System się notorycznie zawiesza i wolno chodzi

[łysy82]

Proszę o sprawdzenie loga ponieważ tak jak w temacie system działa wolno i się zawiesza nawet przy uruchomionej tylko mozilli. Dodatkowo avira znalazł jakiś wirus i usunął składnik windowsa więc przy uruchamianiu pojawia się taki komunikat http://img146.imageshack.us/f/beztytuull.jpg/. System to windows xp.

Kod: Zaznacz wszystko

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 12:58:04
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160821AS rev.3.ALC
Running: n4w9c40z.exe; Driver: C:\DOCUME~1\Ja\USTAWI~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            BA6E21D6                                                                                              ZwCreateKey
SSDT            BA6E21CC                                                                                              ZwCreateThread
SSDT            BA6E21DB                                                                                              ZwDeleteKey
SSDT            BA6E21E5                                                                                              ZwDeleteValueKey
SSDT            BA6E21EA                                                                                              ZwLoadKey
SSDT            BA6E21B8                                                                                              ZwOpenProcess
SSDT            BA6E21BD                                                                                              ZwOpenThread
SSDT            BA6E21F4                                                                                              ZwReplaceKey
SSDT            BA6E21EF                                                                                              ZwRestoreKey
SSDT            BA6E21E0                                                                                              ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D6C                                                                  80504608 4 Bytes  JMP F8BA6E21
?               dshryr.sys                                                                                            Nie można odnaleźć określonego pliku. !
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                              section is writeable [0xB92A9000, 0x187662, 0xE8000020]
                C:\Program Files\CyberLink\PowerDVD\000.fcl                                                           entry point in "" section [0xA52F3000]
.clc            C:\Program Files\CyberLink\PowerDVD\000.fcl                                                           unknown last section [0xA52F4000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3044] ntdll.dll!LdrLoadDll                               7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                             Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x8E 0x33 0x3E 0x6C ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x8E 0x33 0x3E 0x6C ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION                  5D08DC9561129FC7857299F5D276EFCF9EA82A844DCECEC0D93685923EBA202BC89D8FBB0026A9061819C8CE1D7BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3D5E689C003AF40103BB666DF451DC1DA13DC8C12181094C39C116F5962D893AB5CD062A274BC263956FBD04269556E120B960787F54DBBAD64FF3B31BA5E8CB4BFE0BFB11696742B8ECC93930AC4199EBCA377FCF33593D0926D92BF5834FA30D412B984A8C1D0EB2FBD5565E577C499C514A7BBB49228852601B07CDF9C3460706AD481610EFBEC0883DE22E38BA783BD12BDA9CA33055A83B1CB2F99F243C3FE4EC1B683543CE92A2EFB1D15801B14376FD4D82334EE0F699D86008EE2194AB985A62EB9C4CBD4DFD72D3B1A52C06268AFD46314D1DEA9A805F8438453E613681F6B47CCE940D86F2DC9FE6EDEA09C8FE767FA02B8EB8661A51D8FDE556373F205B6B2D387AC34CFD5CB2BF683FD0856A49F3FBEAEC131E35E55982F694301A9DB224C327AFEC9E3DB0EABFAA8079A783ECE3230D52467F42E6492303FA690CC23CC3B74EB895F075ACEA1DB358A3F02968D229F7AE23B4D7B1AB6FF75D85D1004A6EB8C6F1532B8FBA1BC162C7F217DBDB8B5574C57D62B0B94B2DA9E4A89A684

---- EOF - GMER 1.0.15 ----


Logi z OTL:
Extras:
http://wklej.org/hash/4e4baf02f3b/
otl:
http://wklej.org/hash/82764c2103d/

[wojtas]

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Keyword Search) - {31A0D938-3055-46BA-8919-59E44E0D7E51} - File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Pulpit:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13

:Files
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\uTorrentBar
C] -- C:\Program Files\Conduit
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Conduit
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\ConduitEngine
C:\Program Files\uTorrentBar
C:\Program Files\ConduitEngine

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Uruchom SystemLook , w oknie wklej:

:filefind
sfc_os.dll

i dajesz look pokazujesz raport
Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

[łysy82]

log z systemlook:

Kod: Zaznacz wszystko

SystemLook 04.09.10 by jpshortstuff
Log created at 16:36 on 16/01/2011 by Ja
Administrator - Elevation successful

========== filefind ==========

Searching for "sfc_os.dll"
No files found.

