Nie załącza się explorer

**Posty:** 65 · przez **piotreek** 29 Gru 2009, 14:26

tak jak w temacie system sie włącza tylko do momentu wyboru użytkownika po zalogowaniu pojawiają sie moje dokumenty i dalej nic dopiero jak włacze menadzera zadan i uruchomie recznie explorer to zaczyna działac i wszystko dalej jest ok

**Posty:** 910 · przez **vvilldare** 29 Gru 2009, 15:08

Wrzuć loga
zasady-wstawiania-logow-vt93842.html

**Posty:** 65 · przez **piotreek** 30 Gru 2009, 10:42

Kod: Zaznacz wszystko: OTL logfile created on: 2009-12-30 09:37:26 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\stepienio\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,98 Gb Total Space | 1,85 Gb Free Space | 6,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 81,81 Gb Total Space | 2,00 Gb Free Space | 2,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEPIENIO-PC Current User Name: stepienio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-12-29 19:23:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\stepienio\Downloads\OTL.exe PRC - [2009-10-03 03:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2009-09-28 15:46:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-09-17 17:14:36 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2009-09-17 16:45:14 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-08-19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-04-23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2007-10-09 18:18:22 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE PRC - [2007-10-09 18:18:22 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE PRC - [2007-10-09 18:18:12 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE PRC - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-10 00:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007-05-06 16:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007-05-06 16:10:44 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-12-29 19:23:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\stepienio\Downloads\OTL.exe MOD - [2006-11-02 10:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-09-24 10:59:26 | 01,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009-09-17 17:14:36 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-08-19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007-10-09 18:18:22 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007-05-18 20:53:29 | 00,407,152 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\System32\pr2ah4nc.exe -- (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc) SRV - [2007-05-06 16:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2006-11-02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-28 09:52:10 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-09-17 19:14:37 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-08-19 13:35:00 | 09,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-01-21 16:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2007-11-06 08:06:48 | 00,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2007-11-06 08:06:48 | 00,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2007-10-09 18:18:14 | 01,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007-07-18 09:40:00 | 00,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007-07-18 00:02:00 | 00,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007-05-18 20:53:01 | 00,064,880 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) DRV - [2007-05-18 20:52:38 | 00,055,160 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) DRV - [2007-05-06 16:12:02 | 00,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007-05-02 10:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 10:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 10:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007-03-05 17:45:00 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007-02-21 20:49:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007-02-21 20:49:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007-02-21 20:49:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-01-06 06:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2007-01-06 06:59:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2006-11-21 03:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006-11-14 23:16:24 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006-11-14 18:42:46 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006-11-02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006-11-02 08:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "pajacyk.pl" FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-27 20:16:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-19 21:27:54 | 00,000,000 | ---D | M] [2009-09-17 14:55:33 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Extensions [2009-12-29 13:33:33 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions [2009-09-20 09:38:57 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2009-11-27 15:36:19 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\DTToolbar@toolbarnet.com [2009-11-25 06:46:01 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\firefox@tvunetworks.com [2009-09-17 19:26:25 | 00,002,399 | ---- | M] () -- C:\Users\stepienio\AppData\Roaming\Mozilla\FireFox\Profiles\fle1bwzh.default\searchplugins\daemon-search.xml [2009-12-29 13:33:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 09:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009-08-24 20:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-08-24 20:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-08-24 20:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-08-24 20:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-08-24 20:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-08-24 20:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (12407 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts:  O1 - Hosts:  O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe File not found O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com) O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Users\stepienio\AppData\Local\smss.