ADVERTISEMENT

OTL.Txt

Jak usunąć wirusa XP Internet Security z systemu Windows XP?

() -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\787s705df802d73826t8d () -- C:\Documents and Settings\All Users\Dane aplikacji\787s705df802d73826t8d -Nie znajduje tych folderów nawet po odznaczeniu opcji ukrytych i systemowych. -mbam znalazł 6 infekcji, wszystkie usunięto -cureit nie wykrył nic -po wykonaniu skryptu OTLem wydaje się, że wszystko jest juz OK


Download file - link to post

OTL logfile created on: 2011-04-21 12:26:18 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = H:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 12,32 Gb Free Space | 61,62% Space Free | Partition Type: NTFS
Drive D: | 34,78 Gb Total Space | 4,69 Gb Free Space | 13,49% Space Free | Partition Type: NTFS
Drive E: | 129,05 Gb Total Space | 95,03 Gb Free Space | 73,64% Space Free | Partition Type: NTFS
Drive F: | 546,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 2,53 Gb Total Space | 2,51 Gb Free Space | 99,10% Space Free | Partition Type: NTFS

Computer Name: GREJT | User Name: Tomek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-04-21 00:51:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011-03-26 12:11:36 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Programy\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-03-23 23:55:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Programy\Mozilla Firefox\firefox.exe
PRC - [2011-01-17 18:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- E:\Programy\Open office\program\soffice.exe
PRC - [2011-01-17 18:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- E:\Programy\Open office\program\soffice.bin
PRC - [2010-12-12 13:27:07 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Programy\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-12-12 13:27:07 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Programy\Avira\AntiVir Desktop\sched.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Programy\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- E:\Programy\Gadu-Gadu\gg.exe
PRC - [2006-11-13 16:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- E:\Programy\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 16:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- E:\Programy\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-06-06 14:23:08 | 001,183,744 | ---- | M] (IVT Corporation) -- E:\Program IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2005-04-06 17:03:28 | 000,110,592 | ---- | M] () -- E:\Program IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004-12-14 15:44:06 | 000,029,696 | R--- | M] (Adobe Systems Incorporated) -- E:\Programy\Adobe Reader\Reader\reader_sl.exe
PRC - [2004-10-10 19:21:20 | 000,208,896 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\razertra.exe
PRC - [2004-10-10 19:17:52 | 000,102,400 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\razerhid.exe
PRC - [2004-02-26 00:27:12 | 000,122,880 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\razerofa.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-04-21 00:51:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- E:\Programy\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-03-26 12:11:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programy\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-12-12 13:27:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programy\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-12-10 17:52:00 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005-04-06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- E:\Program IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-03-26 12:11:37 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-03-15 18:03:07 | 000,665,600 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2011-03-15 18:03:07 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010-12-12 13:27:07 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-12-10 17:32:29 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010-12-10 17:30:46 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Programy\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2005-05-31 16:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005-05-31 10:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005-04-30 15:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005-03-25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005-03-04 05:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004-10-19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-10-09 12:37:56 | 000,039,832 | ---- | M] (Razer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\razerusb.sys -- (razerusb)
DRV - [2004-09-14 18:18:42 | 000,007,168 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\razerlow.sys -- (Razerlow)
DRV - [2002-04-26 13:04:16 | 000,095,484 | ---- | M] (DATOM Dariusz Cielebąk) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS -- (Kmm4xNT)
DRV - [2001-08-17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: " "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://www.onet.pl "
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: firefox-ext@youtubekeep.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..network.proxy.backup.ftp: " 213.0.88.85 "
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: " 184.106.150.219 "
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: " 213.0.88.85 "
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: " 213.0.88.85 "
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: " 213.0.88.85 "
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: " 184.106.150.219 "
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: " 213.0.88.85 "
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: " 213.0.88.85 "
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: " 213.0.88.85 "
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\Programy\Mozilla Firefox\components [2011-03-23 23:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\Programy\Mozilla Firefox\plugins [2011-03-23 23:55:33 | 000,000,000 | ---D | M]