-= EOF =-

Kod: Zaznacz wszystko

OTL logfile created on: 2011-01-16 16:46:06 - Run 2
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Documents and Settings\Ja\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,83 Gb Free Space | 19,61% Space Free | Partition Type: NTFS
Drive D: | 129,51 Gb Total Space | 7,39 Gb Free Space | 5,71% Space Free | Partition Type: NTFS

Computer Name: JA | User Name: Ja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-01-16 13:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe
PRC - [2011-01-03 16:32:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-01-03 16:32:38 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-01-03 16:32:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-12-11 17:22:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-12-11 17:22:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010-01-08 13:19:40 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2009-04-30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008-05-17 13:36:34 | 001,503,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-02 14:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-16 13:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-07-12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008-04-13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] --  -- (wscsvc)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [Auto | Stopped] --  -- (ERSvc)
SRV - File not found [On_Demand | Stopped] --  -- (CiSvc)
SRV - [2011-01-03 16:32:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-01-03 16:32:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-12-22 10:04:06 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009-04-30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008-05-17 13:41:39 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset)
SRV - [2006-11-02 14:24:32 | 000,184,320 | ---- | M] (VoyagerSoft, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-01-03 16:32:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-01-03 16:32:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-12-04 15:21:27 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010-12-03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-12-03 10:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-05-20 06:39:51 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010-05-20 06:39:51 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010-04-02 10:27:33 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010-02-11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-05-11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-16 12:53:20 | 000,340,736 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008-05-16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008-05-16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008-05-16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008-05-16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008-04-30 21:12:46 | 000,055,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008-04-30 21:12:46 | 000,042,048 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-04 09:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008-02-26 06:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-12-18 11:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007-11-02 23:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007-01-16 13:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2004-03-24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2001-08-23 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-23 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-796845957-57989841-1644491937-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.backup.ftp: "200.30.101.75"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "200.30.101.75"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.30.101.75"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.30.101.75"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "187.51.62.146"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "187.51.62.146"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "187.51.62.146"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "187.51.62.146"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "187.51.62.146"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-15 20:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-11 17:22:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-12-03 16:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Extensions
[2011-01-15 17:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions
[2010-05-14 09:00:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-12-05 14:37:58 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011-01-05 15:16:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-06-08 16:23:36 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\eafo3fflauncher@ea.com
[2010-07-25 11:13:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\foxyproxy@eric.h.jung
[2010-10-31 13:09:46 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\extensions\vshare@toolbar
[2011-01-15 17:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-26 20:01:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-26 20:01:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-02-15 10:59:14 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
[2010-04-26 20:01:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007-02-12 20:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
[2010-12-11 17:22:39 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-12-11 17:22:39 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-12-11 17:22:39 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-12-11 17:22:39 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-12-11 17:22:39 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-12-11 17:22:39 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-05-29 21:04:24 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKLM\..\Toolbar: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QT Lite\qttask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\.DEFAULT..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKU\S-1-5-18..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-18..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-13 10:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a887ad8-6434-11df-b0d1-0015af6e86c4}\Shell - "" = AutoRun
O33 - MountPoints2\{5a887ad8-6434-11df-b0d1-0015af6e86c4}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-01-16 16:32:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-01-16 13:14:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ja\Recent
[2011-01-16 13:02:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe
[2011-01-16 12:03:07 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Ja\Pulpit\SPTDinst-v162-x86.exe
[2011-01-15 17:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\FM Genie Scout 11
[2011-01-15 17:51:03 | 000,000,000 | ---D | C] -- C:\FM Genie Scout 11
[2011-01-03 22:35:22 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011-01-03 22:35:20 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-01-03 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011-01-03 22:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lavasoft
[2011-01-03 22:00:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011-01-02 11:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Dane aplikacji\PriceGong
[2010-12-23 00:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-12-23 00:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\temp
[2010-12-19 09:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\o takie o
[2010-08-21 20:01:29 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe41.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-01-16 16:43:53 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Ja\NTUSER.DAT
[2011-01-16 16:36:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-01-16 16:36:04 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\SystemLook.exe
[2011-01-16 16:34:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-01-16 16:34:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-16 16:32:57 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Ja\ntuser.ini
[2011-01-16 13:14:14 | 012,332,062 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-01-16 13:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe
[2011-01-16 12:07:45 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\n4w9c40z.exe
[2011-01-16 12:03:09 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Ja\Pulpit\SPTDinst-v162-x86.exe
[2011-01-16 10:43:36 | 000,033,456 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\bez tytułu.JPG
[2011-01-16 09:56:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-01-15 17:51:17 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FM Genie Scout 11.lnk
[2011-01-09 00:20:17 | 000,014,183 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\Rafał Dutkiewicz.docx
[2011-01-06 15:23:46 | 000,035,037 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\stosunki polsko-niemieckie.rtf
[2011-01-03 22:35:20 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-01-03 16:32:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-01-03 16:32:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010-12-28 10:06:47 | 001,146,878 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-12-28 10:06:47 | 000,530,400 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-12-28 10:06:47 | 000,467,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-12-28 10:06:47 | 000,101,160 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-12-28 10:06:47 | 000,080,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-01-16 16:36:07 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\SystemLook.exe
[2011-01-16 12:07:46 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\n4w9c40z.exe
[2011-01-16 10:43:36 | 000,033,456 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\bez tytułu.JPG
[2011-01-15 17:51:17 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FM Genie Scout 11.lnk
[2011-01-04 21:13:33 | 000,014,183 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\Rafał Dutkiewicz.docx
[2011-01-04 18:45:05 | 000,035,037 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\stosunki polsko-niemieckie.rtf
[2011-01-03 23:51:56 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011-01-03 22:40:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-12-26 11:55:46 | 000,266,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2010-12-04 14:01:10 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-11-18 21:37:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010-11-18 21:37:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010-11-18 21:37:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010-11-18 21:37:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010-06-08 16:28:03 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Ja\Dane aplikacji\PnkBstrK.sys
[2010-06-08 16:28:03 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-09-17 09:24:03 | 000,000,167 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009-05-25 21:46:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-25 17:07:25 | 000,001,246 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009-03-24 14:29:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-03-24 14:19:01 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008-11-29 12:09:13 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-21 16:54:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2008-11-15 10:40:13 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008-11-02 09:59:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008-10-20 20:24:19 | 000,067,320 | ---- | C] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-10-14 19:53:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-10-13 20:56:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2008-10-13 12:00:10 | 001,146,878 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008-10-13 12:00:09 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-13 11:59:41 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-13 10:51:55 | 012,332,062 | -H-- | C] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-10-13 10:36:55 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Ja\Dane aplikacji\desktop.ini
[2008-10-13 10:30:57 | 000,055,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008-10-13 10:30:22 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-10-13 10:30:17 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-10-13 10:30:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-13 10:30:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-10-13 10:30:14 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-13 10:14:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008-10-13 10:10:50 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008-10-13 10:10:50 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008-10-13 10:08:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2008-10-13 10:08:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2008-10-13 10:08:42 | 000,001,630 | ---- | C] () -- C:\WINDOWS\System32\metapath.ini
[2008-10-13 10:08:27 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008-10-13 10:08:04 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008-10-13 10:08:02 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008-09-16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-16 01:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-09-16 01:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-09-16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008-05-17 13:34:56 | 001,252,352 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2008-04-14 21:50:46 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2008-04-14 21:50:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008-04-14 21:50:32 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2008-04-14 21:50:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2008-04-13 21:51:34 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008-04-13 21:20:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008-04-13 21:19:58 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008-04-13 21:19:44 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008-04-13 21:19:44 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008-04-13 21:19:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008-04-13 21:19:40 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008-03-06 02:37:26 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-04-02 22:04:28 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001-08-23 13:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2001-08-23 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2001-08-23 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2001-08-23 13:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2001-08-23 13:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2001-08-23 13:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2001-08-23 13:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2001-08-23 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2001-08-23 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2001-08-23 13:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2001-08-23 13:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2001-08-23 13:00:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2001-08-23 13:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2001-08-23 13:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2001-08-23 13:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2001-08-23 13:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2001-08-23 13:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2001-08-23 13:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2001-08-23 13:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2001-08-23 13:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2001-08-23 13:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2001-08-23 13:00:00 | 000,000,617 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-08-23 13:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2001-08-23 13:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== LOP Check ==========[/color]

