Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem z LogonInit.dll i userInit.dll


  • This topic is locked This topic is locked
14 replies to this topic

#1 Sinpo18

Sinpo18

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 14 October 2010 - 03:01 PM

Mam problem bo niewiem jak to usunac ;p mianowicie mialem hacka w tibi i wydaje mi sie ze to przez te 2 pliki mialem tego hacka. Zamieszczam scana ComboFixem czekam na dalsze instrukcje ;p

hxxp://wklejto.pl/79324 << haslo: sinpo18

Edited by Orange Blossom, 14 October 2010 - 05:40 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 15 October 2010 - 01:12 PM

Witaj Sinpo18!!.. smile.gif

Po Polsku na anglojęzycznym forum? ;)

Ok, przejdźmy do rzeczy...

Byłoby łatwiej jeśli umieściłbyś log bezpośrednio w temacie - na przyszłość po prostu je wklej tutaj a nie na zewnętrznym serwisie...

Masz sztucznie modyfikowany Windows (za pomocą nLite?), stąd takie różne dziwne informacje w logu:

QUOTE
c:\\windows\\system32\\midimap.dll . . . jest zainfekowany!!

Plik jest ok - wynik modyfikacji systemu...

QUOTE
[-] 2009-07-24 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\\windows\\system32\\drivers\\tcpip.sys

[-] 2009-03-05 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\\windows\\system32\\winlogon.exe

[-] 2009-06-26 . 946665FA0CC98F57E1023CD21F149D8B . 642560 . . [5.1.2600.3099] . . c:\\windows\\system32\\user32.dll

[-] 2009-12-09 . A9BD5F368966EA709A4BFF992F583F07 . 1705984 . . [6.00.2900.5512] . . c:\\windows\\explorer.exe

[-] 2009-04-02 . D9792BC366FDD8D3DABA7EB20BE114BB . 1571840 . . [5.1.2600.5512] . . c:\\windows\\system32\\sfcfiles.dll

Również przy modyfikowanym Windows musimy pominąć...

QUOTE
c:\\windows\\System32\\ctfmon.exe ... - brak elementu !!
c:\\windows\\System32\\regsvc.dll ... - brak elementu !!

Przy modyfikowanym, tak jak u ciebie, systemie takie coś również jest rzeczą normalną....

QUOTE
Notify-LogonInit - logonInit.dll

Widoczny plik, o którym wspominasz - jakiś skaner antywirusowy usunął sam plik, ComboFix usunął tylko wpis w rejestrze...

Czy instrukcje mogą być podawane po angielsku??.. (byłoby znacznie szybciej dla mnie)

Jeśli tak, wykonaj poniższe instrukcje... Jeśli angielski jest problemem, napisz - przetłumaczę...
Po wykonaniu instrukcji wklej logi w temacie (jeśli się nie zmieszczą, użyj 2 postów)...

Najpierw,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Upewnij się, że pod: Rejestr - skan dodatkowy jest zaznaczone: Użyj filtrowania
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Potem musimy na jakiś czas zdeaktywować sterownik umulujący napędy wirtualne (sptd.sys zainstalowane przez DaemonTools),
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

A na końcu,
Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the Desktop.

Open the program - you should see the Rootkit / Malware tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Important: Close any open programs/windows!
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 15 October 2010 - 05:17 PM

Skan z OTL

OTL logfile created on: 2010-10-16 00:03:31 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting              1536 3072      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1536 3072      end_of_the_skype_highlighting [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,09 Gb Free Space | 55,48% Space Free | Partition Type: NTFS
Drive D: | 62,95 Gb Total Space | 60,71 Gb Free Space | 96,43% Space Free | Partition Type: NTFS

Computer Name: BLACKV8 | User Name: Arkadiusz Wilk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-10-16 00:00:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-09-16 21:25:10 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-09-16 21:25:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-09 15:40:54 | 001,705,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-04-13 14:39:20 | 000,049,152 | ---- | M] (artArmin) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
PRC - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-02-20 11:06:58 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe


========== Modules (SafeList) ==========

MOD - [2010-10-16 00:00:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008-04-14 20:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-03-05 12:09:41 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2008-02-20 11:14:52 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006-03-03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ARKADI~1\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2010-08-05 16:06:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-06-29 20:59:17 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2009-06-29 20:59:07 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-02-20 11:11:16 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-02-20 11:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-02-20 11:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}:2.7.1.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&apn_uid=019483D4-7ED3-41A2-802B-35011460F050&apn_ptnrs=UG&apn_sauid=4DA46427-E99F-4460-9991-6699D3C5525A&apn_dtid=YYYYYYYYPL&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-25 12:32:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-14 22:55:14 | 000,000,000 | ---D | M]