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O13 - gopher Prefix: missing O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.89.173.3 217.113.224.36 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-27 10:06:45 | 00,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-02-18 17:53:03 | 00,000,492 | RHS- | M] () - E:\AUTORUN.FCB -- [ NTFS ] O32 - AutoRun File - [2009-11-15 07:30:26 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0d7df766-d782-11de-8d8d-001d09d6bb51}\Shell - "" = AutoRun O33 - MountPoints2\{0d7df766-d782-11de-8d8d-001d09d6bb51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{69fb3900-cb27-11de-8969-001d09d6bb51}\Shell\AutoRun\command - "" = G:\qbr2q.exe -- File not found O33 - MountPoints2\{69fb3900-cb27-11de-8969-001d09d6bb51}\Shell\open\Command - "" = G:\qbr2q.exe -- File not found O33 - MountPoints2\{85145b8f-a3b6-11de-9f89-001d09d6bb51}\Shell - "" = AutoRun O33 - MountPoints2\{85145b8f-a3b6-11de-9f89-001d09d6bb51}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O33 - MountPoints2\{8624646b-f168-11de-b51f-001d09d6bb51}\Shell\AutoRun\command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{8624646b-f168-11de-b51f-001d09d6bb51}\Shell\explore\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{8624646b-f168-11de-b51f-001d09d6bb51}\Shell\open\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{9d802c99-b598-11de-a20c-001d09d6bb51}\Shell\AutoRun\command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{9d802c99-b598-11de-a20c-001d09d6bb51}\Shell\explore\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{9d802c99-b598-11de-a20c-001d09d6bb51}\Shell\open\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{e337b7a3-a86a-11de-98c3-001d09d6bb51}\Shell\AutoRun\command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{e337b7a3-a86a-11de-98c3-001d09d6bb51}\Shell\explore\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{e337b7a3-a86a-11de-98c3-001d09d6bb51}\Shell\open\Command - "" = H:\EXPLORER.EXE -- File not found O33 - MountPoints2\{ecdae77b-c247-11de-87d3-001d09d6bb51}\Shell\AutoRun\command - "" = G:\d.com -- File not found O33 - MountPoints2\{ecdae77b-c247-11de-87d3-001d09d6bb51}\Shell\explore\Command - "" = G:\d.com -- File not found O33 - MountPoints2\{ecdae77b-c247-11de-87d3-001d09d6bb51}\Shell\open\Command - "" = G:\d.com -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-27 10:09:07 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\G DATA [2009-12-27 10:09:03 | 00,324,224 | ---- | C] (G DATA Software) -- C:\Users\stepienio\Desktop\szczepionki.exe [2009-12-27 09:51:03 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2009-12-27 09:51:03 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009-12-27 09:51:02 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2009-12-27 09:50:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira [2009-12-27 09:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009-12-27 09:31:11 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\Bron.tok-12-27 [2009-12-26 11:37:35 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\Bron.tok-12-26 [2009-12-26 11:27:47 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\eMule [2009-12-26 11:27:47 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule [2009-12-24 13:22:29 | 00,000,000 | ---D | C] -- C:\Windows\Sun [2009-12-09 15:56:41 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2009-12-09 15:56:41 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2009-12-09 15:56:40 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2009-12-09 15:56:39 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2009-12-09 15:56:39 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2009-12-09 15:56:39 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2009-12-09 15:56:38 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2009-12-09 15:56:37 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2009-12-09 15:56:37 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2009-12-09 15:56:36 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2009-12-09 15:56:35 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2009-12-09 15:56:35 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2009-12-09 15:56:34 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2009-12-09 15:56:34 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2009-12-09 15:56:33 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2009-12-09 15:56:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2009-12-09 15:56:33 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2009-12-09 15:56:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2009-12-09 15:56:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2009-12-09 15:56:31 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2009-12-09 15:56:28 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2009-12-09 15:56:28 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2009-12-09 15:56:28 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2009-12-09 15:56:28 