[2008-10-13 10:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\URSoft
[2008-10-13 10:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2008-10-13 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Xentient
[2009-12-10 15:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2010-08-21 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2010-05-20 18:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2008-10-28 08:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2009-12-10 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy
[2010-07-05 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FileOpen
[2010-09-18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2009-12-24 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hiro-Media
[2010-11-24 12:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-06-15 22:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Karen's Power Tools
[2008-10-20 12:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2009-06-06 15:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
[2009-09-17 09:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SolidDocuments
[2009-03-04 11:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2009-03-04 11:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-01-03 22:33:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2008-10-13 10:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\URSoft
[2008-10-13 10:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\uTorrent
[2008-10-13 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Xentient
[2009-03-12 12:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\2K Sports
[2009-01-12 22:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\AutoUpdate
[2010-05-20 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\DAEMON Tools Lite
[2010-07-05 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\FileOpen
[2011-01-16 12:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\foobar2000
[2008-10-14 06:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
[2010-09-18 08:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu 10
[2010-02-19 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GanymedeNet
[2009-08-18 12:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GetRightToGo
[2010-06-16 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0
[2010-11-30 14:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\ipla
[2008-11-30 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Jasc
[2009-01-10 17:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Leadertech
[2009-01-12 22:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Listonosz
[2009-01-19 11:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Mount&Blade
[2009-05-30 08:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Mp3tag
[2009-01-12 22:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Onet
[2008-10-13 18:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera
[2008-10-16 07:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Polcaster
[2011-01-16 12:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\PriceGong
[2010-01-17 09:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\RayV
[2010-11-24 13:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\RDRM
[2010-04-18 12:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Samsung
[2009-11-24 14:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SecondLife
[2010-12-16 12:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SolidDocuments
[2010-11-07 17:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Sports Interactive
[2010-06-13 13:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\StreamTorrent
[2009-12-06 12:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Thinstall
[2008-10-13 10:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\URSoft
[2011-01-16 00:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\uTorrent
[2008-10-13 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Xentient
[2011-01-16 16:36:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Dodano 16.01.2011 17:01:53:
Zapomniałem za pierwszym razem o logu z wykonania skryptu, więc czynność jeszcze raz powtórzyłem i teraz wklejam ten log. Mam nadzieję, że to w niczym nie przeszkadza