[2010-07-01 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Extensions
[2010-10-15 23:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions
[2010-07-20 17:22:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-09-28 20:06:16 | 000,000,000 | ---D | M] (Softonic-Polska Toolbar) -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2010-08-05 16:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\DTToolbar@toolbarnet.com
[2010-10-15 18:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\toolbar@ask.com
[2010-10-15 18:59:35 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\askcom.xml
[2010-06-08 11:30:50 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\conduit.xml
[2010-08-05 16:06:28 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\daemon-search.xml
[2010-10-15 23:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 23:07:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-09-10 13:37:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-10 13:37:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-10 13:37:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-10 13:37:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-10 13:37:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-10 13:37:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-10-14 22:20:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon.exe ()
O4 - HKCU..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\bwrd.lnk = C:\jxlservice.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Arkadiusz Wilk\Menu Start\Programy\Autostart\Styler.lnk = C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\LogonInit.dll ()
O24 - Desktop Components:0 (BieĹĽÄ…ca strona gĹ‚ówna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-07-01 10:38:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010-10-15 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Robin Hood (2010) UNRATED DVDRip XviD-MAXSPEED
[2010-10-15 19:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\FILMY
[2010-10-15 17:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-10-14 22:57:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-10-14 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-10-14 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-10-14 22:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010-10-14 22:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010-10-14 22:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010-10-14 22:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ime
[2010-10-14 22:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010-10-14 21:39:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-10-14 21:36:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-10-14 21:36:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-10-14 21:36:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-10-14 21:36:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-10-14 21:36:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-10-13 22:54:13 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010-10-13 22:54:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010-10-13 22:54:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010-10-13 22:53:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010-10-13 17:40:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Recent
[2010-09-30 17:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2010-09-30 17:12:44 | 001,145,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010-09-30 17:12:44 | 000,237,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010-09-30 17:12:44 | 000,237,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2010-09-30 17:12:41 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2010-09-30 14:54:38 | 000,029,696 | ---- | C] (Asprate) -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Tibia Multi-Client Patcher.exe
[2010-09-28 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\ipla
[2010-09-28 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-09-28 20:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Conduit
[2010-09-28 20:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-09-28 20:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Softonic-Polska
[2010-09-28 20:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic-Polska
[2010-09-28 20:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\ipla
[2010-09-28 18:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Image Zone Express
[2010-09-27 23:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Moje zeskanowane obrazy
[2010-09-22 16:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Uniblue
[2010-09-22 13:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Downloads
[2010-09-22 13:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010-09-22 13:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010-09-22 13:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\uTorrent
[2010-09-20 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\ElvenSoft
[2010-09-18 17:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\TibiaTestserver
[2010-09-18 16:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaTestserver
[2010-09-18 12:23:44 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010-09-16 20:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\HP
[2010-09-16 20:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP
[2010-09-16 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010-09-16 20:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010-09-16 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010-09-16 20:18:18 | 000,048,128 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll054.dll
[2010-09-16 20:17:12 | 000,282,680 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010-09-16 20:17:12 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010-09-16 20:17:12 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010-09-16 20:17:12 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010-09-16 20:17:12 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010-09-16 20:17:12 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010-09-16 20:17:11 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010-09-16 20:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010-09-16 20:08:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2005-11-26 20:23:22 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.WIA.dll

========== Files - Modified Within 30 Days ==========

[2010-10-16 00:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-15 23:59:07 | 000,000,227 | ---- | M] () -- C:\Program Files\Common Files\userInit.dll
[2010-10-15 23:08:35 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-15 18:39:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-15 18:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-14 22:58:30 | 000,075,961 | ---- | M] () -- C:\WINDOWS\System32\langs.xml
[2010-10-14 22:56:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-10-14 22:20:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-10-14 22:10:13 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ComboFix.exe.lnk
[2010-10-14 21:39:34 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2010-10-14 08:38:36 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-13 23:37:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-13 23:35:50 | 000,497,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-10-13 23:35:50 | 000,438,750 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-10-13 23:35:50 | 000,087,244 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-10-13 23:35:50 | 000,069,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-09-29 21:12:43 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Nowy Dokument sformatowany.rtf
[2010-09-29 20:05:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010-09-27 23:24:19 | 367,790,432 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\skanuj0001.tif
[2010-09-22 13:36:33 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-09-18 20:00:49 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010-09-16 20:36:15 | 000,120,279 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010-09-16 20:29:26 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Photosmart Essential.lnk
[2010-09-16 20:27:26 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-09-16 20:26:48 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk

========== Files Created - No Company Name ==========

[2010-10-14 22:56:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-10-14 22:10:13 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ComboFix.exe.lnk
[2010-10-14 21:39:34 | 000,000,205 | ---- | C] () -- C:\Boot.bak
[2010-10-14 21:39:33 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2010-10-14 21:36:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-10-14 21:36:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-10-14 21:36:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-10-14 21:36:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-10-14 21:36:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-10-13 23:30:30 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-09-29 20:05:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-09-29 20:04:40 | 000,002,437 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Nowy Dokument sformatowany.rtf
[2010-09-27 23:23:42 | 367,790,432 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\skanuj0001.tif
[2010-09-22 16:41:38 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System\Mss32.dll
[2010-09-22 13:37:08 | 000,000,252 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-09-22 13:36:32 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-09-16 20:29:26 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Photosmart Essential.lnk
[2010-09-16 20:27:26 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-09-16 20:26:48 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-09-16 20:18:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010-09-16 20:03:48 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2010-09-16 20:00:40 | 000,120,279 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010-07-26 00:48:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2010-07-25 19:56:05 | 000,000,227 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll
[2010-07-25 16:02:16 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\LogonInit.dll
[2010-07-21 13:49:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-07-02 00:18:43 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-01 12:30:34 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-07-01 11:52:41 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-07-01 11:52:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-07-01 11:52:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-07-01 11:52:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010-07-01 11:52:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010-07-01 10:40:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-01 10:40:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-07-01 10:40:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-07-01 10:40:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-07-01 10:40:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-13 18:20:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008-08-24 17:38:56 | 000,099,480 | ---- | C] () -- C:\WINDOWS\System32\ShellExtension_x64.dll
[2008-08-24 17:38:54 | 000,093,336 | ---- | C] () -- C:\WINDOWS\System32\ShellExtension_x86.dll
[2008-08-24 17:38:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\Squish_x86.dll
[2008-08-24 17:38:50 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\Squish_x86_SSE2.dll
[2008-08-24 17:38:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\Squish_x64.dll
[2008-02-20 11:11:16 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2001-07-07 03:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-07-01 10:38:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-01 10:33:09 | 000,000,205 | ---- | M] () -- C:\Boot.bak
[2010-10-14 21:39:34 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2010-10-14 22:21:45 | 000,019,205 | ---- | M] () -- C:\ComboFix.txt
[2010-07-01 10:38:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-07-24 22:50:35 | 000,000,130 | ---- | M] () -- C:\ffsync.cfg
[2010-07-01 10:38:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-07-01 10:38:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 20:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-13 22:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-10-15 18:38:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"RebootRelaunchTimeout" = 120
"RebootRelaunchTimeoutEnabled" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-13 21:37:44