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2009-12-09 15:56:27 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2009-12-09 15:56:27 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2009-12-09 15:56:25 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2009-12-09 15:56:24 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2009-12-09 15:56:24 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2009-12-09 15:56:24 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2009-12-09 15:56:23 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2009-12-09 15:56:23 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2009-12-09 15:56:18 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2009-12-02 18:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead [2009-12-02 18:49:26 | 00,254,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmclien.dll [2009-12-02 16:58:39 | 00,281,088 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-30 09:37:37 | 03,145,728 | -HS- | M] () -- C:\Users\stepienio\NTUSER.DAT [2009-12-30 09:35:53 | 00,000,466 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{66E8916C-0D7C-46B2-891C-613937F77FD5}.job [2009-12-30 09:35:04 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009-12-30 09:34:38 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009-12-30 09:34:22 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009-12-30 09:34:22 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009-12-30 09:34:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009-12-30 09:34:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009-12-29 13:26:36 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009-12-29 13:26:36 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009-12-29 13:26:35 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009-12-29 02:23:15 | 02,355,214 | -H-- | M] () -- C:\Users\stepienio\AppData\Local\IconCache.db [2009-12-28 21:49:37 | 00,039,424 | ---- | M] () -- C:\Users\stepienio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-28 09:52:10 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009-12-27 18:41:03 | 00,000,630 | ---- | M] () -- C:\Users\stepienio\AppData\Roaming\wklnhst.dat [2009-12-27 10:06:45 | 00,000,007 | -HS- | M] () -- C:\autoexec.bat [2009-12-27 09:51:20 | 00,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009-12-27 09:46:52 | 00,012,407 | ---- | M] () -- C:\Users\stepienio\AppData\Local\Bron.tok.A12.em.bin [2009-12-27 09:34:10 | 20,877,6559 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009-12-27 09:30:22 | 00,272,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009-12-26 11:37:59 | 00,012,407 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009-12-25 13:08:18 | 00,324,224 | ---- | M] (G DATA Software) -- C:\Users\stepienio\Desktop\szczepionki.exe [2009-12-14 14:41:14 | 00,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Twierdza Krzyżowiec.lnk [2009-12-12 14:00:40 | 00,008,346 | ---- | M] () -- C:\Users\stepienio\Documents\Dokument.rtf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-27 09:51:20 | 00,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009-12-27 09:46:52 | 00,012,407 | ---- | C] () -- C:\Users\stepienio\AppData\Local\Bron.tok.A12.em.bin [2009-12-26 11:37:59 | 00,012,407 | ---- | C] () -- C:\Users\stepienio\AppData\Local\ListHost12.txt [2009-12-14 14:41:14 | 00,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Twierdza Krzyżowiec.lnk [2009-12-12 14:00:40 | 00,008,346 | ---- | C] () -- C:\Users\stepienio\Documents\Dokument.rtf [2009-11-30 19:09:26 | 00,000,466 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{66E8916C-0D7C-46B2-891C-613937F77FD5}.job [2009-11-27 16:05:28 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009-11-12 03:04:42 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009-11-07 16:17:49 | 00,000,051 | ---- | C] () -- C:\Users\stepienio\AppData\Local\Kosong.Bron.Tok.txt [2009-10-04 09:28:20 | 00,000,630 | ---- | C] () -- C:\Users\stepienio\AppData\Roaming\wklnhst.dat [2009-09-20 09:56:35 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-09-20 09:56:35 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009-09-20 09:56:34 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-09-20 09:56:34 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-09-20 09:56:33 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-09-20 09:56:33 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009-09-20 09:17:15 | 00,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys [2009-09-20 09:16:10 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2009-09-20 09:16:10 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2009-09-20 09:16:10 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009-09-17 20:04:18 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009-09-17 19:48:37 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009-09-17 19:23:42 | 00,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-09-17 19:23:41 | 00,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-09-17 19:14:37 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-09-16 23:18:29 | 00,039,424 | ---- | C] () -- C:\Users\stepienio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-16 22:22:40 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2009-09-16 22:19:12 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009-09-16 22:13:21 | 00,000,680 | ---- | C] () -- C:\Users\stepienio\AppData\Local\d3d9caps.dat [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006-11-02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report >

