[inne]Xp Security Tool - chyba wirus

Witam

Przed chwilą przez aktualizacje systemu wszedł mi do kompa ten program, co w temacie.
Czytałem co to jest i jest to prawdopodobnie wirus....
Jak to coś usunąć ?

OTL logfile created on: 2010-04-24 18:36:51 - Run 1OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Administrator\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 81,00 Mb Available Physical Memory | 8,00% Memory free2,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 14,88 Gb Total Space | 2,37 Gb Free Space | 15,94% Space Free | Partition Type: NTFSDrive D: | 283,20 Gb Total Space | 3,24 Gb Free Space | 1,15% Space Free | Partition Type: NTFSDrive E: | 232,88 Gb Total Space | 4,52 Gb Free Space | 1,94% Space Free | Partition Type: NTFSDrive F: | 298,09 Gb Total Space | 26,54 Gb Free Space | 8,90% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive N: | 483,45 Mb Total Space | 426,52 Mb Free Space | 88,23% Space Free | Partition Type: FAT Computer Name: JASKINIACurrent User Name: AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exePRC - [2010-04-24 15:42:02 | 000,224,768 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exePRC - [2010-04-24 15:40:34 | 000,029,440 | ---- | M] () -- C:\WINDOWS\system32\wuaucldt.exePRC - [2010-04-02 15:06:57 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-12-23 18:14:30 | 014,100,888 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exePRC - [2009-11-13 14:47:58 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exePRC - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2008-10-24 21:50:00 | 001,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2008-05-19 16:24:46 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exePRC - [2008-03-20 21:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exePRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exePRC - [2007-12-14 14:28:02 | 000,716,800 | ---- | M] (Edimax Technology Co., Ltd) -- C:\Program Files\EDIMAX\Common\RaUI.exePRC - [2007-07-14 00:42:04 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007-03-12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2007-03-12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2006-10-26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXEPRC - [2005-10-25 13:56:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\WaINDOWS\VM303_STI.EXEPRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exePRC - [2004-08-24 12:14:14 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2004-08-24 12:01:00 | 002,552,320 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXEPRC - [2004-07-06 12:10:34 | 007,684,158 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exePRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe  ========== Modules (SafeList) ========== MOD - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exeMOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dllMOD - [2006-08-25 10:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2008-10-24 21:56:30 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)SRV - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)SRV - [2001-10-26 21:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)  ========== Driver Services (SafeList) ========== DRV - [2010-04-24 18:22:59 | 000,084,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)DRV - [2009-10-06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-10-06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-10-06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2009-10-06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2008-12-05 21:48:04 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)DRV - [2008-10-24 21:53:28 | 000,034,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)DRV - [2008-10-24 21:46:24 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)DRV - [2008-10-24 21:45:32 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2008-07-21 14:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)DRV - [2008-01-15 21:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)DRV - [2007-07-28 03:15:52 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2007-01-27 20:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)DRV - [2006-05-03 22:02:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)DRV - [2005-10-27 15:34:06 | 000,390,849 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)DRV - [2005-04-25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)DRV - [2004-08-26 14:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2004-06-01 19:37:58 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)DRV - [2004-04-13 16:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)DRV - [2004-04-13 16:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)DRV - [2004-04-13 16:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-03-12 21:35:07 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 08:41:16 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 15:07:04 | 000,000,000 | ---D | M] [2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions[2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uwpwt4ok.default\extensions[2008-12-05 21:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-01-14 19:34:15 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-01-14 19:34:15 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-01-14 19:34:15 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-01-14 19:34:15 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-01-14 19:34:15 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-01-14 19:34:15 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not foundO4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)O4 - HKCU..