Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Bardzo proszę o analizę loga z Hijackthis - help Poprzedni temat :: Następny temat
Bardzo proszę o analizę loga z Hijackthis - help
Autor Wiadomość
lordbarth

Wysłany: 2010-02-23, 18:22   Bardzo proszę o analizę loga z Hijackthis - help
Komp przeskanowany najnowszą bazą Avasta która nic nie wykryła ale dostawca internetu odłączył mi dostęp bo coś jednak mam na kompie - będę wdzięczny za szybką pomoc - korzystam z sieci gościnnie dlatego nie za bardzo mam możliwość wgłębienia sie bardziej w obsługę logów. Z góry dziękuję za pomoc:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:50, on 2010-02-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4271 bytes
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-23, 19:10   
Infekcja jest, ale podaj inne logi, z: OTL, GMER oraz System Repair Engineer
Ostatnio zmieniony przez @Blade@ 2010-02-23, 19:11, w całości zmieniany 1 raz  
 
   
WebCM 

Pomógł: 4 razy
Skąd: Polska
Wysłany: 2010-02-23, 19:10   
Masz rootkita. Wykasuj:

O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll

Zainstaluj SP3 i IE8 w celu poprawy bezpieczeństwa innych aplikacji i całego komputera.

Zaktualizuj Avasta: http://files.avast.com/ia...av_free_pol.exe - potem musisz go jeszcze skonfigurować, aby nie obciążał systemu (wyłącz animację ikony, dźwięki i inne niepotrzebne funkcje)

W autostarcie masz parę wpisów, które są zbędne: apdproxy.exe, QTTask.exe, Reader_sl.exe.
_________________
Przeciwdziałajmy coraz niższemu poziomowi polskiego Internetu i rozpustom.
 
 
   
lordbarth

Wysłany: 2010-02-23, 19:19   
Tu log z OTLa - pozostałe właśnie instaluję

OTL logfile created on: 2010-02-23 19:08:41 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 155,00 Mb Available Physical Memory | 61,00% Memory free
626,00 Mb Paging File | 384,00 Mb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 3,59 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - [2009-02-05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-02-05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-02-05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-02-05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-02-05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-02-05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-688789844-1060284298-1004\S-1-5-21-343818398-688789844-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]

[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-23 17:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-21 10:56:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-23 19:07:55 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-23 17:14:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 17:13:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 13:30:51 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-20 07:43:07 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-19 19:02:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-19 19:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-23, 19:25   
Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()

:Files
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
C:\RECYCLER
C:\Qoobox

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe Photo Downloader"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

:Commands
[emptytemp]
[reboot]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
 
   
lordbarth

Wysłany: 2010-02-23, 20:11   
W hijack... usunąłem rootkita o którym pisał WebCM, potem uruchomiłem Gmera ale zawiesił cały system - wyłączyłem na sztywno, zrobiłem w otlu jak pisał Blade a potem jeszcze skan SRE: poniżej logi po kolei:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe deleted successfully.
C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe deleted successfully.
C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
File move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.
========== FILES ==========
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings scheduled to be moved on reboot.
C:\RECYCLER\S-1-5-21-9914090254-0814283880-759407442-4864 folder moved successfully.
C:\RECYCLER\S-1-5-21-9856136618-2032780866-436601514-6789 folder moved successfully.
C:\RECYCLER\S-1-5-21-9047805137-9583058611-404940635-9657 folder moved successfully.
C:\RECYCLER\S-1-5-21-682003330-764733703-854245398-1003 folder moved successfully.
C:\RECYCLER\S-1-5-21-6079975476-8446808430-172924369-1736 folder moved successfully.
C:\RECYCLER\S-1-5-21-5850312421-1991430824-123109813-8958 folder moved successfully.
C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516 folder moved successfully.
C:\RECYCLER\S-1-5-21-343818398-688789844-1060284298-1004 folder moved successfully.
C:\RECYCLER\S-1-5-21-3204306752-0745215814-416467817-6082 folder moved successfully.
C:\RECYCLER\S-1-5-21-2781720372-9767588738-955256347-7753 folder moved successfully.
C:\RECYCLER\S-1-5-21-1502846540-6229800875-428045130-1999 folder moved successfully.
C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292 folder moved successfully.
C:\RECYCLER\S-1-5-21-0215402219-1417864543-360333368-6112 folder moved successfully.
C:\RECYCLER folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Photo Downloader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 314 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: KOMPUTEREK
->Temp folder emptied: 480413582 bytes
->Temporary Internet Files folder emptied: 150718276 bytes
->Java cache emptied: 10250769 bytes
->FireFox cache emptied: 52850426 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.ZARZĄDZANIE NT
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.ZARZĄDZANIE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119389 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21980633 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 684,00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 02232010_194414

