Esmertec Java.zip
[2010-01-31 21:04:44 | 001,280,000 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\po śląsku
[2009-12-27 14:55:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-27 14:55:54 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-27 14:55:54 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-20 09:24:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ekusia\Dane aplikacji\$_hpcst$.hpc
[2009-12-17 18:57:53 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-03 20:29:30 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-12-01 18:50:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-12-01 18:50:55 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-12-01 18:50:54 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-01 16:13:03 | 005,227,462 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Install.exe
[2009-12-01 16:13:03 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-10-20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008-07-12 07:23:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008-07-12 07:19:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008-07-12 07:04:48 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008-07-12 07:04:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4859.dll
[2008-07-12 07:04:48 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008-07-12 02:20:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-10-01 07:59:45 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007-05-09 08:16:39 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006-12-05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006-08-27 11:39:35 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2006-08-27 11:39:35 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-05-16 07:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006-01-06 11:16:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini
[2005-07-22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-22 10:51:34 | 003,432,656 | ---- | C] () -- C:\Program Files\ManagedDX.CAB
[2004-07-19 22:58:36 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2004-07-19 22:53:26 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2004-07-09 14:17:16 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab
[2004-07-09 09:13:48 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab
[2004-07-09 09:13:46 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2008-07-12 08:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010-02-25 19:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-01 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10
[2009-12-06 17:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Opera
[2009-12-11 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Wireshark
[2009-12-15 19:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\GHISLER
[2010-02-25 20:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\IObit
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
longer_007
Forumowicz
Forumowicz
 
Posty: 4
Dołączenie: 27 Lut 2010, 16:57
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez longer_007 » 27 Lut 2010, 21:53

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

Kod: Zaznacz wszystko
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-27 20:53:16
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ekusia\USTAWI~1\Temp\kfrdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                   aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \FileSystem\Fastfat \Fat                 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                 aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp              aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
longer_007
Forumowicz
Forumowicz
 
Posty: 4
Dołączenie: 27 Lut 2010, 16:57
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez mateo8898 » 27 Lut 2010, 22:36

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] File not found
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Power2GoExpress] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AUToPlaY\CommanD - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AutoRun\command - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\eXpLore\CoMmand - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\open\cOmMAnD - "" = F:\nbhnep.exe -- File not found

:Files
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
C:\WINDOWS\System32\acovcnt.exe
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job

:Commands
[emptytemp]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie wylecz/usuń i daj raport (Plik -> Zapisz Listę Raportu)
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez longer_007 » 28 Lut 2010, 11:53

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

Kod: Zaznacz wszystko
A0008523.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP47   Win32.Sector.12   Wyleczony.
A0008837.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP48   Win32.Sector.12   Wyleczony.
A0008925.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP48   Win32.Sector.12   Wyleczony.
A0009429.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0009848.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0009951.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0010099.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0010581.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0011693.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0011901.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0011979.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49   Win32.Sector.12   Wyleczony.
A0012235.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP50   Win32.Sector.12   Wyleczony.
A0013789.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0013987.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014142.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014231.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014347.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014488.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014624.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51   Win32.Sector.12   Wyleczony.
A0014933.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP52   Win32.Sector.12   Wyleczony.
A0015354.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP53   Win32.Sector.12   Wyleczony.
A0016238.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016239.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016240.scr   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016241.EXE   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016242.EXE   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016243.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016244.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016245.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016246.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016247.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016248.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016249.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016250.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016251.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016252.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016253.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016254.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016255.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016256.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016257.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016258.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
A0016260.exe   D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57   Win32.Sector.12   Wyleczony.
index.htm\JavaScript.0   D:\WYKŁADY\WYKŁADY\SEMESTR II\SYSTEMY OPERACYJNE\infolinux_pl\www_infolinux_pl\images\index.htm   Trojan.Nazwa   
index.htm   D:\WYKŁADY\WYKŁADY\SEMESTR II\SYSTEMY OPERACYJNE\infolinux_pl\www_infolinux_pl\images   Kontener zawiera zainfekowane obiekty   Przeniesiony.
longer_007
Forumowicz
Forumowicz
 
Posty: 4
Dołączenie: 27 Lut 2010, 16:57
Góra

Re: Proszę o sprawdzenie loga HijackThis

Postprzez mateo8898 » 28 Lut 2010, 15:35

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

A no właśnie, tu jest Sality. Zastosuj się do tej instrukcji -> viewtopic.php?f=22&t=20698#p111372
Następnie pobierz Combofix, przeskanuj system i daj log.
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Zarejestrowani użytkownicy: Brak zarejestrowanych użytkowników

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności
cron