\Run: [syncman] C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe ()O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\monxga32.exe ()O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 192.168.0.1O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008-12-05 19:21:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKCU\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "%1" %* () ========== Files/Folders - Created Within 30 Days ========== [2010-04-24 18:36:00 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe[2010-04-24 18:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\avG[2010-04-24 18:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\avG[2010-04-24 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ESET[2010-04-18 22:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder (2)[2008-12-05 21:59:08 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys[2008-12-05 21:59:08 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe[2010-04-24 18:22:59 | 000,084,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys[2010-04-24 18:22:59 | 000,084,800 | ---- | M] () -- C:\WINDOWS\System32\dllcache\cdrom.sys[2010-04-24 18:22:06 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010-04-24 18:20:37 | 000,016,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\I6vNTV7g2h23[2010-04-24 15:40:34 | 000,029,440 | ---- | M] () -- C:\WINDOWS\System32\wuaucldt.exe[2010-04-24 15:40:34 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\kcmdte.dat[2010-04-24 15:40:30 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat[2010-04-24 15:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-04-24 15:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-04-24 13:45:41 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT[2010-04-24 13:45:36 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini[2010-04-24 10:49:41 | 002,466,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Kopia Kopia FILM-1.xls[2010-04-24 10:39:21 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls[2010-04-24 10:39:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010-04-24 10:31:36 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-04-23 22:07:06 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-04-23 09:19:45 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\JABIL.doc[2010-04-21 16:06:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-04-13 15:01:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-04-12 22:13:32 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc[2010-04-11 19:22:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI[2010-04-11 19:22:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI[2010-04-08 17:26:26 | 000,129,068 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg[2010-04-02 14:51:52 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib[2010-03-28 13:50:41 | 002,473,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000[2010-03-28 11:52:36 | 000,436,610 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-03-28 11:52:36 | 000,380,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-03-28 11:52:36 | 000,066,740 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-03-28 11:52:36 | 000,052,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-03-28 11:52:32 | 000,946,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-04-24 15:42:03 | 000,016,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\I6vNTV7g2h23[2010-04-24 15:42:02 | 000,084,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cdrom.sys[2010-04-24 15:40:34 | 000,029,440 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe[2010-04-24 15:40:33 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\kcmdte.dat[2010-04-24 15:40:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat[2010-04-12 20:16:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc[2010-04-08 17:26:25 | 000,129,068 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg[2010-03-28 13:50:34 | 002,473,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000[2009-11-19 18:47:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI[2009-11-19 18:47:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI[2008-12-13 22:55:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2008-12-06 14:25:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2008-12-05 22:16:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll[2008-12-05 21:59:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll[2008-12-05 21:48:03 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2008-12-05 19:49:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll[2008-12-05 19:49:28 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2008-12-05 19:48:10 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll[2008-12-05 19:43:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll[2008-12-05 19:28:48 | 000,003,131 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2008-12-05 19:28:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2008-10-24 21:53:28 | 000,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys[2004-08-04 00:59:54 | 000,084,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys[2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\WINDOWS:C642324E7E2CF77D< End of report >

