Komputer wolno chodzi

[ulises50]

Witam

Mam problem z kompem. Od jakiegoś czasu nie mogłem zaktualizować bazy wirusów w programie AVG, nie odpalał Total Comander, wiersz poleceń systemu Windows, program regedit. Windows czesto korzystał z pliku stron i bardzo wolno chodził. Miałem zamiar przeinstalować system ale wczoraj użyłem programu ComboFix i narazie wygląda, że wszystko wróciło do normy. Jednak nie jestem pewien czy zostały usunięte wszystkie szkodliwe wpisy. Proszę o przejrzenie mojego loga z programu Rist.

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomek at 2009-06-12 00:27:41
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 1 GB (13%) free of 10 GB
Total RAM: 1279 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:56, on 2009-06-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\UpsPilot\Winpower.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\UpsPilot\wpRMI.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Opera\Opera.exe
D:\INSTALKI\RSIT.exe
D:\INSTALKI\HiJackThis\Tomek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mks.com.pl
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Winpowermanager - Macrovision - C:\PROGRA~1\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - Macrovision - C:\PROGRA~1\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - Macrovision - C:\PROGRA~1\UpsPilot\wpRMI.exe

--
End of file - 7183 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2009-06-11 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
ChrisTV Add-on Toolbar - C:\Program Files\ChrisTV_Add-on\tbChri.dll [2009-01-20 1881112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-29 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-06-11 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]
{1192a62b-4dbc-4d1f-b54e-d820a1be76be} - ChrisTV Add-on Toolbar - C:\Program Files\ChrisTV_Add-on\tbChri.dll [2009-01-20 1881112]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-06-11 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"=C:\Program Files\Creative\ShareDLL\CtNotify.exe [2001-12-26 191488]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2005-10-04 975941]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
"Winpower"=C:\Program Files\UpsPilot\Winpower.exe [2008-09-01 114688]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-29 1932568]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2009-06-11 278264]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-06-11 1655552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EdHTML"=C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe [2003-03-24 1443328]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2005-10-04 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe [2001-11-29 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-29 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\INSTALKI\eMule\eMule0.48a\emule.exe"="D:\INSTALKI\eMule\eMule0.48a\emule.exe:*:Enabled:eMule"
"C:\Program Files\Canon\CSCLIB\CDPROCMN.EXE"="C:\Program Files\Canon\CSCLIB\CDPROCMN.EXE:*:Disabled:Canon Digital Camera SDK main server EXE"
"C:\Program Files\Canon\CSCLIB\CDPROC.EXE"="C:\Program Files\Canon\CSCLIB\CDPROC.EXE:*:Disabled:Canon Digital Camera SDK CDPROC EXE"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\INSTALKI\totalcmd\TOTALCMD.EXE"="D:\INSTALKI\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit -
.js - open - "C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" "%1"

======List of files/folders created in the last 1 months======

2009-06-12 00:27:41 ----D---- C:\rsit
2009-06-11 22:59:59 ----A---- C:\WINDOWS\system32\cssdll32.dll
2009-06-11 22:59:56 ----D---- C:\Program Files\AskSBar
2009-06-11 22:58:23 ----D---- C:\Documents and Settings\Tomek\Dane aplikacji\Comodo
2009-06-11 22:58:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\comodo
2009-06-11 22:58:20 ----A---- C:\WINDOWS\system32\guard32.dll
2009-06-11 22:58:13 ----D---- C:\Program Files\COMODO
2009-06-11 15:14:59 ----A---- C:\ComboFix.txt
2009-06-11 15:00:10 ----A---- C:\Boot.bak
2009-06-11 15:00:05 ----RASHD---- C:\cmdcons
2009-06-11 14:40:01 ----A---- C:\WINDOWS\zip.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\SWSC.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\SWREG.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\sed.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\PEV.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-11 14:40:01 ----A---- C:\WINDOWS\grep.exe
2009-06-11 14:39:55 ----D---- C:\WINDOWS\ERDNT
2009-06-11 14:39:11 ----D---- C:\Qoobox
2009-06-11 00:05:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-10 23:51:27 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-10 23:09:35 ----D---- C:\Config.Msi
2009-06-01 19:41:26 ----SHD---- C:\FOUND.001
2009-05-28 22:47:04 ----SHD---- C:\FOUND.000
2009-05-14 22:06:45 ----D---- C:\Unreal Commander
2009-05-14 20:11:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2009-05-13 21:38:04 ----A---- C:\WINDOWS\Applian FLV Player Uninstall Log.txt