< End of report >
OTL logfile created on: 2010-10-16 00:03:31 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,09 Gb Free Space | 55,48% Space Free | Partition Type: NTFS
Drive D: | 62,95 Gb Total Space | 60,71 Gb Free Space | 96,43% Space Free | Partition Type: NTFS

Computer Name: BLACKV8 | User Name: Arkadiusz Wilk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-10-16 00:00:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-09-16 21:25:10 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-09-16 21:25:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-09 15:40:54 | 001,705,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-04-13 14:39:20 | 000,049,152 | ---- | M] (artArmin) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
PRC - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-02-20 11:06:58 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe


========== Modules (SafeList) ==========

MOD - [2010-10-16 00:00:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008-04-14 20:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-03-05 12:09:41 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2008-02-20 11:14:52 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-02-20 11:08:46 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006-03-03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ARKADI~1\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2010-08-05 16:06:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-06-29 20:59:17 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2009-06-29 20:59:07 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-02-20 11:11:16 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-02-20 11:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-02-20 11:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Polska Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}:2.7.1.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&apn_uid=019483D4-7ED3-41A2-802B-35011460F050&apn_ptnrs=UG&apn_sauid=4DA46427-E99F-4460-9991-6699D3C5525A&apn_dtid=YYYYYYYYPL&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-25 12:32:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-14 22:55:14 | 000,000,000 | ---D | M]

[2010-07-01 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Extensions
[2010-10-15 23:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions
[2010-07-20 17:22:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-09-28 20:06:16 | 000,000,000 | ---D | M] (Softonic-Polska Toolbar) -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}
[2010-08-05 16:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\DTToolbar@toolbarnet.com
[2010-10-15 18:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\extensions\toolbar@ask.com
[2010-10-15 18:59:35 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\askcom.xml
[2010-06-08 11:30:50 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\conduit.xml
[2010-08-05 16:06:28 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Mozilla\Firefox\Profiles\oshbltuy.default\searchplugins\daemon-search.xml
[2010-10-15 23:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 23:07:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-09-10 13:37:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-10 13:37:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-10 13:37:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-10 13:37:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-10 13:37:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-10 13:37:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-10-14 22:20:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon.exe ()
O4 - HKCU..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\bwrd.lnk = C:\jxlservice.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Arkadiusz Wilk\Menu Start\Programy\Autostart\Styler.lnk = C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\LogonInit.dll ()
O24 - Desktop Components:0 (BieĹĽÄ…ca strona gĹ‚ówna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-07-01 10:38:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010-10-15 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Robin Hood (2010) UNRATED DVDRip XviD-MAXSPEED
[2010-10-15 19:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\FILMY
[2010-10-15 17:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-10-14 22:57:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-10-14 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-10-14 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-10-14 22:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010-10-14 22:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010-10-14 22:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010-10-14 22:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010-10-14 22:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ime
[2010-10-14 22:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010-10-14 21:39:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-10-14 21:36:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-10-14 21:36:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-10-14 21:36:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-10-14 21:36:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-10-14 21:36:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-10-13 22:54:13 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010-10-13 22:54:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010-10-13 22:54:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010-10-13 22:53:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010-10-13 17:40:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Recent
[2010-09-30 17:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2010-09-30 17:12:44 | 001,145,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010-09-30 17:12:44 | 000,237,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010-09-30 17:12:44 | 000,237,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2010-09-30 17:12:41 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2010-09-30 14:54:38 | 000,029,696 | ---- | C] (Asprate) -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Tibia Multi-Client Patcher.exe
[2010-09-28 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\ipla
[2010-09-28 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-09-28 20:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Conduit
[2010-09-28 20:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-09-28 20:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\Softonic-Polska
[2010-09-28 20:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic-Polska
[2010-09-28 20:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\ipla
[2010-09-28 18:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Image Zone Express
[2010-09-27 23:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Moje zeskanowane obrazy
[2010-09-22 16:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\Uniblue
[2010-09-22 13:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Downloads
[2010-09-22 13:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010-09-22 13:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010-09-22 13:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\uTorrent
[2010-09-20 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\ElvenSoft
[2010-09-18 17:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\TibiaTestserver
[2010-09-18 16:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaTestserver
[2010-09-18 12:23:44 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010-09-16 20:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arkadiusz Wilk\Dane aplikacji\HP
[2010-09-16 20:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP
[2010-09-16 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010-09-16 20:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010-09-16 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010-09-16 20:18:18 | 000,048,128 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzll054.dll
[2010-09-16 20:17:12 | 000,282,680 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010-09-16 20:17:12 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010-09-16 20:17:12 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010-09-16 20:17:12 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010-09-16 20:17:12 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010-09-16 20:17:12 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010-09-16 20:17:11 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010-09-16 20:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010-09-16 20:08:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2005-11-26 20:23:22 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.WIA.dll

