Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Log HiJackThis 28.11.09 Poprzedni temat :: Następny temat
Log HiJackThis 28.11.09
Autor Wiadomość
crooleeck 
Wymiata!


Pomógł: 22 razy
Skąd: Miedziana Dzioora...
Wysłany: 2009-11-28, 12:54   Log HiJackThis 28.11.09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:01, on 2009-11-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.co...oUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com...ows-i586-jc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.c...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2391A5F8-7541-4215-B559-D5ED9B628B10}: NameServer = 213.241.79.37,213.241.79.38,195.114.161.61,195.114.181.130
O18 - Protocol hijack: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E}
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\krasnal/MYSQL/bin/mysqld.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6293 bytes


Panda Cloud Antivirus daje do kwarantanny plik C:\WINDOWS\system32\sfc_os.dll ale nie radzi sobie z nim - pliczek się "odradza".
_________________
#pctown.pl @ PolNet
http://crooleeck.jogger.pl/
 
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-11-28, 13:20   
Podaj logi z OTL (klikasz Run Scan i czekasz aż powstanie log) oraz GMER

Przeskanuj ten plik na http://virusscan.jotti.org/ i podaj wyniki
_________________
 
   
crooleeck 
Wymiata!


Pomógł: 22 razy
Skąd: Miedziana Dzioora...
Wysłany: 2009-11-28, 22:45   
OTL logfile created on: 2009-11-28 13:51:41 - Run 1
OTL by OldTimer - Version 3.1.11.1 Folder = H:\Instalki
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,50 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 67,64% Memory free
3,35 Gb Paging File | 2,99 Gb Available in Paging File | 89,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 5,30 Gb Free Space | 26,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120,00 Gb Total Space | 29,85 Gb Free Space | 24,88% Space Free | Partition Type: NTFS
Drive G: | 30,01 Gb Total Space | 2,72 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive H: | 62,88 Gb Total Space | 0,72 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOMEK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-28 13:50:37 | 00,535,040 | ---- | M] (OldTimer Tools) -- H:\Instalki\OTL.exe
PRC - [2009-10-30 17:29:56 | 00,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009-10-30 17:29:01 | 00,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-09-25 15:28:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009-08-25 07:51:48 | 03,548,560 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon2\Maxthon.exe
PRC - [2009-05-20 11:45:10 | 00,103,912 | ---- | M] () -- C:\Program Files\Spik\Spik.exe
PRC - [2009-02-25 15:47:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-03-20 11:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-07-13 23:42:04 | 00,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005-04-23 18:12:00 | 00,802,816 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2005-03-17 13:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004-08-04 01:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2002-04-11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001-12-12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2009-11-28 13:50:37 | 00,535,040 | ---- | M] (OldTimer Tools) -- H:\Instalki\OTL.exe
MOD - [2009-05-20 10:43:14 | 00,008,192 | ---- | M] () -- C:\Program Files\Spik\idlehk.dll
MOD - [2008-07-25 11:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2006-08-25 09:51:14 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CiSvc)
SRV - [2009-10-30 17:29:56 | 00,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009-09-25 15:28:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009-02-25 15:47:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008-12-12 20:10:51 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-09-14 21:08:14 | 02,928,700 | ---- | M] () -- c:\krasnal/MYSQL/bin/mysqld.exe -- (MySql)
SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002-04-11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2009-10-30 16:18:01 | 00,146,952 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009-10-13 15:50:55 | 00,101,512 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009-10-13 15:50:54 | 00,114,312 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009-10-13 15:50:54 | 00,095,880 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009-09-27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-02-17 18:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008-07-08 18:19:05 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-07-28 02:15:52 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2007-06-19 08:51:20 | 00,107,304 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007-06-19 08:51:18 | 00,099,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007-06-19 08:51:18 | 00,097,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007-06-19 08:51:18 | 00,097,320 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007-06-19 08:51:18 | 00,021,928 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007-06-19 08:51:18 | 00,013,864 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007-06-19 08:51:16 | 00,081,832 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-04-06 06:23:52 | 00,081,664 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-03-29 07:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005-07-07 09:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005-01-10 11:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005-01-10 11:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004-10-15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004-08-13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-07-17 12:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2002-09-16 16:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Disable Script Debugger Default = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DisableScriptDebuggerIE Default = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-30 10:50:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-29 10:47:05 | 00,000,000 | ---D | M]