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_590.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 2010-02-23 19:48:05 - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 28,00 Mb Available Physical Memory | 11,00% Memory free
626,00 Mb Paging File | 393,00 Mb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 4,25 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006-03-03 11:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - [2009-02-05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-02-05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-02-05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-02-05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-02-05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-02-05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-688789844-1060284298-1004\S-1-5-21-343818398-688789844-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]

[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-23 19:45:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-23 19:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-23 19:29:07 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE
[2010-02-23 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-21 10:56:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-02-23 19:47:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 19:47:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 19:46:07 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 19:46:07 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-20 07:43:07 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-19 19:02:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2010-02-23 19:28:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\gmer.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-19 19:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >


Kod:


2010-02-23,20:01:41

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TrackPointSrv><tp4mon.exe>  [(Verified)Microsoft Windows Publisher]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
    <WinlogonNotify: cbssreg><C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <Dostosowywanie przeglądarki><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Książka adresowa 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Aktualizacja pulpitu Windows><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[TL-WN321G Wireless Utility]
  <C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk --> C:\PROGRA~1\TP-LINK\TL-WN3~1\INSTAL~1\WINXP\TWCU.exe [TP-LINK TECHNOLOGIES CO., LTD.]><N>

==================================
Services
[Adobe Active File Monitor V5 / AdobeActiveFileMonitor5.0][Running/Auto Start]
  <C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe><N/A>
[Zarządzanie aplikacjami / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>