======List of files/folders modified in the last 1 months======

2009-06-12 00:25:18 ----A---- C:\WINDOWS\ModemLog_ED77 modem.txt
2009-06-11 23:33:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-11 15:16:56 ----A---- C:\WINDOWS\WINCMD.INI
2009-06-11 15:12:52 ----A---- C:\WINDOWS\system.ini
2009-06-11 15:00:12 ----RASH---- C:\boot.ini
2009-06-10 22:30:46 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-29 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-30 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-30 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-06-11 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-06-11 24208]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-07-31 30080]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 799744]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
R3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-20 57404]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtApm;Sterownik interfejsu NT Apm/Legacy; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-26 9600]
S3 sermouse;Sterownik myszy szeregowej; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-26 17920]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sterownik filtru USB Sony (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005-10-04 172032]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-10 376832]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-29 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-29 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-06-11 519936]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 Winpowermonitor;Winpowermonitor; C:\PROGRA~1\UpsPilot\monitor.exe [2008-09-01 114688]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 WinpowerRMI;WinpowerRMI; C:\PROGRA~1\UpsPilot\wpRMI.exe [2008-09-01 114688]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-06-10 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Winpowermanager;Winpowermanager; C:\PROGRA~1\UpsPilot\manager.exe [2008-09-01 114688]

-----------------EOF-----------------


[wojtas]

Pobierz OTL i daj z niego loga

[ulises50]