[2008-07-07 12:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2009-11-25 18:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nwv0s9hk.default\extensions
[2009-04-16 11:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nwv0s9hk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-11-25 18:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-02-25 15:48:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009-05-20 11:26:29 | 00,077,824 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npwpk.dll
[2009-07-22 22:16:44 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2008-04-03 18:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2007-03-31 18:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2006-06-03 17:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2008-03-28 22:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 12:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll (@COMPANY_FULLNAME@)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.co...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com...ows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macrome...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.c...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wpmsg {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-07 12:10:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-07-30 15:43:17 | 00,000,000 | ---D | M] - H:\Auto -- [ NTFS ]
O33 - MountPoints2\{d0bccec0-7aca-11dd-b46b-0017318c1228}\Shell\AutoRun\command - "" = K:\hx.exe -- File not found
O33 - MountPoints2\{d0bccec0-7aca-11dd-b46b-0017318c1228}\Shell\open\Command - "" = K:\hx.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-28 12:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\gombrowicz_witold_–_ferdydurke.rtf
[2009-11-28 02:33:02 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009-11-25 21:02:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zagadnienia
[2009-11-25 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\angielski
[2009-11-24 17:26:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Updater
[2009-11-24 17:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder (3)
[2009-11-23 01:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder (2)
[2009-11-19 17:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Testy makro
[2009-11-16 21:04:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zeszyt od historii technikum
[2009-11-16 00:25:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009-11-16 00:24:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Visual Studio 2008
[2009-11-16 00:24:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help
[2009-11-16 00:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009-11-16 00:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009-11-16 00:20:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
[2009-11-16 00:19:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009-11-16 00:16:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009-11-16 00:05:56 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-11-14 16:58:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009-11-11 14:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Panda Security
[2009-11-11 14:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Panda Security
[2009-11-08 20:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Wojna
[2009-11-07 18:21:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Blue-Guilty-2003-ApoLLo_INT
[2009-11-07 12:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\prezentacja
[2009-11-05 23:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Jason Walker
[2009-11-05 19:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\codeblocks
[2009-11-05 18:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2009-11-03 20:38:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.designer
[2009-11-03 16:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia
[2009-11-03 16:38:46 | 00,000,000 | ---D | C] -- C:\Qt
[2009-11-01 13:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\My Virtual Machines
[2009-10-30 16:18:03 | 00,365,824 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PSUNCpl.cpl
[2009-10-30 16:18:01 | 00,146,952 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINAflt.sys
[2002-04-11 02:41:06 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\Pulpit\*.tmp files -> C:\Documents and Settings\Administrator\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-28 12:20:19 | 00,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-11-28 12:20:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-28 02:33:11 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009-11-28 01:39:13 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-26 18:06:17 | 04,988,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Chrola & Szurpik-Bielyje rozy.mp3
[2009-11-25 14:46:30 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-23 18:56:41 | 00,091,545 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\konsultacje.pdf
[2009-11-21 17:12:18 | 03,540,563 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\sandra%20-%20everlasting%20love[1].mp3
[2009-11-19 18:54:45 | 00,015,838 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2009-11-19 09:53:39 | 00,443,793 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\regulamin.pdf
[2009-11-18 18:02:44 | 00,340,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\regulamin_rekrutacji_pokl.pdf
[2009-11-18 01:29:44 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Spis filmów.lnk
[2009-11-16 22:26:00 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Hista Matii.doc
[2009-11-16 12:27:11 | 00,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-16 02:16:42 | 00,050,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-11-16 00:15:37 | 01,065,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-16 00:15:37 | 00,498,918 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-16 00:15:37 | 00,439,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-16 00:15:37 | 00,087,740 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-16 00:15:37 | 00,070,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-13 20:06:19 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-11 14:21:02 | 00,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2009-11-08 19:57:50 | 03,550,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Neat_Image_Pro__v5.8_crack.rar
[2009-11-03 20:38:24 | 00,000,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\test.cpp
[2009-11-03 12:29:56 | 00,064,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Harmonogram_ZSE_Kielce_dla_Grupy_2.pdf
[2009-11-02 08:22:24 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5b8d3974915c.job
[2009-10-30 16:18:03 | 00,365,824 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\PSUNCpl.cpl
[2009-10-30 16:18:01 | 00,146,952 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINAflt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\Pulpit\*.tmp files -> C:\Documents and Settings\Administrator\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-26 18:05:45 | 04,988,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Chrola & Szurpik-Bielyje rozy.mp3
[2009-11-23 18:56:38 | 00,091,545 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\konsultacje.pdf
[2009-11-21 17:13:01 | 03,540,563 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\sandra%20-%20everlasting%20love[1].mp3
[2009-11-19 18:54:45 | 00,015,838 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2009-11-18 18:02:36 | 00,340,539 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\regulamin_rekrutacji_pokl.pdf
[2009-11-18 18:00:20 | 00,443,793 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\regulamin.pdf
[2009-11-18 01:29:44 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Spis filmów.lnk
[2009-11-16 20:57:10 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Hista Matii.doc
[2009-11-11 14:21:02 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2009-11-08 19:56:04 | 03,550,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Neat_Image_Pro__v5.8_crack.rar
[2009-11-03 20:36:19 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\test.cpp
[2009-11-02 08:22:24 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5b8d3974915c.job
[2009-09-19 16:08:03 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-09-19 16:08:03 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-13 16:04:28 | 00,000,079 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2009-06-13 15:54:54 | 00,000,119 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009-06-13 15:51:49 | 00,021,240 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009-06-13 15:51:49 | 00,013,560 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009-05-18 22:10:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI
[2009-02-04 15:16:17 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-04 15:16:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-02-02 20:22:39 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009-02-02 20:16:40 | 00,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2008-11-15 20:45:08 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\coreavc.ini
[2008-11-07 20:29:25 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008-10-11 13:54:17 | 00,000,279 | ---- | C] () -- C:\WINDOWS\game.ini
[2008-09-27 10:50:09 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc
[2008-07-31 10:51:22 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-07-26 12:27:36 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-07-10 12:06:18 | 00,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008-07-10 12:06:18 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008-07-10 12:06:17 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008-07-10 12:03:24 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008-07-10 12:00:20 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008-07-08 18:16:30 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-07-08 18:14:15 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-07-07 16:21:39 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-07-07 16:21:38 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-07-07 12:41:25 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008-07-07 12:41:25 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008-07-07 12:17:15 | 00,018,239 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-07-07 12:17:14 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-07-07 12:17:11 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005-05-03 12:38:42 | 00,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004-07-17 12:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-10-02 11:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002-03-04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
< End of report >