**Posty:** 2183 · przez **NieWiem** 30 Gru 2009, 13:33

Siema.

U Ciebie jest solidna infekcja bo jest i brontok, i badziewie podczepione pod shella.

1. Plik

C:\Windows\explorer.exe

wyślij do skanowania na www.virscan.org

2.

Przeczytaj uważnie instrukcję programu ComboFix, po czym wyłącz swój program antywirusowy, firewall i inne programy, które mogą zakłócać nawet pobieranie ComboFixa twierdząc, że jest wirusem. Nie jest! Spokojnie go ściągnij i zapisz na pulpicie.
Pobierz z któregoś poniższego linku:
- LINK #1
- LINK #2
Pozamykaj wszystkie otwarte okna, komunikatory, programy. ComboFixowi nie powinno sie przeszkadzać.
Uruchom program z dwukliku (VISTA: prawoklik i 'uruchom jako administrator').
Pozwól mu spokojnie działać, nie klikaj ani nie stukaj w klawiaturę - to może spwodować zawieszenie się komputera.
Zalecane jest też instalowanie konsoli odzyskiwania, jeśli ComboFix o nią poprosi. Dzięki niej można odrolować zmiany w przypadku pomyłki narzędzia.
Jeśli będzie potrzeba - zgódź się na restart.
Kiedy program skończy, wytworzy loga (będzie on także w pliku C:\ComboFix.txt), którego wklej w odpowiedzi, pamiętając o tagach [code] lub na http://www.wklej.org.

3. Jak ComboFix skończy, pobierasz DDS i z niego też wklejasz logi.

**Posty:** 65 · przez **piotreek** 30 Gru 2009, 14:15

włączyłem combo fix i dostałem komunikat ze musi on zablokować sterowniki od emulatorów napędów zresetował sie komp i zaczęło sie skanowanie ale włączyła sie avira i cały czas dostawałem komunikaty o trojanach, tego brontoka to myslałem ze usuneła szczepionka ale skoro mowisz ze jest to wierze na slowo. w pliku explorer chyba nic nie znaleziono bo nie widziałem nic w wyniku skanowania wklejam log z combofixa