OTL Extras logfile created on: 2010-04-24 18:36:51 - Run 1OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Administrator\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 81,00 Mb Available Physical Memory | 8,00% Memory free2,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 14,88 Gb Total Space | 2,37 Gb Free Space | 15,94% Space Free | Partition Type: NTFSDrive D: | 283,20 Gb Total Space | 3,24 Gb Free Space | 1,15% Space Free | Partition Type: NTFSDrive E: | 232,88 Gb Total Space | 4,52 Gb Free Space | 1,94% Space Free | Partition Type: NTFSDrive F: | 298,09 Gb Total Space | 26,54 Gb Free Space | 8,90% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive N: | 483,45 Mb Total Space | 426,52 Mb Free Space | 88,23% Space Free | Partition Type: FAT Computer Name: JASKINIACurrent User Name: AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].exe [@ = secfile] -- C:\WINDOWS\System32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe ().html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- N:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" File not foundDirectory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Directory [PlayWithVLC] -- N:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" File not foundDirectory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 1"AntiVirusOverride" = 1"FirewallDisableNotify" = 1"UpdatesDisableNotify" = 1"FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)"C:\Program Files\Honor_pol\moh_Breakthrough.exe" = C:\Program Files\Honor_pol\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough -- (Electronic Arts Inc.)"C:\Program Files\Honor_pol\MOHAA.EXE" = C:\Program Files\Honor_pol\MOHAA.EXE:*:Disabled:Medal of Honor Allied Assault -- File not found"C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found  ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe  1.4.89.1"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{4F2CE68F-EDBB-4592-BF07-5AC930A51045}" = Nero 7 Premium"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8CC5833C-418A-40BB-9B16-D8F26B606BF5}" = ESET NOD32 Antivirus"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH USB PC Camera H"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =             "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem  (10/05/2009 4.2)"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem  (06/01/2009 7.01.0.4)"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"All ATI Software" = ATI - ƒ\ƒtƒgƒEƒFƒA‚ĚƒAƒ“ƒCƒ“ƒXƒg�[ƒ‹ ƒ†�[ƒeƒBƒŠƒeƒB"AnyDVD" = AnyDVD"ATI Display Driver" = ATI Display Driver"CloneDVD2" = CloneDVD2"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030030" = HDAUDIO SoftV92 Data Fax Modem with SmartCP"DVD Shrink_is1" = DVD Shrink 3.2"ENTERPRISE" = Microsoft Office Enterprise 2007"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up "Gadu-Gadu" = Gadu-Gadu 7.7"Gadu-Gadu 10" = Gadu-Gadu 10"Graphical Enhancement Textures" = Graphical Enhancement Textures 2.5"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8"ipla" = ipla 2.1.1"Magic Audio CD Burner_is1" = Magic Audio CD Burner v2.7.11.1"Medal of Honor - Spearhead" = Medal of Honor - Spearhead"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0"Mount&Blade" = Mount&Blade"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)"Nokia PC Suite" = Nokia PC Suite"PROSet" = Intel(R) PRO Network Adapters and Drivers"QuicktimeAlt_is1" = QuickTime Alternative 1.81"RealAlt_is1" = <a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a> 1.51 Lite"R-Studio 4.2NSIS" = R-Studio 4.2"Spolszczenie" = Spolszczenie 1.0"VLC media player" = VLC media player 0.9.4"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7"Winamp" = Winamp"WinRAR archiver" = Archiwizator WinRAR"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7"YouTube FLV to AVI Suite Enterprise_is1" = YouTube FLV to AVI Suite Enterprise 2.0.8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 2009-05-12 10:39:07 | Computer Name = JASKINIA | Source = SecurityCenter | ID = 1802Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2009-08-24 03:26:33 | Computer Name = JASKINIA | Source = SecurityCenter | ID = 1802Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2009-10-01 12:25:51 | Computer Name = JASKINIA | Source = SecurityCenter | ID = 1802Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2009-10-13 08:50:19 | Computer Name = JASKINIA | Source = SecurityCenter | ID = 1802Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2009-10-15 12:18:15 | Computer Name = JASKINIA | Source = Microsoft Office 12 | ID = 5000Description = EventType officelifeboathang, P1 excel.exe, P2 12.0.4518.1014, P3 ntdll.dll, P4 5.1.2600.2180, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 2009-10-29 05:30:09 | Computer Name = JASKINIA | Source = SecurityCenter | ID = 1802Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. [ System Events ]Error - 2010-04-23 03:03:22 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Eset Nod32 Boot. Error - 2010-04-23 03:03:22 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego błędu:   %%1053 Error - 2010-04-23 09:50:49 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Eset Nod32 Boot. Error - 2010-04-23 09:50:49 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego błędu:   %%1053 Error - 2010-04-23 14:43:15 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Eset Nod32 Boot. Error - 2010-04-23 14:43:15 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego błędu:   %%1053 Error - 2010-04-24 04:06:42 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Eset Nod32 Boot. Error - 2010-04-24 04:06:42 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego błędu:   %%1053 Error - 2010-04-24 09:39:07 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Eset Nod32 Boot. Error - 2010-04-24 09:39:07 | Computer Name = JASKINIA | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego błędu:   %%1053  < End of report >