==========================================================
==========================================================

OTL zrobił jeszcze Extras.Txt:
OTL Extras logfile created on: 2009-11-28 13:51:41 - Run 1
OTL by OldTimer - Version 3.1.11.1 Folder = H:\Instalki
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,50 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 67,64% Memory free
3,35 Gb Paging File | 2,99 Gb Available in Paging File | 89,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 5,30 Gb Free Space | 26,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120,00 Gb Total Space | 29,85 Gb Free Space | 24,88% Space Free | Partition Type: NTFS
Drive G: | 30,01 Gb Total Space | 2,72 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive H: | 62,88 Gb Total Space | 0,72 Gb Free Space | 1,14% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOMEK
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""SubEdit-Player"" = "SubEdit-Player"
"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0D0DF551-7546-4682-A18E-B5716C211209}" = PowerArchiver 2007 Polish
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C98BBC25-490C-4F3F-81D8-5D12C11732DF}" = Panda Cloud Antivirus
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0415-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Applian FLV Player2.0.24" = Applian FLV Player
"CDex" = CDex extraction audio
"CloneDVD2" = CloneDVD2
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Foxit Reader" = Foxit Reader
"Gadu-Gadu" = Gadu-Gadu 7.7
"Google Chrome Frame" = Google Chrome Frame
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Mapa Polski 2001" = Mapa Polski 2001
"Maxthon2" = Maxthon2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MoorHunt_is1" = MoorHunt 0.6.1.0
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Nero - Burning Rom!UninstallKey" = Nero 6
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Peer2Mail" = Peer2Mail (remove only)
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"RealAlt_is1" = Real Alternative 1.51 Lite
"Spik" = Spik
"The KMPlayer" = The KMPlayer (remove only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = Archiwizator WinRAR
"x2VCD" = Super DVD Ripper (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OpenP2M for Java 1.6" = OpenP2M for Java 1.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-10-16 09:51:58 | Computer Name = KOMPUTER | Source = MsiInstaller | ID = 11606
Description = Product: Java(TM) 6 Update 7 -- Error 1606.Could not access network
location http://javadl.sun.com/web...6/ja160000.cab.

Error - 2009-09-25 17:21:49 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-09-25 17:34:48 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-10-14 14:21:55 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-10-29 10:47:09 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-10-29 16:47:08 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-10-31 10:46:28 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-11-13 11:18:32 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

Error - 2009-11-15 19:06:39 | Computer Name = TOMEK | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Wystąpił problem
z tym pakietem Instalatora Windows. Więcej informacji można znaleźć w dzienniku
instalacji.

Error - 2009-11-25 14:54:37 | Computer Name = TOMEK | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2009-11-27 13:35:39 | Computer Name = TOMEK | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.