Kod: Zaznacz wszystko: ComboFix 09-12-29.05 - stepienio 2009-12-30 12:57:23.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.48.1045.18.2045.1342 [GMT 1:00] Uruchomiony z: c:\users\stepienio\Downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\recycler\S-1-5-21-682003330-2146954855-839522115-1003 c:\users\stepienio\AppData\Local\Bron.tok-12-10 c:\users\stepienio\AppData\Local\Bron.tok-12-11 c:\users\stepienio\AppData\Local\Bron.tok-12-12 c:\users\stepienio\AppData\Local\Bron.tok-12-26 c:\users\stepienio\AppData\Local\Bron.tok-12-27 c:\users\stepienio\AppData\Local\Bron.tok-12-7 c:\users\stepienio\AppData\Local\Bron.tok-12-8 c:\users\stepienio\AppData\Local\Bron.tok-12-9 c:\users\stepienio\AppData\Local\Bron.tok.A12.em.bin c:\users\stepienio\AppData\Local\Kosong.Bron.Tok.txt c:\users\stepienio\AppData\Local\ListHost12.txt c:\windows\system32\oem12.inf E:\Autorun.inf E:\g12g.exe E:\opdux.exe E:\pbudsara.exe E:\qbr2q.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-28 do 2009-12-30 ))))))))))))))))))))))))))))))) . 2009-12-30 12:05 . 2009-12-30 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-30 11:52 . 2009-12-30 11:52 -------- d-----w- C:\32788R22FWJFW 2009-12-28 12:39 . 2009-12-28 12:39 782600 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-27 09:09 . 2009-12-27 09:09 -------- d-----w- c:\users\stepienio\AppData\Local\G DATA 2009-12-27 08:51 . 2009-12-28 08:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-27 08:51 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-27 08:50 . 2009-12-27 08:50 -------- d-----w- c:\programdata\Avira 2009-12-27 08:50 . 2009-12-27 08:50 -------- d-----w- c:\program files\Avira 2009-12-26 10:34 . 2009-12-26 10:34 102400 ----a-w- c:\programdata\eMule\lang\pl_PL.dll 2009-12-26 10:27 . 2009-12-26 10:34 -------- d-----w- c:\programdata\eMule 2009-12-26 10:27 . 2009-12-26 10:27 -------- d-----w- c:\users\stepienio\AppData\Local\eMule 2009-12-24 12:22 . 2009-12-24 12:22 -------- d-----w- c:\windows\Sun 2009-12-02 17:49 . 2009-12-02 17:50 -------- d-----w- c:\program files\Ahead 2009-12-02 17:49 . 2000-08-08 11:31 254224 ----a-w- c:\windows\system32\drmclien.dll 2009-12-02 15:58 . 2007-07-18 08:40 281088 ----a-w- c:\windows\system32\drivers\RTL8187B.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 11:54 . 2009-09-17 18:23 32251 ----a-w- c:\programdata\nvModes.dat 2009-12-27 17:41 . 2009-10-04 08:28 630 ----a-w- c:\users\stepienio\AppData\Roaming\wklnhst.dat 2009-12-26 10:27 . 2009-09-20 08:38 -------- d-----w- c:\program files\BitComet 2009-12-22 18:11 . 2009-09-20 08:48 -------- d-----w- c:\users\stepienio\AppData\Roaming\BESTplayer 2009-12-14 13:42 . 2009-09-17 18:43 -------- d-----w- c:\programdata\KONAMI 2009-12-14 13:38 . 2009-09-16 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-02 17:48 . 2009-09-16 21:19 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-27 15:15 . 2009-11-26 18:57 19590 ----a-w- c:\windows\DIIUnin.dat 2009-11-27 15:08 . 2009-11-27 15:05 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-11-27 14:43 . 2009-11-27 14:43 -------- d-----w- c:\program files\Alcohol Soft 2009-11-26 18:57 . 2009-11-26 18:57 2829 ----a-w- c:\windows\DIIUnin.pif 2009-11-26 18:57 . 2009-11-26 18:57 106496 ----a-w- c:\windows\DIIUnin.exe 2009-11-24 21:32 . 2009-11-24 21:32 -------- d-----w- c:\programdata\TVU Networks 2009-11-24 21:32 . 2009-09-19 12:26 -------- d-----w- c:\program files\TVUPlayer 2009-11-24 16:39 . 2009-11-27 14:36 1093064 ----a-w- c:\users\stepienio\AppData\Roaming\Mozilla\Firefox\Profiles\fle1bwzh.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll 2009-11-21 18:37 . 2009-11-21 18:37 -------- d-----w- c:\program files\Veetle 2009-11-14 18:23 . 2009-11-14 18:23 -------- d-----w- c:\users\stepienio\AppData\Roaming\ValuSoft 2009-11-12 02:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-11 11:08 . 2009-09-17 18:23 -------- d-----w- c:\programdata\NVIDIA 2009-11-11 11:03 . 2009-11-11 11:03 -------- d-----w- c:\program files\AGEIA Technologies 2009-11-11 11:03 . 2009-11-11 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-02 19:42 . 2009-10-03 15:26 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-27 18:43 . 2009-10-27 18:43 76 --sh--r- c:\windows\CT4CET.bin 2009-10-26 17:04 . 2009-10-26 17:04 79328 ----a-w- c:\users\stepienio\mqdmserd.sys 2009-10-26 17:04 . 