========== Files - Modified Within 30 Days ==========

[2010-10-16 00:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-15 23:59:07 | 000,000,227 | ---- | M] () -- C:\Program Files\Common Files\userInit.dll
[2010-10-15 23:08:35 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-15 18:39:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-15 18:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-14 22:58:30 | 000,075,961 | ---- | M] () -- C:\WINDOWS\System32\langs.xml
[2010-10-14 22:56:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-10-14 22:20:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-10-14 22:10:13 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ComboFix.exe.lnk
[2010-10-14 21:39:34 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2010-10-14 08:38:36 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-13 23:37:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-13 23:35:50 | 000,497,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-10-13 23:35:50 | 000,438,750 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-10-13 23:35:50 | 000,087,244 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-10-13 23:35:50 | 000,069,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-09-29 21:12:43 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Nowy Dokument sformatowany.rtf
[2010-09-29 20:05:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010-09-27 23:24:19 | 367,790,432 | ---- | M] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\skanuj0001.tif
[2010-09-22 13:36:33 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-09-18 20:00:49 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010-09-16 20:36:15 | 000,120,279 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010-09-16 20:29:26 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Photosmart Essential.lnk
[2010-09-16 20:27:26 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-09-16 20:26:48 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk

========== Files Created - No Company Name ==========

[2010-10-14 22:56:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-10-14 22:10:13 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ComboFix.exe.lnk
[2010-10-14 21:39:34 | 000,000,205 | ---- | C] () -- C:\Boot.bak
[2010-10-14 21:39:33 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2010-10-14 21:36:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-10-14 21:36:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-10-14 21:36:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-10-14 21:36:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-10-14 21:36:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-10-13 23:30:30 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-09-29 20:05:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-09-29 20:04:40 | 000,002,437 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\Nowy Dokument sformatowany.rtf
[2010-09-27 23:23:42 | 367,790,432 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Pulpit\skanuj0001.tif
[2010-09-22 16:41:38 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System\Mss32.dll
[2010-09-22 13:37:08 | 000,000,252 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-09-22 13:36:32 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-09-16 20:29:26 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Photosmart Essential.lnk
[2010-09-16 20:27:26 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-09-16 20:26:48 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-09-16 20:18:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010-09-16 20:03:48 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2010-09-16 20:00:40 | 000,120,279 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010-07-26 00:48:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2010-07-25 19:56:05 | 000,000,227 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll
[2010-07-25 16:02:16 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\LogonInit.dll
[2010-07-21 13:49:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-07-02 00:18:43 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Arkadiusz Wilk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-01 12:30:34 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-07-01 11:52:41 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-07-01 11:52:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-07-01 11:52:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-07-01 11:52:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010-07-01 11:52:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010-07-01 10:40:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-07-01 10:40:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-07-01 10:40:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-07-01 10:40:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-07-01 10:40:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-13 18:20:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008-08-24 17:38:56 | 000,099,480 | ---- | C] () -- C:\WINDOWS\System32\ShellExtension_x64.dll
[2008-08-24 17:38:54 | 000,093,336 | ---- | C] () -- C:\WINDOWS\System32\ShellExtension_x86.dll
[2008-08-24 17:38:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\Squish_x86.dll
[2008-08-24 17:38:50 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\Squish_x86_SSE2.dll
[2008-08-24 17:38:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\Squish_x64.dll
[2008-02-20 11:11:16 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2001-07-07 03:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-07-01 10:38:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-01 10:33:09 | 000,000,205 | ---- | M] () -- C:\Boot.bak
[2010-10-14 21:39:34 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2010-10-14 22:21:45 | 000,019,205 | ---- | M] () -- C:\ComboFix.txt
[2010-07-01 10:38:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-07-24 22:50:35 | 000,000,130 | ---- | M] () -- C:\ffsync.cfg
[2010-07-01 10:38:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-07-01 10:38:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 20:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-13 22:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-10-15 18:38:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"RebootRelaunchTimeout" = 120
"RebootRelaunchTimeoutEnabled" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-13 21:37:44

< End of report >

Edited by Sinpo18, 15 October 2010 - 05:32 PM.


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 15 October 2010 - 06:29 PM

Witaj ponownie Sinpo18!!.. smile.gif

Wklej proszę także drugą cześć loga z OTL - Extras.txt (bo OTL.txt zostało wklejone 2 razy)...
Jeśli się uda wykonać skanowanie Gmer'em, wklej także log...

