Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Proszę o sprawdzenie loga HijackThis
27 Lut 2010, 17:03
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:50, on 2010-02-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8723AE5E-4E2F-4589-9976-A965B8DE42C0}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 10227 bytes
Po pierwsze po wciśnięciu Ctrl+Alt+Del wyskakuje "Menadżer zadań został wyłączony przez administratora", polecenie gpedit.msc nie jest dostepna a tryb awaryjny wywala wyjątek krytyczny.
Dodatkowo cały czas wyskakuje instalator programu "Status", prosi o płytę CD ale nie mam pojęcia o co chodzi dokładnie.
Re: Proszę o sprawdzenie loga HijackThis
27 Lut 2010, 18:42
Re: Proszę o sprawdzenie loga HijackThis
27 Lut 2010, 21:45
- Kod:
OTL logfile created on: 2010-02-27 20:42:26 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178,80 Gb Total Space | 140,72 Gb Free Space | 78,70% Space Free | Partition Type: FAT32
Drive D: | 115,33 Gb Total Space | 88,66 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ESTERKA
Current User Name: ekusia
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010-02-27 20:41:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-02-21 15:44:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-02-08 11:02:10 | 002,343,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010-01-20 13:05:04 | 012,169,832 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-01-11 19:43:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-12 22:06:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:36 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:22 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-03-17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-03-17 17:59:40 | 002,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007-09-12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
PRC - [2007-09-12 18:27:26 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-09-12 18:27:26 | 000,492,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
PRC - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007-07-05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007-06-29 15:44:06 | 000,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007-06-28 17:40:12 | 000,090,112 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007-06-13 15:23:50 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-01 11:00:20 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-06-01 10:48:24 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-06-01 10:41:30 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-05-23 16:56:14 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007-05-14 04:54:36 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007-04-17 13:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007-01-17 10:09:00 | 000,226,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
PRC - [2007-01-13 06:59:00 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007-01-08 09:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006-11-17 18:21:28 | 016,270,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-11-13 15:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 15:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006-02-19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010-02-27 20:41:48 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ekusia\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2009-11-25 00:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006-08-25 08:51:14 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010-02-27 15:43:24 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009-12-12 22:06:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-25 00:51:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008-03-17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007-09-12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-12 18:27:26 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-08-03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-06-01 11:00:20 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-06-01 10:48:24 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-06-01 10:41:30 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-05-14 04:54:36 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007-02-25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007-01-17 08:11:00 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007-01-16 04:40:00 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007-01-13 06:59:00 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007-01-08 09:19:00 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004-07-15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010-02-27 15:47:46 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-02-27 14:53:00 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-02-16 09:31:32 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100227.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-02-16 09:31:32 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-02-16 09:31:32 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100227.007\NAVENG.SYS -- (NAVENG)
DRV - [2010-02-10 21:11:14 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100224.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009-11-25 00:51:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-10-20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008-07-12 08:12:20 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-11-13 12:25:56 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-31 17:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-10-01 07:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-08-09 07:29:20 | 005,776,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-08-02 21:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-06-21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R)
DRV - [2007-05-29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-04-14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-27 19:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-01-15 03:22:00 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007-01-15 03:22:00 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007-01-15 03:22:00 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007-01-12 23:32:00 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007-01-12 23:32:00 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007-01-12 23:32:00 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007-01-12 23:32:00 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007-01-12 23:32:00 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007-01-12 23:32:00 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006-12-17 16:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-18 15:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-10-15 19:28:44 | 000,198,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-08-10 14:13:50 | 000,980,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006-03-02 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-10-21 02:47:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2001-08-17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\S-1-5-21-1872343154-3806910920-3962427295-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\S-1-5-21-1872343154-3806910920-3962427295-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-01 18:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-01 18:39:40 | 000,000,000 | ---D | M]
[2009-12-01 18:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Mozilla\Extensions
[2009-12-01 18:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Mozilla\Firefox\Profiles\g9jm0bmh.default\extensions