2009-10-26 17:04 5936 ----a-w- c:\users\stepienio\mqdmwhnt.sys 2009-10-26 17:04 . 2009-10-26 17:04 92064 ----a-w- c:\users\stepienio\mqdmmdm.sys 2009-10-26 17:04 . 2009-10-26 17:04 9232 ----a-w- c:\users\stepienio\mqdmmdfl.sys 2009-10-26 17:04 . 2009-10-26 17:04 66656 ----a-w- c:\users\stepienio\mqdmbus.sys 2009-10-26 17:04 . 2009-10-26 17:04 6208 ----a-w- c:\users\stepienio\mqdmcmnt.sys 2009-10-26 17:04 . 2009-10-26 17:04 4048 ----a-w- c:\users\stepienio\mqdmcr.sys 2009-10-26 17:04 . 2009-10-26 17:04 25600 ----a-w- c:\users\stepienio\usbsermptxp.sys 2009-10-26 17:04 . 2009-10-26 17:04 22768 ----a-w- c:\users\stepienio\usbsermpt.sys 2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\users\stepienio\AppData\Roaming\Mozilla\Firefox\Profiles\fle1bwzh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-10-12 18:13 . 2009-09-16 21:14 66248 ----a-w- c:\users\stepienio\AppData\Local\GDIPFONTCACHEV1.DAT 2006-06-15 19:33 . 2009-10-27 18:43 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 17:43 . 2009-10-27 18:43 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 13:41 . 2009-10-27 18:43 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 12:10 . 2009-10-27 18:43 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 11:19 . 2009-10-27 18:43 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 17:35 . 2009-10-27 18:43 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 10:10 . 2009-10-27 18:43 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 10:42 . 2009-10-27 18:43 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 10:22 . 2009-10-27 18:43 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 10:21 . 2009-10-27 18:43 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-17 1232896] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2004-09-06 765952] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-17 1006264] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 3444736] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-28 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3200656326-2541097216-3252807056-1000] "EnableNotificationsRef"=dword:00000001 R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [2009-09-20 39472] R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\System32\drivers\pe3ah4nc.sys [2007-05-18 64880] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\System32\drivers\ps6ah4nc.sys [2007-05-18 55160] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-27 108289] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-09-17 721904] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?] S3 RTL8187B;Planet WL-U356L 802.11g Wireless USB Adapter;c:\windows\System32\drivers\RTL8187B.sys [2009-12-02 281088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Zawartość folderu 'Zaplanowane zadania' 2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{66E8916C-0D7C-46B2-891C-613937F77FD5}.job - c:\windows\system32\msfeedssync.exe [2009-11-14 03:41] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.atcomet.com/b/ IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab FF - ProfilePath - c:\users\stepienio\AppData\Roaming\Mozilla\Firefox\Profiles\fle1bwzh.default\ FF - prefs.js: browser.startup.homepage - pajacyk.pl FF - component: c:\users\stepienio\AppData\Roaming\Mozilla\Firefox\Profiles\fle1bwzh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\users\stepienio\AppData\Roaming\Mozilla\Firefox\Profiles\fle1bwzh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\stepienio\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-cdoosoft - c:\users\STEPIE~1\AppData\Local\Temp\herss.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 13:05 Windows 6.0.6000 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3200656326-2541097216-3252807056-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82ACE97F-BBEE-03B2-D89C-187E756D7804}*] "nacpjkohieiinbiknohimlgephkl"=hex:6a,61,6d,61,63,63,64,6c,66,65,66,61,68,6b, 6d,65,64,6e,67,70,00,ea "oaioliioonhiphccmkfgbfgnhjokem"=hex:6a,61,6d,61,63,63,64,6c,66,65,66,61,68,6b, 6d,65,64,6e,67,70,00,ea [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2009-12-30 13:08:11 ComboFix-quarantined-files.txt 2009-12-30 12:08 ComboFix2.txt 2009-07-05 18:13 Przed: 1 988 096 000 bajtów wolnych Po: 5 278 674 944 bajtów wolnych - - End Of File - - 2E26FB5F50534501152C1C4FE67229BA