Całość sprawdzę w niedzielę (sobota poza domem)...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 October 2010 - 03:14 AM

Sorki wczoraj chcialo mi sie spac dlatego 1 scana dlaem tylko masz tutaj tego drugiego z otl a nizej z Gmera:

OTL Extras logfile created on: 2010-10-16 00:03:31 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Arkadiusz Wilk\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 500,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 27,09 Gb Free Space | 55,48% Space Free | Partition Type: NTFS
Drive D: | 62,95 Gb Total Space | 60,71 Gb Free Space | 96,43% Space Free | Partition Type: NTFS

Computer Name: BLACKV8 | User Name: Arkadiusz Wilk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Don HO don.h@free.fr)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Don HO don.h@free.fr)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Don HO don.h@free.fr)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Don HO don.h@free.fr)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Don HO don.h@free.fr)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Don HO don.h@free.fr)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Don HO don.h@free.fr)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Don HO don.h@free.fr)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Don HO don.h@free.fr)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Don HO don.h@free.fr)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Don HO don.h@free.fr)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Don HO don.h@free.fr)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Don HO don.h@free.fr)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Don HO don.h@free.fr)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Don HO don.h@free.fr)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Don HO don.h@free.fr)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Dostosuj] -- ieshwiz.exe (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [opennew] -- explorer.exe %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6943:TCP" = 6943:TCP:*:Enabled:League of Legends Launcher
"6943:UDP" = 6943:UDP:*:Enabled:League of Legends Launcher
"6928:TCP" = 6928:TCP:*:Enabled:League of Legends Launcher
"6928:UDP" = 6928:UDP:*:Enabled:League of Legends Launcher
"6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher
"6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher
"6969:TCP" = 6969:TCP:*:Enabled:League of Legends Launcher
"6969:UDP" = 6969:UDP:*:Enabled:League of Legends Launcher
"6935:TCP" = 6935:TCP:*:Enabled:League of Legends Launcher
"6935:UDP" = 6935:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Documents and Settings\Arkadiusz Wilk\Pulpit\League of Legends\Air\LolClient.exe" = C:\Documents and Settings\Arkadiusz Wilk\Pulpit\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Documents and Settings\Arkadiusz Wilk\Pulpit\League of Legends\Game\League of Legends.exe" = C:\Documents and Settings\Arkadiusz Wilk\Pulpit\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Tibiacast\Tibiacast Client.exe" = C:\Program Files\Tibiacast\Tibiacast Client.exe:*:Enabled:Tibiacast Client -- (Silver Squirrel Software HB)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\ElvenSoft\NeoBot\NeoBot.exe" = C:\Program Files\ElvenSoft\NeoBot\NeoBot.exe:*:Enabled:NeoBot -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ElfBot NG8.54\navserv.exe" = C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ElfBot NG8.54\navserv.exe:*:Enabled:navserv -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{40CE1515-E77A-4BDD-9899-8DDA2D3592A5}" = Tibiacast
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"C-Media Audio" = C-Media 3D Audio
"CPLBonus" = Kels' CPL Bonus Pack!
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"ElfBot NG_is1" = ElfBot NG 4.5.9
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Gadu-Gadu 10" = Gadu-Gadu 10
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"ipla" = ipla 2.1.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.0a Light (32-bit)
"Softonic-Polska Toolbar" = Softonic-Polska Toolbar
"Tibia Testserver_is1" = Tibia Testserver
"TMIPC" = Tibia MULTI-ip changer
"uTorrent" = µTorrent
"Vista Drive Icon" = Vista Drive Icon 1.4
"Visual Task Tips" = Visual Task Tips 3.4
"VLC media player" = VLC media player 1.1.3
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Sidebar" = Windows Sidebar
"WinRAR archiver" = Archiwizator WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-07-01 04:45:39 | Computer Name = BLACKV8 | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Błąd 2004.
Method SHGetFolderPath failed. HRESULT: 0x80004005.

Error - 2010-07-01 04:45:39 | Computer Name = BLACKV8 | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Błąd 2004.
Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.

Error - 2010-07-01 04:51:23 | Computer Name = BLACKV8 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-07-28 09:58:53 | Computer Name = BLACKV8 | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-07-28 09:58:53 | Computer Name = BLACKV8 | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-07-31 05:12:12 | Computer Name = BLACKV8 | Source = ESENT | ID = 494
Description = Catalog Database (1076) Odzyskiwanie bazy danych zakończyło się niepomyślnie
z błędem -1216, ponieważ napotkano odwołania do bazy danych 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb',
której już nie ma. Baza danych nie została doprowadzona do spójnego stanu, zanim
została usunięta (możliwe też, że ją przeniesiono lub zmieniono jej nazwę). Aparat
bazy danych nie pozwoli na dokończenie odzyskiwania w wypadku tego wystąpienia,
dopóki brakująca baza danych nie zostanie przywrócona na miejsce. Jeśli baza danych
faktycznie nie jest już dostępna ani wymagana, skontaktuj się z działem pomocy
technicznej w celu uzyskania dodatkowych instrukcji dotyczących czynności, które
umożliwią przeprowadzenie operacji odzyskiwania bez tej bazy danych.

Error - 2010-07-31 05:12:13 | Computer Name = BLACKV8 | Source = ESENT | ID = 454
Description = Catalog Database (1076) Odzyskiwanie/przywracanie bazy danych nie
powiodło się z powodu nieoczekiwanego błędu: -1216.