Error - 2009-11-27 13:35:39 | Computer Name = TOMEK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .

Error - 2009-11-27 13:35:39 | Computer Name = TOMEK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Spik\sms\sms_plus.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .

Error - 2009-11-27 15:24:44 | Computer Name = TOMEK | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvport

Error - 2009-11-27 15:24:45 | Computer Name = TOMEK | Source = Service Control Manager | ID = 7034
Description = Usługa MySql niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2009-11-28 07:20:46 | Computer Name = TOMEK | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: nvport

Error - 2009-11-28 07:20:46 | Computer Name = TOMEK | Source = Service Control Manager | ID = 7034
Description = Usługa MySql niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.

Error - 2009-11-28 08:04:01 | Computer Name = TOMEK | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.

Error - 2009-11-28 08:04:01 | Computer Name = TOMEK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .

Error - 2009-11-28 08:04:01 | Computer Name = TOMEK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\Program Files\Spik\sms\sms_plus.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .


< End of report >

==========================================================
==========================================================

Z tej stronki:
Nazwa pliku: sfc_os.dll
Stan: Skanowanie zakończone. 10 z 21 skanerów zgłaszają wirusy.


==========================================================
==========================================================

W GMER'ze zaznaczyłem wszystkie partycje i kliknąłem Start, nie wiem ile proces trwał, bo odszedłem od kompa po pięciu minutach, w każdym razie po godzinie zastałem system całkiem zawieszony, nawet na CTRL+ALT+DEL nie było reakcji. Po za GMER'em w tym czasie była otwarta tylko przeglądarka w tle z zaufanymi stronami, więc to jego uznaję za winowajcę.
_________________
#pctown.pl @ PolNet
http://crooleeck.jogger.pl/
 
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-11-28, 23:58   
W logach praktycznie nic nie ma.

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
PRC - [2007-07-13 23:42:04 | 00,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{d0bccec0-7aca-11dd-b46b-0017318c1228}\Shell\AutoRun\command - "" = K:\hx.exe -- File not found
O33 - MountPoints2\{d0bccec0-7aca-11dd-b46b-0017318c1228}\Shell\open\Command - "" = K:\hx.exe -- File not found

:Commands
[emptytemp]
[start explorer]

Klikasz Run Fix. Po wykonaniu w OTL kliknij CleanUp.

A plik do podmiany (jest to plik systemowy, więc nie można go usunąć). Pobierz czystą kopię stąd -> http://hotfile.com/dl/189...sfc_os.dll.html i umieść bezpośrednio na dysku C. Następnie podmień go za pomocą Replacera -> http://www.searchengines.pl/Replacer-t89288.html do lokalizacji C:\Windows\system32\sfc_os.dll
 
   
crooleeck 
Wymiata!


Pomógł: 22 razy
Skąd: Miedziana Dzioora...
Wysłany: 2009-11-29, 10:57   
Nazwa pliku: sfc_os.dll
Stan: Skanowanie zakończone. 0 z 21 skanerów zgłaszają wirusy.


Coś dziwnego się stało. Miałem GMER'a i OTL na dysku i wcięło je :?
_________________
#pctown.pl @ PolNet
http://crooleeck.jogger.pl/
 
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-11-29, 12:37   
Skoro plik podmieniony to powinno być ok.

Cytat:
Coś dziwnego się stało. Miałem GMER'a i OTL na dysku i wcięło je :?

Nic się dziwnego nie stało, po kliknięciu CleanUp zostają usunięte wszelkie narzędzia typu OTL, GMER, Combofix, Avenger itp.
_________________
 
   
crooleeck 
Wymiata!


Pomógł: 22 razy
Skąd: Miedziana Dzioora...
Wysłany: 2009-11-29, 13:58   
@Blade@ napisał/a:
Nic się dziwnego nie stało, po kliknięciu CleanUp zostają usunięte wszelkie narzędzia typu OTL, GMER, Combofix, Avenger itp.

A to spoko ;) Nie wiedziałem że tak to działa... A właśnie skoro problem już rozwiązany to pozwole sobie na offtopic edukacyjny. @Blade@ zauważyłem że często radzisz wyłączyć i włączyć przywracanie systemu. Dlaczego? Czemu to ma służyć? Pytam z ciekawości.
_________________
#pctown.pl @ PolNet
http://crooleeck.jogger.pl/
 
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-11-29, 15:28   
Dlatego, że często w folderach przywracania znajdują się kopie szkodników. Wyłączenie przywracania systemu opróżnia te foldery. I to cała filozofia :)
_________________
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Log HiJackThis 28.11.09
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,23 sekundy. Zapytań do SQL: 9