Wstawiam logi z OTL

Użytkownik Katarina edytował ten post 24 04 2010 - 19:30

No tak, nieciekawa sytuacja: teraz każdy Twój program może być uruchomiony tylko po uzyskaniu zgody "kogoś" z internetu!

Zarażone są także dwa pliki Systemowe "cdrom.sys" (problem z napędem CD/DVD?).
Ściągnij plik "cdrom.sys" (zgodny z Twoim ServicePack 2) stąd>http://www.speedyshare.com/files/22103437/cdrom.sys, i umieść go bezpośrednio na dysku C:\
Potem:
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:C642324E7E2CF77D
[2010-04-24 15:40:34 | 000,029,440 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010-04-24 15:40:33 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\kcmdte.dat
[2010-04-24 15:40:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat
[2010-04-24 15:42:03 | 000,016,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\I6vNTV7g2h23
[2010-04-24 18:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\avG
[2010-04-24 18:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\avG
O37 - HKCU\...exe [@ = secfile] -- "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "%1" %* ()
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\monxga32.exe ()
O4 - HKCU..\Run: [syncman] C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe ()
O4 - HKLM..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found


:Files
C:\WINDOWS\System32\dllcache\cdrom.sys
C:\Windows\System32\drivers\cdrom.sys|C:\cdrom.sys /replace
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Potem skopiuj (ręcznie) plik "cdrom.sys" z C:\Windows\System32\drivers\ do C:\WINDOWS\System32\dllcache\

Potem zrób nowy log, ale na dodatkowym ustawieniu:
W pole Custom Scans/Fixes wklej:

%systemdrive%\cdrom.* /s /md5

i dopiero wtedy kliknij "Run Scan".

Napisz też, czy działa napęd CD/DVD.
.

Użytkownik ordynat edytował ten post 24 04 2010 - 19:53

All processes killed
========== OTL ==========
ADS C:\WINDOWS:C642324E7E2CF77D deleted successfully.
C:\WINDOWS\system32\wuaucldt.exe moved successfully.
C:\Documents and Settings\Administrator\Dane aplikacji\kcmdte.dat moved successfully.
C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\I6vNTV7g2h23 moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\avG folder moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\avG folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File move failed. C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\monxga32.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syncman deleted successfully.
C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syncman deleted successfully.
File C:\WINDOWS\system32\wuaucldt.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\dllcache\cdrom.sys moved successfully.
File C:\Windows\System32\drivers\cdrom.sys successfully replaced with C:\cdrom.sys
File\Folder C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1730137057 bytes
->Temporary Internet Files folder emptied: 20335971 bytes
->Java cache emptied: 1018469 bytes
->FireFox cache emptied: 46001180 bytes
->Flash cache emptied: 130763 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Golima
->Temp folder emptied: 54832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1756393255 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3 392,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.2.0 log created on 04242010_204309

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\monxga32.exe moved successfully.

Registry entries deleted on Reboot...

To jest po restarcie...

OTL logfile created on: 2010-04-24 20:48:42 - Run 2
OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1 023,00 Mb Total Physical Memory | 511,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,88 Gb Total Space | 5,69 Gb Free Space | 38,20% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 3,24 Gb Free Space | 1,15% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 4,52 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 26,54 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 483,45 Mb Total Space | 426,52 Mb Free Space | 88,23% Space Free | Partition Type: FAT
 