[ System Events ]
Error - 2010-10-14 16:53:23 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego
błędu: %%1053

Error - 2010-10-14 16:53:32 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2

Error - 2010-10-15 09:16:56 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi helpsvc z powodu następującego błędu: %%2

Error - 2010-10-15 09:16:56 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Eset Nod32 Boot.

Error - 2010-10-15 09:16:56 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego
błędu: %%1053

Error - 2010-10-15 09:16:58 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2

Error - 2010-10-15 12:39:18 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi helpsvc z powodu następującego błędu: %%2

Error - 2010-10-15 12:39:18 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Eset Nod32 Boot.

Error - 2010-10-15 12:39:18 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego
błędu: %%1053

Error - 2010-10-15 12:39:21 | Computer Name = BLACKV8 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2


< End of report >

#6 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 October 2010 - 04:09 AM

Scan z Gmera

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-16 11:08:49
Windows 5.1.2600 Dodatek Service Pack 3
Running: eep7pjxs.exe; Driver: C:\DOCUME~1\ARKADI~1\USTAWI~1\Temp\uxddqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F67000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x29 0xDE 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x8F 0xD0 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6E 0x82 0x84 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x29 0xDE 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x8F 0xD0 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6E 0x82 0x84 0x5E ...

---- EOF - GMER 1.0.15 ----


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 17 October 2010 - 10:56 AM

Witaj ponownie Sinpo18!!.. smile.gif

Wygląda na to, że infekcja się odrodziła (być może powód użycia crack'a?) - spróbujemy usunąć...

Wykonaj poniższe kroki i daj znać czy jakieś problemy z komputerem jeszcze pozostają...

Po pierwsze,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\bwrd.lnk = C:\jxlservice.exe File not found
    O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\LogonInit.dll ()
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2010-07-25 19:56:05 | 000,000,227 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll
    [2010-07-25 16:02:16 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\LogonInit.dll
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" (Własne opcje skanowania / skrypt) window (under the light green bar) and choose Paste.
  • Click the red Run Fix button. (Wykonaj skrypt)
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Po drugie,
Wykonaj pełny skan systemu zainstalowanym programem antywirusowym Eset NOD32...

Następnie:
Proponuję usunięcie (użyj Start --> Panel Sterowania --> Dodaj lub Usuń Programy) niepotrzebnych programów - "Toolbars", dodatki do przeglądarki, które zainstalowałeś z innymi programami:
- DAEMON Tools Toolbar
- Ask Toolbar
- Softonic-Polska Toolbar
- McAfee Security Scan Plus - sprawdza tylko stan ochrony komputera (czy antywirus, firewall działają i są zaktualizowane)

Dodatkowo, widzę pewne ominięcie legalności programu antywirusowego Eset NOD32:
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

Zalecam deinstalację zarówno powyższego programu jak i programu antywirusowego Eset NOD32 (ew. kupno legalnej licencji) oraz zainstalowanie takiego programu antywirusowego, który będzie legalny - możesz wybrać coś z 3 darmowych antywirusów, które polecam na mojej stronie: link (Avast!, Avira lub produkt Microsoft'u...)

Znalazłem wzmianki, że tytułowe pliki (LogonInit.dll i userInit.dll) mogą powstawać przy użyciu "scracowanej" wersji "bota" do Tibii (cokolwiek to jest ;) ) - jeśli posiadasz jakiekolwiek programy do Tibii, które "crackowałeś", zalecam ich natychmiastowe usunięcie, by zapobiec reinfekcji...


Daj znać czy problem po wykonaniu powyższych czynności nadal występuje oraz czy zdecydowałeś się odinstalować wyżej wymienione programy...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 17 October 2010 - 02:23 PM

Heh zrobilem tak jak napisales usunolem te programy i antywirusa zainstalowalem Avire i mi odrazu usunela tego LogonInit.dll. Ale wiem ze sie odnowi. Zapomnialem przed instalacja aviry zrobic tego skrypta w OTL co mi napisales i mi taki log wyszedl nieweim czy cos ci to da ale jak sie odnowi ten LogonInit.dll to zrobie ponownie ten sam skrypt ;p. Dzieki wielkie za poswiecenie mi czasu xD chociaz jestem blady w tym temacie ale chyba jakos dobrze mi wychodizlo? xD


All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\bwrd.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit\ deleted successfully.
File C:\Program Files\Common Files\LogonInit.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files\Common Files\userInit.dll moved successfully.
File C:\Program Files\Common Files\LogonInit.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Arkadiusz Wilk
->Temp folder emptied: 4586380 bytes
->Temporary Internet Files folder emptied: 1363327 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50862306 bytes
->Flash cache emptied: 2998 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 2359959 bytes

Total Files Cleaned = 56,00 mb


[EMPTYFLASH]

User: All Users

User: Arkadiusz Wilk
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10172010_211651

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 17 October 2010 - 03:36 PM

Witaj ponownie Sinpo18!!.. smile.gif

QUOTE(Sinpo18 @ Oct 17 2010, 09:23 PM) View Post
Heh zrobilem tak jak napisales usunolem te programy i antywirusa zainstalowalem Avire i mi odrazu usunela tego LogonInit.dll. Ale wiem ze sie odnowi.

Tyle, że to nie jest rozwiązanie głównego problemu, tym bardziej jeśli mamy do czynienia z ew. wykradaniem haseł do gry...