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-796845957-57989841-1644491937-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngin0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31A0D938-3055-46BA-8919-59E44E0D7E51}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31A0D938-3055-46BA-8919-59E44E0D7E51}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngin0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Registry value HKEY_USERS\S-1-5-21-796845957-57989841-1644491937-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\tbuTo1.dll not found.
Unable to delete ADS C:\Documents and Settings\All Users\Pulpit:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV .
Unable to delete ADS C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV .
Unable to delete ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 .
========== FILES ==========
File\Folder C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\uTorrentBar not found.
File\Folder C] -- C:\Program Files\Conduit not found.
File\Folder C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Conduit not found.
File\Folder C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\ConduitEngine not found.
File\Folder C:\Program Files\uTorrentBar not found.
File\Folder C:\Program Files\ConduitEngine not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ja
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18886969 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 144318 bytes

Total Files Cleaned = 18,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Ja
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.2 log created on 01162011_165708

Files\Folders moved on Reboot...
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\qrupuoqn.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

[wojtas]

pobierz i wypakuj na C:

http://www.sendspace.com/file/wael4k

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O3 - HKU\S-1-5-21-796845957-57989841-1644491937-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Files
C:\Program Files\Conduit

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
pobrane pliki wrzuć do C:\WINDOWS\system32\

zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) jak coś zobaczy pokaż raport na forum, i napisz jak sytuacja po zabiegach

[łysy82]

Jakaś mała poprawa w działaniu jest, ale wydaję mi się, że kiedyś działał szybciej, dużo szybciej poza tym dość mocno pracuje chłodznie Problem z brakiem składnika windowsa już naprawiony

Log z malwarebytes:

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Wersja bazy: 5533

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2011-01-16 20:56:29
mbam-log-2011-01-16 (20-56-29).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowano obiektów: 223132
Upłynęło: 1 godzin(y), 21 minut(y), 15 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 10
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 3

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CLASSES_ROOT\CLSID\{E5C7860B-FC70-4634-ACAB-C70DF2F5292A} (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5AA0041F-B508-4A51-85C7-B59FBCA8C750} (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{56629120-4142-4A6F-8477-D0BB63F64838} (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\torangcomz.TorangBand.1 (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\torangcomz.TorangBand (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31A0D938-3055-46BA-8919-59E44E0D7E51} (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31A0D938-3055-46BA-8919-59E44E0D7E51} (Adware.Torang) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\torangcomz.torangcomz (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\torangcomz.torangcomz.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Keyword Search (Adware.Agent) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
c:\documents and settings\Ja\Pulpit\plants vs. zombies\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\program files\keyword search\keywordsearchupdater.exe (Adware.Agent) -> Quarantined and deleted successfully.
d:\nero 8.3.2.1 pl\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[wojtas]

wirusów już nie masz , teraz :

1.Uruchom OTL z opcji sprzątanie.
2. wykonaj optymalizację Windowsa
4. Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6 Update 23

Jazda Jazda Jazda Biała Gwiazda!

Autor postu otrzymał pochwałę

[łysy82]

Dzięki, wszystko zrobione, ale ciągle łapie przywieszki. No nic, widocznie potrzebny będzie niedługo format. Co do Wisły to

Ps. Mógłbyś pomóc jeszcze pomóc mojej współlokatorce xmx? Ona to ma dopiero hardkor w systemie