Computer Name: JASKINIA
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
PRC - [2010-04-02 15:06:57 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-23 18:14:30 | 014,100,888 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe
PRC - [2009-11-13 14:47:58 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-10-24 21:50:00 | 001,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-05-19 16:24:46 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008-03-20 21:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007-12-14 14:28:02 | 000,716,800 | ---- | M] (Edimax Technology Co., Ltd) -- C:\Program Files\EDIMAX\Common\RaUI.exe
PRC - [2007-07-14 00:42:04 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-03-12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-25 13:56:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM303_STI.EXE
PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-24 12:14:14 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004-08-24 12:01:00 | 002,552,320 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
MOD - [2006-08-25 10:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-10-24 21:56:30 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2001-10-26 21:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009-10-06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-12-05 21:48:04 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-10-24 21:53:28 | 000,034,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-10-24 21:46:24 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-10-24 21:45:32 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-21 14:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008-01-15 21:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007-07-28 03:15:52 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2007-01-27 20:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006-05-03 22:02:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005-10-27 15:34:06 | 000,390,849 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2005-04-25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-26 14:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-06-01 19:37:58 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2004-04-13 16:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004-04-13 16:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-04-13 16:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-03-12 21:35:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 08:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 15:07:04 | 000,000,000 | ---D | M]
 
[2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uwpwt4ok.default\extensions
[2008-12-05 21:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-14 19:34:15 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-14 19:34:15 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-14 19:34:15 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-14 19:34:15 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-14 19:34:15 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-14 19:34:15 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-24 20:43:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-05 19:21:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-04-24 20:48:10 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010-04-24 20:43:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-24 20:41:41 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010-04-24 18:36:00 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-04-24 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ESET
[2010-04-18 22:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder (2)
[2008-12-05 21:59:08 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008-12-05 21:59:08 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-04-24 20:44:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-24 20:44:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-24 20:43:55 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-04-24 20:43:51 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-04-24 20:43:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\cdrom.sys
[2010-04-24 20:40:48 | 000,016,948 | -HS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\I6vNTV7g2h23
[2010-04-24 20:40:47 | 000,224,768 | -HS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ave.exe
[2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-04-24 18:22:06 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-24 10:49:41 | 002,466,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Kopia Kopia FILM-1.xls
[2010-04-24 10:39:21 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010-04-24 10:39:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-04-24 10:31:36 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-23 22:07:06 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-04-23 09:19:45 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\JABIL.doc
[2010-04-21 16:06:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-13 15:01:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-12 22:13:32 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc
[2010-04-11 19:22:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010-04-11 19:22:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010-04-08 17:26:26 | 000,129,068 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg
[2010-04-02 14:51:52 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2010-03-28 13:50:41 | 002,473,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000
[2010-03-28 11:52:36 | 000,436,610 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-28 11:52:36 | 000,380,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-28 11:52:36 | 000,066,740 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-28 11:52:36 | 000,052,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-28 11:52:32 | 000,946,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-04-24 20:40:47 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ave.exe
[2010-04-24 20:40:47 | 000,016,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\I6vNTV7g2h23
[2010-04-12 20:16:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc
[2010-04-08 17:26:25 | 000,129,068 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg
[2010-03-28 13:50:34 | 002,473,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000
[2009-11-19 18:47:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-11-19 18:47:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008-12-13 22:55:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-12-06 14:25:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-05 22:16:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll
[2008-12-05 21:59:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-12-05 21:48:03 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-05 19:49:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2008-12-05 19:49:28 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008-12-05 19:48:10 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008-12-05 19:43:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008-12-05 19:28:48 | 000,003,131 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-12-05 19:28:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-24 21:53:28 | 000,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemdrive%\cdrom.* /s /md5 >[/color]
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\cdrom.sys
[2010-04-24 20:33:14 | 000,084,800 | ---- | M] () MD5=D4913D84F97DE547FC98D6499324EB3F -- C:\_OTL\MovedFiles\04242010_204309\C_WINDOWS\system32\dllcache\cdrom.sys
[2004-11-02 13:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Core\CDROM.CFG
[2007-03-14 12:39:42 | 000,255,536 | ---- | M] (Nero AG) MD5=4A28EA7E0A637371C19711DC3C555C6D -- C:\Program Files\Nero\Nero 7\Core\CDROM.dll
[2004-11-02 13:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.CFG
[2006-10-27 17:26:24 | 000,258,048 | ---- | M] (Nero AG) MD5=A7C58016B8327BA271AE3AFF010EA8F1 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.dll
[2004-08-04 02:39:54 | 000,071,646 | ---- | M] () MD5=64C1FD66DDD7B16B587350839793DE47 -- C:\WINDOWS\inf\cdrom.inf
[2008-12-05 19:29:26 | 000,057,868 | ---- | M] () MD5=6261AE21187E4458838173DC7BF20D87 -- C:\WINDOWS\inf\cdrom.PNF
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< End of report >