[2010-12-10 17:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Extensions
[2011-04-07 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\7g6rogfo.default\extensions
[2010-12-10 17:01:29 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\7g6rogfo.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010-12-25 03:58:29 | 000,000,000 | ---D | M] (YouTube Video Downloader) -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\7g6rogfo.default\extensions\firefox-ext@youtubekeep.com
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMEK\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\7G6ROGFO.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2010-12-25 04:00:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-12-25 04:17:22 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-25 04:00:50 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Programy\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)
O4 - HKCU..\Run: [Gadu-Gadu] E:\Programy\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [H/PC Connection Agent] E:\Programy\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk = E:\Program IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
O4 - Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = E:\Programy\Open office\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = E:\Programy\Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E & ksportuj do programu Microsoft Excel - E:\Programy\Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij & do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programy\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programy\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-12-10 16:43:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-05-25 18:03:05 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-04-21 11:53:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-04-21 11:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-04-21 11:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-04-21 11:53:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-04-21 00:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011-04-21 00:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Menu Start\Programy\Lavasoft Ad-aware 6
[2011-04-20 23:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011-04-20 23:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Avira
[2011-04-16 14:07:49 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Tomek\Pulpit\DTLite4402-0131(dobreprogramy.pl).exe
[2011-04-15 20:22:01 | 129,076,152 | ---- | C] ( ) -- C:\Documents and Settings\Tomek\Pulpit\CyberLink.2701(Ultra_Free_DVD110221-01.exe
[2011-04-15 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\OpenOffice.org
[2011-04-15 14:02:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\OpenOffice.org 3.3
[2011-04-15 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Menu Start\Programy\Advanced Word Repair
[2011-04-09 09:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Pulpit\norma
[2011-04-09 09:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Ahead
[2011-04-08 22:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero
[2011-04-08 22:36:10 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2011-04-08 22:36:10 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2011-04-08 22:35:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2011-04-08 22:35:52 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2011-04-08 22:35:52 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2011-04-08 22:35:52 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2011-04-08 22:35:52 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2011-04-08 22:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011-04-08 22:35:51 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011-03-28 21:21:46 | 000,000,000 | ---D | C] -- C:\Poker
[2011-03-22 16:35:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2011-03-22 16:35:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011-03-22 16:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Athenasoft
[2011-03-22 16:34:03 | 000,095,484 | ---- | C] (DATOM Dariusz Cielebąk) -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS
[2011-03-22 16:34:03 | 000,024,576 | ---- | C] (DATOM Dariusz Cielebąk) -- C:\WINDOWS\System32\KMM4XNTD.DLL

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-04-21 12:24:32 | 000,200,989 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-04-21 12:23:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-21 12:18:19 | 000,015,474 | -HS- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\787s705df802d73826t8d
[2011-04-21 12:18:19 | 000,015,474 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\787s705df802d73826t8d
[2011-04-21 11:53:31 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-04-21 00:40:40 | 000,000,581 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011-04-21 00:08:14 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Ad-watch 3.0.lnk
[2011-04-21 00:08:14 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Ad-aware 6.0.lnk
[2011-04-20 17:56:14 | 372,505,636 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Kuba.Wojewodzki.S13E08.PL.HDTV.XviD.avi
[2011-04-19 22:34:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-04-19 17:14:43 | 057,111,716 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\ustaw_router_dc.avi
[2011-04-18 21:51:03 | 000,000,870 | ---- | M] () -- C:\WINDOWS\System32\acad.err
[2011-04-17 15:02:48 | 000,002,173 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\AutoCAD 2008.lnk
[2011-04-16 20:10:20 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2011-04-16 14:07:52 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Tomek\Pulpit\DTLite4402-0131(dobreprogramy.pl).exe
[2011-04-15 20:36:02 | 129,076,152 | ---- | M] ( ) -- C:\Documents and Settings\Tomek\Pulpit\CyberLink.2701(Ultra_Free_DVD110221-01.exe
[2011-04-15 19:23:56 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-15 14:42:50 | 000,523,264 | ---- | M] () -- C:\Documents and Settings\Tomek\Moje dokumenty\Rescue1.asd
[2011-04-15 14:04:41 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
[2011-04-15 14:02:00 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.3.lnk
[2011-04-15 13:37:07 | 000,519,680 | ---- | M] () -- C:\Documents and Settings\Tomek\Moje dokumenty\Rescue.asd
[2011-04-14 21:14:40 | 182,906,880 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Rodzinka.pl.S01E15-TRODAT.avi
[2011-04-14 15:36:12 | 182,839,296 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Rodzinka.pl.S01E16-TRODAT.avi
[2011-04-13 23:18:25 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-10 12:21:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-08 23:00:48 | 000,000,322 | ---- | M] () -- C:\WINDOWS\VPlayer.INI
[2011-04-04 22:47:09 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\3010_6010_HB_ASTRA_cyfra_tnk_C+NL_24.03.2011_polskie radio czworka.bin
[2011-04-04 14:48:21 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\dobra.bin
[2011-04-03 18:47:54 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011-03-27 10:11:50 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-03-27 10:11:50 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-27 10:11:50 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-03-27 10:11:50 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-27 08:29:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\3010 & 6010_eeprom_C+_HotBird_20-03-2011_@macho.bin
[2011-03-27 08:28:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\3010 & 6010_eeprom_TnK_HotBird_19-03-2011_macho@@@.bin
[2011-03-26 12:11:37 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-03-24 22:45:14 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Norma Pro.lnk
[2011-03-22 16:42:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\6010 Radkoski HB Astra Astra 2 Astra 4.bin