==================================
Drivers
[Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.4.3.0 / AegisP][Running/Auto Start]
  <System32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[aswFsBlk / aswFsBlk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Sterownik karty Intel(R) PRO / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[LT Modem Driver / ltmodem5][Running/Manual Start]
  <System32\DRIVERS\ltmdmnt.sys><LT>
[TL-WN321G Wireless USB Adapter Driver for Vista / netr73][Stopped/Manual Start]
  <System32\DRIVERS\netr73.sys><Ralink Technology Inc.>
[Sterownik urządzenia podczerwieni NSC / NSCIRDA][Running/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[TL-WN321G USB Wireless Adapter / RT73][Stopped/Manual Start]
  <System32\DRIVERS\rt73.sys><Ralink Technology, Corp.>
[S3SSavage / S3SSavage][Running/Manual Start]
  <system32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[SANDRA / SANDRA][Stopped/Manual Start]
  <\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Sandra.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sterownik filtru urządzenia TrackPoint IBM PS/2 / TwoTrack][Running/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[&Poszukaj]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_11]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_11.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, N/A>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, (Signed) N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_11]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>
[]
  {BF00E119-21A3-4FD1-B178-3B8537E75C92} <, >
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&ksport do programu Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[E&ksportuj do programu Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll]  [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\wpcnervd.dll]  [The GLib developer community, 2.22.3.0]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe]  [N/A, ]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / USŁUGA SIECIOWA][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / SYSTEM][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / USŁUGA SIECIOWA][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352 / KOMPUTEREK][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\wpcnervd.dll]  [The GLib developer community, 2.22.3.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\system32\sql.dll]  [WeOnlyDo! COM, 1, 0, 6, 11]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 8, 1335, 0]
[PID: 1380 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1335, 0]
[PID: 1496 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Polish\Base.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\asw5Ldr.dll]  [ALWIL Software, 1, 0, 0, 1]
[PID: 1620 / KOMPUTEREK][C:\WINDOWS\system32\tp4mon.exe]  [IBM Corporation, 6.03 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tp4res.dll]  [IBM Corporation, 6.03 (XPClient.010817-1148)]
[PID: 1628 / KOMPUTEREK][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Polish\Base.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Polish\Lang.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.6030.0]
    [c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 8, 1335, 0]
[PID: 1640 / KOMPUTEREK][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1656 / KOMPUTEREK][C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe]  [TP-LINK TECHNOLOGIES CO., LTD., 1, 1, 6, 0]
    [C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\AegisE5.dll]  [Meetinghouse Data Communications, 3, 3, 10, 0]
[PID: 412 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / SYSTEM][C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe]  [N/A, ]
    [C:\Program Files\Adobe\Photoshop Elements 5.0\platform.dll]  [Adobe Systems, Inc., 1, 0, 0, 1]
    [C:\Program Files\Adobe\Photoshop Elements 5.0\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Photoshop Elements 5.0\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1152 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.110.3]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 1504 / USŁUGA LOKALNA][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 536 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\Polish\Base.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 8, 1335, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 8, 1335, 0]
[PID: 2224 / SYSTEM][C:\WINDOWS\System32\wbem\wmiapsrv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532 / KOMPUTEREK][C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 1264 / KOMPUTEREK][C:\Documents and Settings\KOMPUTEREK\Pulpit\SREa43be4f1.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1656, C:\PROGRAM FILES\TP-LINK\TL-WN321G WIRELESS UTILITY\INSTALLER\WINXP\TWCU.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-23, 20:35   
Jeszcze nie wszystko się usunęło.
Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()

:Files
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp

:Commands
[reboot]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
_________________
 
   
lordbarth

Wysłany: 2010-02-23, 21:17   
wkleiłem i zrobiłem ale po restarcie nie zrobił sie log z naprawy, zrobiłem skan i log jest poniżej, wcześniej zainstalowałem tego nowego avasta i wykrył mi jakiegoś rootkita (chyba ws.exe) i pliki pravi.exe i autorun.exe na pamięci przenośnej której używam do komunikacji z tym forum... usunąłem wszystko.

OTL logfile created on: 2010-02-23 20:47:52 - Run 3
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 87,00 Mb Available Physical Memory | 34,00% Memory free
626,00 Mb Paging File | 461,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 4,12 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2010-02-11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006-03-03 11:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]

[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe) - C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe) - C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-23 20:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Alwil Software
[2010-02-23 19:45:52 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010-02-23 19:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-23 19:29:07 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE
[2010-02-23 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-02-23 20:44:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 20:43:58 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-23 20:43:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 20:42:50 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 20:42:50 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-23 20:18:37 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-02-11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-02-11 19:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2010-02-23 19:28:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\gmer.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-23, 22:08   
No i z powrotem się zainfekowałeś, prawdopodobnie z tej pamięci przenośnej. Niech będzie podpięta na czas usuwania.

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe) - C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe) - C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe ()

:Files
C:\RECYCLER
X:\RECYCLER

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

:Commands
[reboot]

Za "X" podstawiasz literkę, pod który jest widziana pamięć przenośna.
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
_________________
 
   
lordbarth

Wysłany: 2010-02-23, 22:51   
Przejechałem na wszelki wypadek jeszcze drugą pamięć którą mam, poniżej oba logi z naprawy i końcowy calości

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe deleted successfully.
File move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe deleted successfully.
File move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe scheduled to be moved on reboot.
========== FILES ==========
Folder move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921 scheduled to be moved on reboot.
C:\RECYCLER\S-1-5-21-343818398-688789844-1060284298-1004 folder moved successfully.
Folder move failed. C:\RECYCLER scheduled to be moved on reboot.
D:\RECYCLER folder moved successfully.
File\Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] not found.
File\Folder Shell"="explorer.exe not found.
File\Folder [HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] not found.
File\Folder Shell"= not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.30.1 log created on 02232010_222621

Files\Folders moved on Reboot...
File move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER scheduled to be moved on reboot.