Oto log z OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2009-06-13 12:41:15 - Run 1
OTL by OldTimer - Version 2.1.1.0     Folder = D:\INSTALKI
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,25 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 58,92% Memory free
1,86 Gb Paging File | 1,39 Gb Available in Paging File | 74,69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,76 Gb Total Space | 1,40 Gb Free Space | 14,34% Space Free | Partition Type: FAT32
Drive D: | 9,76 Gb Total Space | 1,63 Gb Free Space | 16,67% Space Free | Partition Type: FAT32
Drive E: | 17,73 Gb Total Space | 13,74 Gb Free Space | 77,51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TB-FF0E15E99441
Current User Name: Tomek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2004-06-10 22:44:56 | 00,376,832 | ---- | M] () -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005-10-04 00:18:02 | 00,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009-06-12 21:40:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009-06-11 22:58:14 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe
PRC - [2008-12-13 22:28:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-10-20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-06-12 21:41:30 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009-06-12 21:41:06 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [2009-06-12 21:41:02 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2001-12-26 02:00:00 | 00,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CtNotify.exe
PRC - [2005-10-04 00:18:02 | 00,975,941 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2008-12-13 22:28:30 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\Winpower.exe
PRC - [2002-04-30 02:00:00 | 00,167,424 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [2005-07-15 23:48:34 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2009-06-11 23:00:00 | 00,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
PRC - [2008-09-01 19:14:44 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\UpsPilot\jre\bin\javaw.exe
PRC - [2009-06-12 21:41:22 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\wpRMI.exe
PRC - [2008-09-01 19:14:44 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\UpsPilot\jre\bin\javaw.exe
PRC - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\monitor.exe
PRC - [2008-09-01 19:14:44 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\UpsPilot\jre\bin\javaw.exe
PRC - [2009-06-13 12:38:02 | 00,501,760 | ---- | M] (OldTimer Tools) -- D:\INSTALKI\OTL.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2005-10-04 00:18:02 | 00,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004-06-10 22:44:56 | 00,376,832 | ---- | M] () -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004-06-10 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009-06-12 21:41:02 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009-06-12 21:40:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-06-11 22:58:14 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-12-13 22:28:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008-10-20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\manager.exe -- (Winpowermanager [On_Demand | Stopped])
SRV - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\monitor.exe -- (Winpowermonitor [Auto | Running])
SRV - [2008-09-01 19:15:12 | 00,114,688 | ---- | M] (Macrovision) -- C:\Program Files\UpsPilot\wpRMI.exe -- (WinpowerRMI [On_Demand | Running])
SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2005-05-27 13:51:26 | 00,799,744 | R--- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
DRV - [2004-06-10 22:57:04 | 00,746,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009-06-12 21:41:26 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009-06-12 21:41:30 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009-06-12 21:41:00 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009-06-11 22:58:14 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009-06-11 22:58:14 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2006-08-11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2006-08-11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2005-11-10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2006-08-11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2006-08-11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006-08-11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004-04-20 10:04:56 | 00,024,209 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Running])
DRV - [2004-04-20 10:05:10 | 00,057,404 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Running])
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006-08-11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2006-08-11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2006-08-11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2009-06-11 22:58:14 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2004-08-03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2001-08-17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001-10-26 16:48:56 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NtApm.sys -- (NtApm [On_Demand | Stopped])
DRV - [2006-08-11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2004-07-17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007-07-31 20:19:58 | 00,096,032 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2007-07-31 20:20:02 | 00,030,080 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2007-07-31 20:20:02 | 00,247,008 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
IE - URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-789336058-436374069-854245398-1003\S-1-5-21-789336058-436374069-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ChrisTV Add-on Toolbar) - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (ChrisTV Add-on Toolbar) - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - C:\Program Files\ChrisTV_Add-on\tbChri.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - C:\Program Files\ChrisTV_Add-on\tbChri.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run (Creative Technology Ltd.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Winpower] C:\Program Files\UpsPilot\Winpower.exe (Macrovision)
O4 - HKU\S-1-5-21-789336058-436374069-854245398-1003..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none (Binboy Software)
O4 - HKU\S-1-5-21-789336058-436374069-854245398-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-436374069-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-789336058-436374069-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 -  File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..Trusted Domains: com.pl ([mks] http in Zaufane witryny)
O15 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cssdll32.dll) - C:\WINDOWS\system32\cssdll32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll -  File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-07-30 23:48:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2003-07-31 18:00:26 | 00,000,000 | ---D | M]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-13 11:56:07 | 00,054,014 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Redan.pdf
[2009-06-12 00:27:41 | 00,000,000 | ---D | C] -- C:\rsit
[2009-06-11 23:31:55 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\COMODO Firewall Pro.lnk
[2009-06-11 22:59:59 | 00,249,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2009-06-11 22:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\AskSBar
[2009-06-11 22:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Comodo
[2009-06-11 22:58:20 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009-06-11 22:58:20 | 00,087,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009-06-11 22:58:20 | 00,079,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009-06-11 22:58:20 | 00,024,208 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009-06-11 22:58:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\comodo
[2009-06-11 22:58:13 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009-06-11 15:15:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\temp
[2009-06-11 15:00:10 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-06-11 15:00:08 | 00,262,400 | ---- | C] () -- C:\cmldr
[2009-06-11 15:00:05 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-06-11 14:40:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-06-11 14:40:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-06-11 14:40:01 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009-06-11 14:40:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-06-11 14:40:01 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-06-11 14:40:01 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-06-11 14:40:01 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-06-11 14:40:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-06-11 14:39:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-06-11 14:39:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-06-10 23:51:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009-06-10 23:12:26 | 13,417,06240 | -HS- | C] () -- C:\hiberfil.sys
[2009-06-10 23:09:35 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009-06-09 23:34:53 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Trudne słówka.doc
[2009-06-01 19:41:26 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009-05-28 22:47:04 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009-05-28 20:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Moje dokumenty\Dom-wezel cieplny
[2009-05-27 21:15:02 | 01,245,119 | ---- | C] () -- C:\Documents and Settings\Tomek\Moje dokumenty\mapa.zip
[2009-05-15 21:04:37 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Winamp.lnk
[2009-05-14 20:11:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2009-04-13 23:06:13 | 00,000,169 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-01-20 15:35:45 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008-11-13 22:21:46 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-11-13 22:21:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-01 19:15:14 | 00,060,156 | ---- | C] () -- C:\WINDOWS\System32\jspWinNm.DLL
[2008-09-01 19:15:14 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\smemory.dll
[2008-09-01 19:15:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\jspWinRni.DLL
[2008-09-01 19:15:14 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll
[2008-09-01 19:15:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2008-09-01 19:15:14 | 00,035,992 | ---- | C] () -- C:\WINDOWS\System32\jspWinRnia.DLL
[2008-08-28 16:18:46 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008-08-28 16:18:45 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008-07-11 13:33:51 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-04-08 23:01:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-02-23 13:48:15 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008-02-23 13:48:14 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007-12-30 13:35:04 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007-12-30 13:35:04 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007-11-14 05:57:54 | 00,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2007-07-31 20:07:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\Urmcfg32.dll
[2007-07-31 20:07:15 | 00,028,672 | ---- | C] () -- C:\WINDOWS\msiosd32.dll
[2007-07-31 20:07:15 | 00,024,576 | ---- | C] () -- C:\WINDOWS\Urmcln32.dll
[2007-07-31 20:07:15 | 00,017,446 | ---- | C] () -- C:\WINDOWS\Urmcfg16.dll
[2007-07-31 20:07:15 | 00,014,320 | ---- | C] () -- C:\WINDOWS\Msiosd16.dll
[2007-07-31 20:07:15 | 00,009,792 | ---- | C] () -- C:\WINDOWS\Urmcln16.dll
[2007-07-31 20:07:15 | 00,000,314 | ---- | C] () -- C:\WINDOWS\MMKeybd.ini
[2007-07-31 20:07:15 | 00,000,263 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2007-07-31 15:13:20 | 00,000,882 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-07-31 15:01:11 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-07-31 00:19:26 | 00,000,199 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007-07-31 00:19:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007-07-31 00:18:46 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007-07-31 00:18:31 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006-08-11 14:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006-05-23 12:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005-06-16 18:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004-08-03 23:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-06-11 01:27:12 | 00,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2003-04-10 15:00:06 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2002-08-01 23:39:16 | 00,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002-04-21 20:30:14 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-04-02 00:16:30 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-04-02 00:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-04-02 00:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001-07-21 22:16:20 | 00,000,621 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 22:15:52 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 17:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998-03-22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-13 12:02:12 | 00,000,882 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2009-06-13 11:56:08 | 00,054,014 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Redan.pdf
[2009-06-13 11:47:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\desktop.ini
[2009-06-13 11:47:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-06-13 11:47:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-06-13 00:40:36 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-00521102}.rfx
[2009-06-13 00:40:36 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000008-00001102-00000004-00521102}.rfx
[2009-06-13 00:40:36 | 00,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-00521102}.rfx
[2009-06-13 00:40:36 | 00,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-00521102}.rfx
[2009-06-13 00:40:36 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000008-00001102-00000004-00521102}.rfx
[2009-06-13 00:40:36 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009-06-13 00:40:36 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009-06-13 00:03:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-06-12 23:57:54 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Tomek\Moje dokumenty\Login do Estrada i Studio Online.doc
[2009-06-12 23:26:38 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-06-12 23:26:36 | 00,000,621 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-06-12 23:26:36 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-06-12 21:41:32 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009-06-12 21:41:30 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009-06-12 21:41:26 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009-06-12 21:41:00 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009-06-11 23:31:56 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\COMODO Firewall Pro.lnk
[2009-06-11 23:00:00 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2009-06-11 22:58:14 | 00,143,104 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009-06-11 22:58:14 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009-06-11 22:58:14 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009-06-11 22:58:14 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009-06-10 23:12:28 | 13,417,06240 | -HS- | M] () -- C:\hiberfil.sys
[2009-06-09 23:34:54 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Trudne słówka.doc
[2009-06-08 08:10:12 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009-05-27 21:16:26 | 01,245,119 | ---- | M] () -- C:\Documents and Settings\Tomek\Moje dokumenty\mapa.zip
[2009-05-26 19:38:48 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2009-05-14 20:11:40 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 7.0.lnk
< End of report >