To po ponownym skanie....

Napędy... Tacka się wysuwa jeśli oto chodzi.

Jest już trochę lepiej, ale jeszcze nie jest dobrze.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
[2010-04-24 20:40:47 | 000,224,768 | -HS- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ave.exe
[2010-04-24 20:40:47 | 000,016,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\I6vNTV7g2h23
O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-12-05 18:58:52 | 000,000,595 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-

:Files
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ave.exe

:Commands
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Pokaż nowy log OTL.txt oraz raport z usuwania.
Nowy log rób cały czas na ustawieniu z "cdrom", by wiedzieć, czy znów ten plik nie został zarazony.
.

OTL logfile created on: 2010-04-24 21:12:55 - Run 3
OTL by OldTimer - Version 3.2.2.0     Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1 023,00 Mb Total Physical Memory | 554,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,88 Gb Total Space | 5,67 Gb Free Space | 38,12% Space Free | Partition Type: NTFS
Drive D: | 283,20 Gb Total Space | 3,24 Gb Free Space | 1,15% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 4,52 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 26,54 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 483,45 Mb Total Space | 426,52 Mb Free Space | 88,23% Space Free | Partition Type: FAT
 
Computer Name: JASKINIA
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
PRC - [2010-04-02 15:06:57 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-13 14:47:58 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-10-24 21:50:00 | 001,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-05-19 16:24:46 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008-03-20 21:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007-12-14 14:28:02 | 000,716,800 | ---- | M] (Edimax Technology Co., Ltd) -- C:\Program Files\EDIMAX\Common\RaUI.exe
PRC - [2007-07-14 00:42:04 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-03-12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-25 13:56:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM303_STI.EXE
PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-24 12:14:14 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004-08-24 12:01:00 | 002,552,320 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
MOD - [2006-08-25 10:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-10-24 21:56:30 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-10-24 21:51:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2001-10-26 21:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009-10-06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-12-05 21:48:04 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-10-24 21:53:28 | 000,034,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-10-24 21:46:24 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-10-24 21:45:32 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-21 14:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008-01-15 21:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007-07-28 03:15:52 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2007-01-27 20:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006-05-03 22:02:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005-10-27 15:34:06 | 000,390,849 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2005-04-25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005-01-07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-26 14:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-06-01 19:37:58 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2004-04-13 16:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004-04-13 16:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-04-13 16:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-03-12 21:35:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 08:41:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 15:07:04 | 000,000,000 | ---D | M]
 