Registry entries deleted on Reboot...


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe deleted successfully.
File move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe deleted successfully.
File move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe scheduled to be moved on reboot.
========== FILES ==========
C:\RECYCLER\S-1-5-21-4138631415-4389355727-539295853-9151 folder moved successfully.
Folder move failed. C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER scheduled to be moved on reboot.
D:\RECYCLER folder moved successfully.
File\Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] not found.
File\Folder Shell"="explorer.exe not found.
File\Folder [HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] not found.
File\Folder Shell"= not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.30.1 log created on 02232010_223304

Files\Folders moved on Reboot...
File\Folder C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe not found!
C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921 folder moved successfully.
C:\RECYCLER folder moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 2010-02-23 22:39:08 - Run 4
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 65,00 Mb Available Physical Memory | 25,00% Memory free
626,00 Mb Paging File | 447,00 Mb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 4,11 Gb Free Space | 11,04% Space Free | Partition Type: NTFS
Drive D: | 3,76 Gb Total Space | 3,66 Gb Free Space | 97,34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2010-02-11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006-03-03 11:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]

[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3881759978-5914370876-873215215-8390\nissan.exe) - C:\RECYCLER\S-1-5-21-3881759978-5914370876-873215215-8390\nissan.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3881759978-5914370876-873215215-8390\nissan.exe) - C:\RECYCLER\S-1-5-21-3881759978-5914370876-873215215-8390\nissan.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe) - C:\RECYCLER\S-1-5-21-3799985325-8226440994-533024976-0921\nissan.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-02-23 22:26:42 | 000,000,708 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{197c0a70-72f1-11de-b871-0019e0635050}\Shell\AutoRun\command - "" = D:\MIRKANE///vollee.exe -- [2010-02-23 13:17:32 | 000,216,576 | RHS- | M] ()
O33 - MountPoints2\{197c0a70-72f1-11de-b871-0019e0635050}\Shell\open\command - "" = D:\MIRKANE///vollee.exe -- [2010-02-23 13:17:32 | 000,216,576 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-23 22:38:30 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010-02-23 20:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Alwil Software
[2010-02-23 19:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-23 19:29:07 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE
[2010-02-23 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-02-23 22:35:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 22:35:11 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-23 22:35:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 22:33:13 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 22:33:13 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-23 20:18:37 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-02-11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-02-11 19:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2010-02-23 19:28:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\gmer.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-24, 15:29   
I znów się zainfekowałeś, pewnie z tej drugiej pamięci. Trzeba najpierw z nimi zrobić porządek, bo tak to nie ma sensu.
Z podpiętymi pamięciami przenośnymi użyj Flash Disinfector
Następnie wejdź w Start -> uruchom -> CMD -> wpisz polecenie:
X:
Za X podstawiasz literkę pod jaką jest widoczna pamięć przenośna.

Następnie wpisz polecenie w celu utworzenia raportu:
DIR /A:H >C:\LOG.TXT & start notepad C:\LOG.TXT
i podajesz tutaj zawartość C:\LOG.TXT

To samo robisz z drugą pamięcią, czyli dajesz 2 raporty.

Wtedy dopiero usuniemy za jednym razem ten syf z pamięci przenośnych i z kompa.
 
   
lordbarth

Wysłany: 2010-02-24, 21:17   
Wrzucam poniże logi z obu pamięci

Wolumin w stacji D to NOWY
Numer seryjny woluminu: 781C-8AB3

Katalog: D:\

2010-02-23 17:15 <DIR> MIRKANE
2010-01-10 13:30 <DIR> KLIZAVI
2010-01-25 17:42 <DIR> LIMUN
2010-01-27 16:54 <DIR> tvoj
2010-02-04 12:02 <DIR> SERATOR
2010-02-18 06:12 <DIR> SRCEMOJE
0 plik(ów) 0 bajtów
6 katalog(ów) 3 927 949 312 bajtów wolnych