[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-789336058-436374069-854245398-1003\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)

:Files
C:\Program Files\AskSBar
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\ERDNT
C:\Qoobox

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .


1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

[ulises50]

Dzięki za odpowiedź.
Udało mi się dobrnąć do końca tych wskazówek.

Oto log z Kaspersky skaner:

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
poniedziałek, 15 czerwiec 2009
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Monday, June 15, 2009 04:22:51
Liczba wpisów: 2344327
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Statystyki skanowania:
   Przeskanowanych plików: 70146
   Nazwa zagrożenia: 2
   Zainfekowanych obiektów: 3
   Podejrzanych obiektów: 0
   Czas skanowania: 05:20:08


Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Identities\{279DEC18-9978-4E6B-9708-F20AEE1DF193}\Microsoft\Outlook Express\Elementy usunięte.dbx   Zainfekowany: Trojan.Win32.Inject.abnx   1
D:\INSTALKI\Filmy\DivXPro502GAINBundle.exe   Zainfekowany: not-a-virus:AdWare.Win32.Gator.3202   1
D:\Kopie\Outlook Express\Elementy usunięte.dbx   Zainfekowany: Trojan.Win32.Inject.abnx   1

Wybrany obszar został przeskanowany.


Pliki usunołem programem Malwarebytes za pomocą opcji FileASSASSIN. Mam nadzieje, że to o tą opcję chodziło.

[wojtas]

juz jest czysto