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-04-21 11:53:31 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-04-21 00:02:42 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Ad-watch 3.0.lnk
[2011-04-21 00:02:42 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Ad-aware 6.0.lnk
[2011-04-20 23:30:11 | 000,015,474 | -HS- | C] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\787s705df802d73826t8d
[2011-04-20 23:30:11 | 000,015,474 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\787s705df802d73826t8d
[2011-04-20 17:15:54 | 372,505,636 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Kuba.Wojewodzki.S13E08.PL.HDTV.XviD.avi
[2011-04-19 17:14:35 | 057,111,716 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\ustaw_router_dc.avi
[2011-04-16 00:14:52 | 182,839,296 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Rodzinka.pl.S01E16-TRODAT.avi
[2011-04-15 14:40:11 | 000,523,264 | ---- | C] () -- C:\Documents and Settings\Tomek\Moje dokumenty\Rescue1.asd
[2011-04-15 14:04:41 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk
[2011-04-15 14:02:00 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.3.lnk
[2011-04-15 13:34:25 | 000,519,680 | ---- | C] () -- C:\Documents and Settings\Tomek\Moje dokumenty\Rescue.asd
[2011-04-14 20:43:47 | 182,906,880 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Rodzinka.pl.S01E15-TRODAT.avi
[2011-04-09 09:21:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-04-04 16:21:24 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\3010 & 6010_eeprom_HotBird_TNK_FTA_INNE_softy 8.xx_2011.bin
[2011-04-04 16:19:11 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\6010 Radkoski HB Astra Astra 2 Astra 4.bin
[2011-04-04 16:18:52 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\3010 & 6010_eeprom_C+_HotBird_20-03-2011_@macho.bin
[2011-04-04 16:17:57 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\3010 & 6010_eeprom_TnK_HotBird_19-03-2011_macho@@@.bin
[2011-04-04 14:38:14 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\dobra.bin
[2011-04-04 14:09:10 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\3010_6010_HB_ASTRA_cyfra_tnk_C+NL_24.03.2011_polskie radio czworka.bin
[2011-03-28 21:21:55 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\William Hill Poker.lnk
[2011-03-24 22:45:14 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Norma Pro.lnk
[2011-03-23 23:55:34 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-03-15 18:03:07 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011-03-15 18:01:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\rm-win.ini
[2011-01-17 14:30:24 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2011-01-17 14:30:23 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2010-12-24 20:40:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tomek\Dane aplikacji\$_hpcst$.hpc
[2010-12-20 20:17:34 | 000,000,581 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010-12-17 00:10:01 | 000,000,322 | ---- | C] () -- C:\WINDOWS\VPlayer.INI
[2010-12-13 16:02:31 | 000,001,379 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2010-12-10 17:33:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-12-10 17:32:29 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2010-12-10 17:30:50 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-10 17:30:46 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd6269.sys
[2010-12-10 17:30:18 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-10 17:19:40 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-12-10 17:00:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-12-10 16:49:55 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010-12-10 16:49:55 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010-12-10 16:49:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-12-10 16:49:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-12-10 16:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-12-10 16:49:43 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010-12-10 16:49:43 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010-12-10 16:49:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010-12-10 16:47:39 | 000,003,185 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-12-10 16:47:38 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010-12-10 16:44:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-12-10 16:43:38 | 000,050,105 | ---- | C] () -- C:\WINDOWS\activ.exe
[2010-12-10 16:40:18 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-10-07 14:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-07 14:33:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-10-07 14:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-07 14:33:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-10-07 14:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-07 14:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-07 14:33:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-10-07 14:33:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-10-07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-04-14 23:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-12-20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004-12-20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2001-10-26 18:15:16 | 000,448,004 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 18:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 18:15:16 | 000,074,230 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 18:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-17 23:30:24 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-17 23:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-17 23:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-17 23:30:22 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-17 23:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-22 00:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-22 00:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-22 00:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

& lt; End of report & gt;