**Posty:** 2183 · przez **NieWiem** 30 Gru 2009, 16:09

OK, nowe logi z OTL jeszcze poproszę oraz skasuj katalog C:\Qoobox

**Posty:** 65 · przez **piotreek** 30 Gru 2009, 16:23

nowy otl

Kod: Zaznacz wszystko: OTL logfile created on: 2009-12-30 15:18:29 - Run 2 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\stepienio\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,98 Gb Total Space | 5,13 Gb Free Space | 17,12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 81,81 Gb Total Space | 2,00 Gb Free Space | 2,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEPIENIO-PC Current User Name: stepienio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-12-29 19:23:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\stepienio\Downloads\OTL.exe PRC - [2009-10-02 22:34:42 | 00,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2009-09-17 16:45:14 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-08-19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2007-10-09 18:18:12 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE PRC - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-06 16:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2006-11-02 10:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-12-29 19:23:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\stepienio\Downloads\OTL.exe MOD - [2006-11-02 10:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-09-24 10:59:26 | 01,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009-09-17 17:14:36 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-08-19 15:24:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007-10-09 18:18:22 | 00,024,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007-05-18 20:53:29 | 00,407,152 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\System32\pr2ah4nc.exe -- (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc) SRV - [2007-05-06 16:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2006-11-02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-28 09:52:10 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-09-17 19:14:37 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-08-19 13:35:00 | 09,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-01-21 16:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2007-11-06 08:06:48 | 00,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2007-11-06 08:06:48 | 00,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2007-10-09 18:18:14 | 01,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007-07-18 09:40:00 | 00,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007-07-18 00:02:00 | 00,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007-05-18 20:53:01 | 00,064,880 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) DRV - [2007-05-18 20:52:38 | 00,055,160 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) DRV - [2007-05-06 16:12:02 | 00,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007-05-02 10:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 10:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 10:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007-03-05 17:45:00 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007-02-21 20:49:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007-02-21 20:49:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007-02-21 20:49:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-01-06 06:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2007-01-06 06:59:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2006-11-21 03:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006-11-14 23:16:24 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006-11-14 18:42:46 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-11-02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2006-11-02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006-11-02 08:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006-07-24 15:05:00 | 00,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "pajacyk.pl" FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-27 20:16:15 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-19 21:27:54 | 00,000,000 | ---D | M] [2009-09-17 14:55:33 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Extensions [2009-12-30 13:48:08 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions [2009-09-20 09:38:57 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2009-11-27 15:36:19 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\DTToolbar@toolbarnet.com [2009-11-25 06:46:01 | 00,000,000 | ---D | M] -- C:\Users\stepienio\AppData\Roaming\mozilla\Firefox\Profiles\fle1bwzh.default\extensions\firefox@tvunetworks.com [2009-09-17 19:26:25 | 00,002,399 | ---- | M] () -- C:\Users\stepienio\AppData\Roaming\Mozilla\FireFox\Profiles\fle1bwzh.default\searchplugins\daemon-search.xml [2009-12-30 13:48:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 09:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009-08-24 20:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-08-24 20:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-08-24 20:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-08-24 20:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-08-24 20:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-08-24 20:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (12407 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts:  O1 - Hosts:  O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com) O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.89.173.3 217.113.224.36 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-27 10:06:45 | 00,000,007 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-02-18 17:53:03 | 00,000,492 | RHS- | M] () - E:\AUTORUN.FCB -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-30 13:08:16 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2009-12-30 13:08:13 | 00,000,000 | ---D | C] -- C:\Windows\temp [2009-12-30 13:08:13 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\temp [2009-12-30 12:56:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2009-12-30 12:56:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2009-12-30 12:56:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2009-12-30 12:56:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2009-12-30 12:56:10 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2009-12-30 12:52:46 | 00,000,000 | ---D | C] -- C:\ComboFix [2009-12-30 12:52:32 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-12-30 12:52:17 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009-12-27 10:09:07 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\G DATA [2009-12-27 10:09:03 | 00,324,224 | ---- | C] (G DATA Software) -- C:\Users\stepienio\Desktop\szczepionki.exe [2009-12-27 09:51:03 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2009-12-27 09:51:03 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009-12-27 09:51:02 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2009-12-27 09:50:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira [2009-12-27 09:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009-12-26 11:27:47 | 00,000,000 | ---D | C] -- C:\Users\stepienio\AppData\Local\eMule [2009-12-26 11:27:47 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule [2009-12-24 13:22:29 | 00,000,000 | ---D | C] -- C:\Windows\Sun [2009-12-09 15:56:41 