[2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2008-12-05 21:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uwpwt4ok.default\extensions
[2008-12-05 21:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-14 19:34:15 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-14 19:34:15 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-14 19:34:15 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-14 19:34:15 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-14 19:34:15 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-14 19:34:15 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-24 20:43:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-05 19:21:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-04-24 20:48:10 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010-04-24 20:43:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-24 20:41:41 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010-04-24 18:36:00 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-04-24 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ESET
[2010-04-18 22:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder (2)
[2008-12-05 21:59:08 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008-12-05 21:59:08 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-04-24 21:10:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-24 21:10:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-24 21:10:12 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-04-24 21:10:08 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-04-24 20:43:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\cdrom.sys
[2010-04-24 18:36:36 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-04-24 18:22:06 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-24 10:49:41 | 002,466,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Kopia Kopia FILM-1.xls
[2010-04-24 10:39:21 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010-04-24 10:39:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-04-24 10:31:36 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-23 22:07:06 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-04-23 09:19:45 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\JABIL.doc
[2010-04-21 16:06:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-13 15:01:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-12 22:13:32 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc
[2010-04-11 19:22:45 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010-04-11 19:22:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010-04-08 17:26:26 | 000,129,068 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg
[2010-04-02 14:51:52 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2010-03-28 13:50:41 | 002,473,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000
[2010-03-28 11:52:36 | 000,436,610 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-28 11:52:36 | 000,380,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-28 11:52:36 | 000,066,740 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-28 11:52:36 | 000,052,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-28 11:52:32 | 000,946,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-04-12 20:16:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\WYMIANA _TOWARU1.doc
[2010-04-08 17:26:25 | 000,129,068 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\PRAWKO.jpg
[2010-03-28 13:50:34 | 002,473,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\F1CD6000
[2009-11-19 18:47:34 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-11-19 18:47:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008-12-13 22:55:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-12-06 14:25:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-05 22:16:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll
[2008-12-05 21:59:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-12-05 21:48:03 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-05 19:49:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2008-12-05 19:49:28 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008-12-05 19:48:10 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008-12-05 19:43:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008-12-05 19:28:48 | 000,003,131 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-12-05 19:28:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-10-24 21:53:28 | 000,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemdrive%\cdrom.* /s /md5 >[/color]
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\cdrom.sys
[2010-04-24 20:33:14 | 000,084,800 | ---- | M] () MD5=D4913D84F97DE547FC98D6499324EB3F -- C:\_OTL\MovedFiles\04242010_204309\C_WINDOWS\system32\dllcache\cdrom.sys
[2004-11-02 13:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Core\CDROM.CFG
[2007-03-14 12:39:42 | 000,255,536 | ---- | M] (Nero AG) MD5=4A28EA7E0A637371C19711DC3C555C6D -- C:\Program Files\Nero\Nero 7\Core\CDROM.dll
[2004-11-02 13:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.CFG
[2006-10-27 17:26:24 | 000,258,048 | ---- | M] (Nero AG) MD5=A7C58016B8327BA271AE3AFF010EA8F1 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.dll
[2004-08-04 02:39:54 | 000,071,646 | ---- | M] () MD5=64C1FD66DDD7B16B587350839793DE47 -- C:\WINDOWS\inf\cdrom.inf
[2008-12-05 19:29:26 | 000,057,868 | ---- | M] () MD5=6261AE21187E4458838173DC7BF20D87 -- C:\WINDOWS\inf\cdrom.PNF
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2010-04-24 20:41:42 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< End of report >

To jest nowy log.
Logu po usunięciu nie dostałem ; o

Jest chyba OK.
Przeskanuj jeszcze komputer przy pomocy >MBAM
Jeśli coś znajdzie, to niech usunie, i dasz tu raport z niego.

W OTL kliknij na przycisk "CleanUp" - to go usunie razem z jego Kwarantanną.

Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu":

>START>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.
(W czasie tego chwilowego wyłączenia te kopie usuną się samoczynnie, więc nie ma potrzeby zaglądania do folderu.)
Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

.

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org



Wersja bazy: 3930



Windows 5.1.2600 Dodatek Service Pack 2

Internet Explorer 7.0.5730.11



2010-04-24 21:51:31

mbam-log-2010-04-24 (21-51-31).txt



Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)

Przeskanowano obiektów: 145540

Upłynęło: 26 minut(y), 36 sekund(y)



Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 7

Zainfekowanych folderów: 0

Zainfekowanych plików: 1



Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)



Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)



Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)



Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)



Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



Zainfekowanych folderów:

(Nie znaleziono zagrożeń)



Zainfekowanych plików:

C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Zainfekowanych plików:
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

Dobrze, że użyłeś MBAM, bo to, co wykrył powyżej, było grożne!

Teraz już powinno być OK.
.

Komputer sprawuje się dobrze. Dzięki Wielkie