QUOTE
Dzieki wielkie za poswiecenie mi czasu xD chociaz jestem blady w tym temacie ale chyba jakos dobrze mi wychodizlo? xD

Jak najbardziej dobrze wychodziło... smile.gif Ale zostań do końca...

Proponuje tak - przez trochę używaj komputera normalnie i zobacz w jakim momencie infekcja się odnowi (całkiem możliwe, że od razu zadziała Avira)... Jeśli się odnowi, pomyśl co robiłeś tuż przed tym, jakiego programu ew. używałeś - całkiem możliwe, że infekcja odnawia się poprzez "scracowany" program u ciebie na komputerze - nie wiem, strzelam... Daj znać...
Jeśli tego jeszcze nie zrobiłeś, wykonaj pełny skan systemu za pomocą Aviry... Jeśli to możliwe, wklej w odpowiedzi raport ze skanowania...

Dokonaj także 2 poniższych aktualizacji - tak żebyś miał na komputerze aktualne wersje programów (bez potencjalnych błędów, które mogą wpłynąć na bezpieczeństwo komputera)...

- Java:

Zamknij wszystkie otwarte okna...

Uruchom ten plik: C:\Program files\Java\jre6\bin\javacpl.exe --> przejdź do zakładki: Update --> wybierz (w dolnej części) Update now

Program powinien się uaktualnić do wersji u22 ...

- FlashPlayer:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 18 October 2010 - 08:18 AM

Avira AntiVir Personal
Report file date: 18 października 2010 14:54

Scanning for 2939945 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Dodatek Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Arkadiusz Wilk
Computer name : BLACKV8

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 2010-04-19 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 2010-04-01 11:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 2010-03-07 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 19:05:31
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2010-06-02 19:05:56
VBASE007.VDF : 7.10.9.165 4840960 Bytes 2010-07-23 19:06:52
VBASE008.VDF : 7.10.11.133 3454464 Bytes 2010-09-13 19:07:26
VBASE009.VDF : 7.10.11.134 2048 Bytes 2010-09-13 19:07:26
VBASE010.VDF : 7.10.11.135 2048 Bytes 2010-09-13 19:07:26
VBASE011.VDF : 7.10.11.136 2048 Bytes 2010-09-13 19:07:26
VBASE012.VDF : 7.10.11.137 2048 Bytes 2010-09-13 19:07:26
VBASE013.VDF : 7.10.11.165 172032 Bytes 2010-09-15 19:07:30
VBASE014.VDF : 7.10.11.202 144384 Bytes 2010-09-18 19:07:31
VBASE015.VDF : 7.10.11.231 129024 Bytes 2010-09-21 19:07:32
VBASE016.VDF : 7.10.12.4 126464 Bytes 2010-09-23 19:07:34
VBASE017.VDF : 7.10.12.38 146944 Bytes 2010-09-27 19:07:36
VBASE018.VDF : 7.10.12.64 133120 Bytes 2010-09-29 19:07:37
VBASE019.VDF : 7.10.12.99 134144 Bytes 2010-10-01 19:07:39
VBASE020.VDF : 7.10.12.122 131584 Bytes 2010-10-05 19:07:41
VBASE021.VDF : 7.10.12.148 119296 Bytes 2010-10-07 19:07:43
VBASE022.VDF : 7.10.12.175 142848 Bytes 2010-10-11 19:07:46
VBASE023.VDF : 7.10.12.198 131584 Bytes 2010-10-13 19:07:48
VBASE024.VDF : 7.10.12.216 133120 Bytes 2010-10-14 19:07:50
VBASE025.VDF : 7.10.12.217 2048 Bytes 2010-10-14 19:07:50
VBASE026.VDF : 7.10.12.218 2048 Bytes 2010-10-14 19:07:50
VBASE027.VDF : 7.10.12.219 2048 Bytes 2010-10-14 19:07:51
VBASE028.VDF : 7.10.12.220 2048 Bytes 2010-10-14 19:07:51
VBASE029.VDF : 7.10.12.221 2048 Bytes 2010-10-14 19:07:51
VBASE030.VDF : 7.10.12.222 2048 Bytes 2010-10-14 19:07:51
VBASE031.VDF : 7.10.12.232 68096 Bytes 2010-10-17 19:07:51
Engineversion : 8.2.4.82
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-10-17 19:08:29
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 2010-10-17 19:08:28
AESCN.DLL : 8.1.6.1 127347 Bytes 2010-10-17 19:08:23
AESBX.DLL : 8.1.3.1 254324 Bytes 2010-10-17 19:08:30
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-10-17 19:08:22
AEPACK.DLL : 8.2.3.11 471416 Bytes 2010-10-17 19:08:18
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2010-10-17 19:08:15
AEHEUR.DLL : 8.1.2.35 2961784 Bytes 2010-10-17 19:08:14
AEHELP.DLL : 8.1.14.0 246134 Bytes 2010-10-17 19:08:00
AEGEN.DLL : 8.1.3.23 401779 Bytes 2010-10-17 19:07:59
AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-10-17 19:07:57
AECORE.DLL : 8.1.17.0 196982 Bytes 2010-10-17 19:07:56
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-10-17 19:07:55
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-01-14 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-02-18 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 2010-04-01 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 2010-04-01 11:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-04-01 11:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-01-26 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 2010-04-09 13:14:29