Wolumin w stacji D to KINGSTON
Numer seryjny woluminu: A49C-0569

Katalog: D:\

2010-02-09 08:43 <DIR> VOLIMTE
2010-02-09 16:03 <DIR> SERATOR
2010-02-16 23:09 <DIR> sysusb
2010-02-23 18:29 <DIR> MIRKANE
2010-02-22 06:11 <DIR> SRCEMOJE
0 plik(ów) 0 bajtów
5 katalog(ów) 4 024 762 368 bajtów wolnych
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-02-24, 21:34   
No to jeszcze zapytam dla pewności, znasz te foldery:
Cytat:
2010-02-23 17:15 <DIR> MIRKANE
2010-01-10 13:30 <DIR> KLIZAVI
2010-01-25 17:42 <DIR> LIMUN
2010-01-27 16:54 <DIR> tvoj
2010-02-04 12:02 <DIR> SERATOR
2010-02-18 06:12 <DIR> SRCEMOJE


Cytat:
2010-02-09 08:43 <DIR> VOLIMTE
2010-02-09 16:03 <DIR> SERATOR
2010-02-16 23:09 <DIR> sysusb
2010-02-23 18:29 <DIR> MIRKANE
2010-02-22 06:11 <DIR> SRCEMOJE

znajdują się one na pamięciach przenośnych.
_________________
 
   
ExeQtoR 
Moderator



Pomógł: 36 razy
Skąd: K.P.
Wysłany: 2010-02-24, 23:38   
wy se gadu, gadu... a ja zapytam się albo poproszę o...

zawartość pliku "Autorun.inf" z każdego pena -> jak jest jakiś robal... to ten plik modyfikował i na bank widać go tam jak na dłoni ;) )))

PS: otwiera go się jak plik tekstowy, to taki sam plik jak txt tyle ze pełni funkcje autostartowe w systemie ;) ))
_________________
Moderatora grzecznie się słuchamy,
nie spamujemy, nie bluzgamy...

 
 
   
lordbarth

Wysłany: 2010-02-24, 23:46   
Panowie sprawa jest taka że oczywiście folderów tych na pamięciach nie rozpoznaję i ich nie dodawałem, mało tego są ukryte, próbowąłem orbić niedawno formaty pamięci ale jakieś idace procesy nie pozwoliły, ale tym czasem akcja jest taka że nie wiem jak zainstalował mi sie program Security tool i opowiada brednie o istniejących wirusach zasypujących komp i nalega żebym sie nim posłużył, nie uwierzyłem mu, na próbę wyłączenia wyskakują kolejne tabelki itp... do menadżera procesów mnie nie wpuścił, uruchomiłem w awarujnym z siecią i sie okazało ze to jakiś wirus, ściągam combofixa bo pisza zeby go tym usunąć... mam nadzieję że robię dobrze...

[ Dodano: 2010-02-25, 00:39 ]
Combofix usunął - a przynajmniej tak przeczytałem to coś, poniżej logi z combofixa i od razu z otla... a nawiasem mówiąc to aż mnie strach zbiera jak taki komp na przyszłość zabezpieczać, bo przecież sie nie odetnę od sieci i nie przestanę wymieniać ze znajomymi różnymi danymi na pendrivach...