[2009-12-01 18:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2009-12-06 12:43:44 | 000,001,224 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-12 06:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AUToPlaY\CommanD - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AutoRun\command - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\eXpLore\CoMmand - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\open\cOmMAnD - "" = F:\nbhnep.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-02-27 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-27 15:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton
[2010-02-27 14:54:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-02-27 14:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010-02-27 14:28:08 | 000,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-02-27 14:28:08 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-02-27 14:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010-02-25 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010-02-25 20:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Dane aplikacji\IObit
[2010-02-25 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-02-25 19:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010-02-25 19:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010-02-25 19:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-02-25 19:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010-02-25 19:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010-02-25 19:26:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010-02-21 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010-02-18 21:55:28 | 300,280,256 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ekusia\Pulpit\X12-46472.exe
[2010-02-11 21:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Pulpit\Zadania - Teoria
[2010-02-11 21:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Pulpit\Zadania - Rozwiązania
[2010-02-05 20:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ekusia\Dane aplikacji\HpUpdate
[2010-02-05 20:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010-02-03 19:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Xinox Software
[2010-01-31 14:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009-12-27 14:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2009-12-27 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2008-07-12 08:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
[2008-07-12 08:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
[2008-07-12 06:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-07-12 06:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-07-12 06:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-07-12 06:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2007-01-27 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[2004-07-09 04:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2004-07-09 03:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010-02-27 20:35:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-27 20:35:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-27 20:35:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-27 20:35:18 | 3212,038,144 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-27 17:08:38 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\ekusia\NTUSER.DAT
[2010-02-27 17:08:38 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ekusia\ntuser.ini
[2010-02-27 15:53:42 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\HijackThis.lnk
[2010-02-27 15:46:44 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\coh.cache
[2010-02-27 14:53:00 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-02-27 14:53:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-02-27 14:53:00 | 000,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-02-27 14:53:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-02-27 14:45:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - ekusia.job
[2010-02-27 13:50:42 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-27 12:43:20 | 004,230,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-27 12:42:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-25 20:51:12 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Advanced SystemCare.lnk
[2010-02-25 20:51:12 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\IObit Freeware.url
[2010-02-25 19:29:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-02-25 19:27:12 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-22 21:29:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-22 21:27:38 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-22 18:29:50 | 004,319,830 | -H-- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-21 15:49:22 | 000,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010-02-21 15:45:04 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010-02-21 15:44:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010-02-21 15:44:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010-02-21 15:44:40 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010-02-21 15:40:28 | 000,090,480 | ---- | M] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-18 22:35:20 | 300,280,256 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ekusia\Pulpit\X12-46472.exe
[2010-02-18 19:52:38 | 000,197,140 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\Microsoft-Office-Professional-Plus,Program,Windows,15400.html
[2010-02-11 21:05:46 | 000,722,061 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\mat.rar
[2010-02-10 21:21:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-09 18:13:56 | 000,000,268 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-03 07:47:46 | 000,420,931 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\Esmertec Java.zip
[2010-01-31 21:04:56 | 001,280,000 | ---- | M] () -- C:\Documents and Settings\ekusia\Pulpit\po śląsku
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010-02-27 15:53:40 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\HijackThis.lnk
[2010-02-27 14:54:24 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\coh.cache
[2010-02-27 14:45:19 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - ekusia.job
[2010-02-27 14:28:08 | 000,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-02-27 14:28:08 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-02-25 20:51:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Advanced SystemCare.lnk
[2010-02-25 20:51:10 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\IObit Freeware.url
[2010-02-21 15:49:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010-02-21 15:45:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-21 15:45:08 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
[2010-02-18 19:52:35 | 000,197,140 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\Microsoft-Office-Professional-Plus,Program,Windows,15400.html
[2010-02-16 18:20:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-02-11 21:05:42 | 000,722,061 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\mat.rar
[2010-02-03 07:47:44 | 000,420,931 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\Esmertec Java.zip
[2010-01-31 21:04:44 | 001,280,000 | ---- | C] () -- C:\Documents and Settings\ekusia\Pulpit\po śląsku
[2009-12-27 14:55:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-27 14:55:54 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-27 14:55:54 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-20 09:24:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ekusia\Dane aplikacji\$_hpcst$.hpc