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2009-12-09 15:56:41 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2009-12-09 15:56:40 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2009-12-09 15:56:39 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2009-12-09 15:56:39 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2009-12-09 15:56:39 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2009-12-09 15:56:38 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2009-12-09 15:56:37 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2009-12-09 15:56:37 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2009-12-09 15:56:36 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2009-12-09 15:56:35 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2009-12-09 15:56:35 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2009-12-09 15:56:34 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2009-12-09 15:56:34 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2009-12-09 15:56:33 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2009-12-09 15:56:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2009-12-09 15:56:33 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2009-12-09 15:56:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2009-12-09 15:56:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2009-12-09 15:56:31 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2009-12-09 15:56:28 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2009-12-09 15:56:28 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2009-12-09 15:56:28 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2009-12-09 15:56:28 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2009-12-09 15:56:27 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2009-12-09 15:56:27 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2009-12-09 15:56:25 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2009-12-09 15:56:24 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2009-12-09 15:56:24 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2009-12-09 15:56:24 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2009-12-09 15:56:23 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2009-12-09 15:56:23 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2009-12-09 15:56:18 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2009-12-02 18:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead [2009-12-02 18:49:26 | 00,254,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmclien.dll [2009-12-02 16:58:39 | 00,281,088 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-30 15:20:26 | 03,145,728 | -HS- | M] () -- C:\Users\stepienio\NTUSER.DAT [2009-12-30 15:20:12 | 00,000,466 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{66E8916C-0D7C-46B2-891C-613937F77FD5}.job [2009-12-30 14:54:07 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009-12-30 14:54:07 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009-12-30 14:03:33 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009-12-30 14:03:33 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009-12-30 14:03:33 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009-12-30 13:06:15 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2009-12-30 12:54:42 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009-12-30 12:54:41 | 00,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009-12-30 12:54:08 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009-12-30 12:54:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009-12-30 12:53:03 | 06,291,456 | -H-- | M] () -- C:\Users\stepienio\AppData\Local\IconCache.db [2009-12-28 21:49:37 | 00,039,424 | ---- | M] () -- C:\Users\stepienio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-28 09:52:10 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009-12-27 18:41:03 | 00,000,630 | ---- | M] () -- C:\Users\stepienio\AppData\Roaming\wklnhst.dat [2009-12-27 10:06:45 | 00,000,007 | -HS- | M] () -- C:\autoexec.bat [2009-12-27 09:51:20 | 00,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009-12-27 09:34:10 | 20,877,6559 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009-12-27 09:30:22 | 00,272,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009-12-26 11:37:59 | 00,012,407 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009-12-25 13:08:18 | 00,324,224 | ---- | M] (G DATA Software) -- C:\Users\stepienio\Desktop\szczepionki.exe [2009-12-14 14:41:14 | 00,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Twierdza Krzyżowiec.lnk [2009-12-12 14:00:40 | 00,008,346 | ---- | M] () -- C:\Users\stepienio\Documents\Dokument.rtf [2009-12-09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-30 12:56:19 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2009-12-30 12:56:18 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2009-12-30 12:56:18 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009-12-30 12:56:18 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009-12-30 12:56:18 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe [2009-12-27 09:51:20 | 00,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009-12-14 14:41:14 | 00,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Twierdza Krzyżowiec.lnk [2009-12-12 14:00:40 | 00,008,346 | ---- | C] () -- C:\Users\stepienio\Documents\Dokument.rtf [2009-11-30 19:09:26 | 00,000,466 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{66E8916C-0D7C-46B2-891C-613937F77FD5}.job [2009-11-27 16:05:28 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009-11-12 03:04:42 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009-10-04 09:28:20 | 00,000,630 | ---- | C] () -- C:\Users\stepienio\AppData\Roaming\wklnhst.dat [2009-09-20 09:56:35 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-09-20 09:56:35 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009-09-20 09:56:34 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-09-20 09:56:34 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-09-20 09:56:33 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-09-20 09:56:33 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009-09-20 09:17:15 | 00,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys [2009-09-20 09:16:10 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2009-09-20 09:16:10 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2009-09-20 09:16:10 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009-09-17 20:04:18 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009-09-17 19:48:37 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009-09-17 19:23:42 | 00,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-09-17 19:23:41 | 00,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-09-16 23:18:29 | 00,039,424 | ---- | C] () -- C:\Users\stepienio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-16 22:22:40 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2009-09-16 22:19:12 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009-09-16 22:13:21 | 00,000,680 | ---- | C] () -- C:\Users\stepienio\AppData\Local\d3d9caps.dat [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006-11-02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report >

**Posty:** 18165 · przez **wojtas** 01 Sty 2010, 17:24

na tą infekcję : usuń wszystkie programy od wirtualnych napędów wg tego i odpal combofixa

Kto jest na forum