ComboFix 10-02-24.01 - KOMPUTEREK 2010-02-24 23:57:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.255.93 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator.LORD\Pulpit\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Dane aplikacji\67136326
c:\documents and settings\All Users.WINDOWS\Dane aplikacji\67136326\67136326.exe
c:\documents and settings\KOMPUTEREK\Menu Start\Programy\Security Tool.lnk
c:\documents and settings\KOMPUTEREK\Pulpit\Security Tool.lnk
C:\LOG.TXT
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\Backups\Backup_17-37-16_7-3-2009.reg
c:\program files\Error Repair Professional\Backups\Backup_8-4-55_9-3-2009.reg
c:\recycler\S-1-5-21-3881759978-5914370876-873215215-8390
C:\resycled
C:\Thumbs.db
c:\windows\system32\ieuinit.inf
c:\windows\system32\win32.dll
c:\windows\Temp\_ex-08.exe

Zainfekowana kopia c:\windows\system32\DRIVERS\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty ate it :p
.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 22:33 . 2010-02-24 22:33 -------- d-----w- c:\documents and settings\Administrator.LORD
2010-02-24 22:33 . 2008-09-23 18:57 -------- d--h--w- c:\documents and settings\Administrator.LORD\Szablony
2010-02-23 19:16 . 2010-02-23 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Alwil Software
2010-02-23 18:44 . 2010-02-23 18:44 -------- d-----w- C:\_OTL
2010-02-23 16:45 . 2010-02-23 16:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 19:23 . 2009-03-10 18:04 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-03-10 18:05 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2009-03-10 18:04 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2009-03-10 18:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2009-03-10 18:05 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2009-03-10 18:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2009-03-10 18:05 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2009-03-10 18:05 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2009-03-10 18:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2009-03-10 18:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-07 12:00 . 2008-10-12 18:31 -------- d-----w- c:\documents and settings\KOMPUTEREK\Dane aplikacji\BESTplayer
2010-02-06 08:42 . 2007-08-10 17:37 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-01-15 18:41 . 2010-01-15 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\espionServerData
2009-12-08 19:29 . 2009-11-24 18:00 79488 ----a-w- c:\documents and settings\KOMPUTEREK\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [2004-08-03 82432]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-9-23 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-03-10 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-10 19024]
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-09-23 255488]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 00:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]
@DACL=(02 0000)
@="{5F226421-415D-408D-9A09-0DCD94E25B48}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroIEHelper.AcroIEHlprObj"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,60,60,ec,3c,83,9c,94,04,d2,17,6b,e3,09,85,9e,62,27,78,75,08,
f3,4c,13,87,bf,e8,69,da,e9,76,1a,13,ac,a6,17,2b,39,1e,c6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ae01f09c-8604-41b8-8972-176fcf12be88}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ad
"Therad"=dword:00000007
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\tp4mon.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-25 00:21:46 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-24 23:21

Przed: 4 200 325 120 bajtów wolnych
Po: 4 120 932 352 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DFBEB14A76FFF6E27F532E051C671A2F




OTL logfile created on: 2010-02-25 00:25:47 - Run 5
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 81,00 Mb Available Physical Memory | 32,00% Memory free
626,00 Mb Paging File | 473,00 Mb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 3,85 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2010-02-11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006-03-03 11:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
PRC - [2004-08-03 23:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-02-11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]

[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-24 12:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-24 12:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-02-25 00:11:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-02-24 21:07:11 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-24 23:51:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-02-24 23:49:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-02-24 23:49:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-02-24 23:49:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-02-24 23:49:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-02-24 23:46:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-24 21:07:11 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010-02-23 20:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Alwil Software
[2010-02-23 19:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-23 19:29:07 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE
[2010-02-23 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-02-25 00:11:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-25 00:11:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-25 00:11:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-25 00:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-25 00:09:29 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-25 00:09:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-24 23:55:37 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-24 23:51:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-02-24 21:03:21 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Flash_Disinfector.exe
[2010-02-23 20:18:37 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-02-11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-02-11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-02-11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-02-11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-02-11 19:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-02-11 19:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-02-11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-02-11 19:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2010-02-24 23:51:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-02-24 23:51:48 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-02-24 23:49:03 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-24 23:49:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-02-24 23:49:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-02-24 23:49:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-24 23:49:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-02-24 21:03:20 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Flash_Disinfector.exe
[2010-02-23 19:28:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\gmer.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Bardzo proszę o analizę loga z Hijackthis - help
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,65 sekundy. Zapytań do SQL: 10