[2009-12-17 18:57:53 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-03 20:29:30 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-12-01 18:50:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-12-01 18:50:55 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-12-01 18:50:54 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-01 16:13:03 | 005,227,462 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\Install.exe
[2009-12-01 16:13:03 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\ekusia\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-10-20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008-07-12 07:23:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008-07-12 07:19:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008-07-12 07:04:48 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008-07-12 07:04:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4859.dll
[2008-07-12 07:04:48 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008-07-12 02:20:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-10-01 07:59:45 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007-05-09 08:16:39 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006-12-05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006-08-27 11:39:35 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2006-08-27 11:39:35 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-05-16 07:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006-01-06 11:16:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini
[2005-07-22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-22 10:51:34 | 003,432,656 | ---- | C] () -- C:\Program Files\ManagedDX.CAB
[2004-07-19 22:58:36 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2004-07-19 22:53:26 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2004-07-09 14:17:16 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab
[2004-07-09 09:13:48 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab
[2004-07-09 09:13:46 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab
[color=#E56717]========== LOP Check ==========[/color]
[2008-07-12 08:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010-02-25 19:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-01 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Gadu-Gadu 10
[2009-12-06 17:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Opera
[2009-12-11 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\Wireshark
[2009-12-15 19:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\GHISLER
[2010-02-25 20:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ekusia\Dane aplikacji\IObit
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Re: Proszę o sprawdzenie loga HijackThis
27 Lut 2010, 21:53
- Kod:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-27 20:53:16
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ekusia\USTAWI~1\Temp\kfrdapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
Re: Proszę o sprawdzenie loga HijackThis
27 Lut 2010, 22:36
Uruchom OTL 
w oknie Custom Scans/Fixes wklej:
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie wylecz/usuń i daj raport (Plik Zapisz Listę Raportu)
w oknie Custom Scans/Fixes wklej::OTL
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] File not found
O4 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006..\Run: [Power2GoExpress] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1872343154-3806910920-3962427295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AUToPlaY\CommanD - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\AutoRun\command - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\eXpLore\CoMmand - "" = F:\nbhnep.exe -- File not found
O33 - MountPoints2\{48d2361a-159e-11df-afc8-001f3c64bcf9}\Shell\open\cOmMAnD - "" = F:\nbhnep.exe -- File not found
:Files
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
C:\WINDOWS\System32\acovcnt.exe
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1872343154-3806910920-3962427295-1006.job
:Commands
[emptytemp]
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
Wykonaj pełne skanowanie Dr.Web CureIt - jeśli coś znajdzie wylecz/usuń i daj raport (Plik
Zapisz Listę Raportu)
Re: Proszę o sprawdzenie loga HijackThis
28 Lut 2010, 11:53
- Kod:
A0008523.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP47 Win32.Sector.12 Wyleczony.
A0008837.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP48 Win32.Sector.12 Wyleczony.
A0008925.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP48 Win32.Sector.12 Wyleczony.
A0009429.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0009848.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0009951.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0010099.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0010581.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0011693.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0011901.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0011979.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP49 Win32.Sector.12 Wyleczony.
A0012235.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP50 Win32.Sector.12 Wyleczony.
A0013789.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0013987.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014142.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014231.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014347.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014488.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014624.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP51 Win32.Sector.12 Wyleczony.
A0014933.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP52 Win32.Sector.12 Wyleczony.
A0015354.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP53 Win32.Sector.12 Wyleczony.
A0016238.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016239.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016240.scr D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016241.EXE D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016242.EXE D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016243.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016244.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016245.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016246.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016247.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016248.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016249.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016250.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016251.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016252.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016253.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016254.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016255.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016256.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016257.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016258.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
A0016260.exe D:\System Volume Information\_restore{223F465F-3FC6-41E7-A0B8-C5572C0C7517}\RP57 Win32.Sector.12 Wyleczony.
index.htm\JavaScript.0 D:\WYKŁADY\WYKŁADY\SEMESTR II\SYSTEMY OPERACYJNE\infolinux_pl\www_infolinux_pl\images\index.htm Trojan.Nazwa
index.htm D:\WYKŁADY\WYKŁADY\SEMESTR II\SYSTEMY OPERACYJNE\infolinux_pl\www_infolinux_pl\images Kontener zawiera zainfekowane obiekty Przeniesiony.
Re: Proszę o sprawdzenie loga HijackThis
28 Lut 2010, 15:35
A no właśnie, tu jest Sality. Zastosuj się do tej instrukcji viewtopic.php?f=22&t=20698#p111372
Następnie pobierz Combofix, przeskanuj system i daj log.
viewtopic.php?f=22&t=20698#p111372Następnie pobierz Combofix, przeskanuj system i daj log.