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 18 października 2010 14:54

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'getPlusPlus_Adobe.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ccc.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '394' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ElfBot NG8.54\ElfBot NG.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Buzus.fift Trojan
--> ElfBot NG\elfbot.dll
[DETECTION] Is the TR/Buzus.fift Trojan
--> ElfBot NG\elfload.dll
[DETECTION] Is the TR/Genome.kjma Trojan
C:\Program Files\Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
Begin scan in 'D:\'
D:\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe
[DETECTION] Is the TR/PSW.Delf.CRW Trojan
D:\MUUUUUUUUUUUU\DarkMuBat\mueof.dll
[DETECTION] Contains recognition pattern of the WORM/Palevo.apsu worm
D:\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe
[DETECTION] Contains recognition pattern of the DR/PSW.PWDump.2.10 dropper
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Urządzenie nie jest gotowe.

Beginning disinfection:
D:\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe
[DETECTION] Contains recognition pattern of the DR/PSW.PWDump.2.10 dropper
[NOTE] The file was moved to the quarantine directory under the name '4e19edc4.qua'.
D:\MUUUUUUUUUUUU\DarkMuBat\mueof.dll
[DETECTION] Contains recognition pattern of the WORM/Palevo.apsu worm
[NOTE] The file was moved to the quarantine directory under the name '568bc268.qua'.
D:\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe
[DETECTION] Is the TR/PSW.Delf.CRW Trojan
[NOTE] The file was moved to the quarantine directory under the name '04f598ea.qua'.
C:\Program Files\Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
[NOTE] The file was moved to the quarantine directory under the name '62edd755.qua'.
C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ElfBot NG8.54\ElfBot NG.rar
[DETECTION] Is the TR/Genome.kjma Trojan
[NOTE] The file was moved to the quarantine directory under the name '2764fa6b.qua'.


End of the scan: 18 października 2010 15:17
Used time: 19:26 Minute(s)

The scan has been done completely.

5408 Scanned directories
109007 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
109001 Files not concerned
459 Archives were scanned
0 Warnings
5 Notes

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 18 October 2010 - 01:09 PM

Witaj ponownie Sinpo18!!.. :)

Dzięki za wynik skanowania...

C:\Documents and Settings\Arkadiusz Wilk\Pulpit\ElfBot NG8.54\ElfBot NG.rar
[DETECTION] Is the TR/Genome.kjma Trojan

C:\Program Files\Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan

D:\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe
[DETECTION] Is the TR/PSW.Delf.CRW Trojan

D:\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe
[DETECTION] Contains recognition pattern of the DR/PSW.PWDump.2.10 dropper

Po wynikach sam widzisz, że ew. używanie cracków lub plików umożliwiających ominięcie legalności programu może doprowadzić do infekcji... Czasem naprawdę warto poszukać darmowego odpowiednika programu... No i najlepiej nie uruchamiać plików pochodzących z nieznanych źródeł...
Przynajmniej jedna z powyższych infekcji może wykradać dane osobiste (hasła/loginy), także jeśli dotychczas tego jeszcze nie zrobiłeś, zalecam zmianę wszystkich haseł (cytując z mojej strony):

- change all passwords - nowadays, most malware is developed only to steal personal information and/or various passwords. I recommend you change all your passwords - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).

Ok, czeka nas jeszcze proces usunięcia narzędzi, z których korzystaliśmy i usunięcie starych punktów przywracania systemu... Ale to później, na razie, tak jak proponowałem w poprzednim poście, poużywaj komutera przez jakieś 2 dni i daj znać czy ew. problem powrócił (a jeśli tak, to w jakich okolicznościach)...

Proponuje tak - przez trochę używaj komputera normalnie i zobacz w jakim momencie infekcja się odnowi (całkiem możliwe, że od razu zadziała Avira)... Jeśli się odnowi, pomyśl co robiłeś tuż przed tym, jakiego programu ew. używałeś - całkiem możliwe, że infekcja odnawia się poprzez "scracowany" program u ciebie na komputerze - nie wiem, strzelam... Daj znać...


Czekam na ew. info... :)
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 22 October 2010 - 07:48 AM

Witaj ponownie Sinpo18!!.. :)

Rozumiem, że infekcja nie wróciła?
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 Sinpo18

Sinpo18
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 24 October 2010 - 05:42 AM

Nie, niewrocila ;p jak wroci to dam znac ;p

#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 25 October 2010 - 04:05 PM

Witaj ponownie Sinpo18!!.. :)

Nie, niewrocila ;p jak wroci to dam znac ;p

Super!.. :)

Wykonaj poniższe instrukcje - posprzątanie po całym procesie usuwania:

Najpierw, włączenie sterownika emulacji napędów...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Potem,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button. (Sprzątanie)
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

"Zerowanie" Punktów Przywracania Systemu: (ew. polska wersja: CZYSZCZENIE FOLDERÓW PRZYWRACANIA SYSTEMU)

Please, set up a new System Restore point:

Turn off System Restore

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

The to turn it back on
1. Wait for Windows to finish clearing Restore Points.
2. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!

Jak wykonasz powyższe czynności, temat zamknę (zawsze możesz wysłać prywatną wiadomość i w razie problemów otworzę go ponownie... ;) )...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:24 PM

Posted 07 November 2010 - 08:24 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users