Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

wirus zablokowal sterowniki i programy tryb awaryjny nie dziala

soojer 21 Dec 2011 15:32 8747 19
Renex
| New topic
  • #1
    soojer
    Level 11  
    chcialem uruchomic program z dysku a okazalo sie ze siedzial w nim wirus i kliknalem tylko a tu od razu Avast sie wylaczyl calkowicie i swinstwo mi sterowniki zablokowalo bo nie dzialaja dzwieki zadne, modem, nie mozna uruchomic antywira, ani zainstalowac zadnego programu antywirusowego, tryb awaryjny tez sie nie uruchamia - wyskakuje niebieski ekran bledu i restart.
    Pisze teraz i innego komputera.
    Przy probie instalacji programow antywir. wyskakuja takie komunikaty:
    wirus zablokowal sterowniki i programy tryb awaryjny nie dziala wirus zablokowal sterowniki i programy tryb awaryjny nie dziala wirus zablokowal sterowniki i programy tryb awaryjny nie dziala

    Jedynie tylko OTL dziala, moze ktos pomoze, oto log:
    Quote:

    OTL logfile created on: 2011-12-21 15:00:42 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = D:\antyvirusy\OTL
    Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    3,50 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 85,33% Memory free
    4,84 Gb Paging File | 4,50 Gb Available in Paging File | 93,01% Paging File free
    Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive C: | 79,63 Gb Total Space | 0,03 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
    Drive D: | 97,65 Gb Total Space | 0,01 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
    Drive E: | 97,65 Gb Total Space | 0,27 Gb Free Space | 0,28% Space Free | Partition Type: NTFS
    Drive F: | 97,66 Gb Total Space | 0,64 Gb Free Space | 0,65% Space Free | Partition Type: NTFS
    Drive N: | 3,76 Gb Total Space | 0,04 Gb Free Space | 1,14% Space Free | Partition Type: FAT32

    Computer Name: TYM-DE05D1680AF | User Name: tym | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-12-21 14:57:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\antyvirusy\OTL\OTL.exe
    PRC - [2010-04-02 15:19:36 | 000,091,456 | ---- | M] () -- E:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010-04-02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- E:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010-03-28 10:16:06 | 000,797,112 | ---- | M] (iMesh, Inc) -- E:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
    PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2009-12-22 00:08:39 | 000,814,344 | ---- | M] (ABBYY) -- E:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
    PRC - [2008-08-13 04:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\Software Update 3\SoftAuto.exe
    PRC - [2008-08-01 16:31:32 | 002,043,568 | ---- | M] (NesterSoft Inc.) -- E:\Program Files\TimeLeft3\TimeLeft.exe
    PRC - [2008-05-19 15:24:46 | 000,091,432 | ---- | M] (cyberlink) -- E:\Program Files\CyberLink\Shared Files\brs.exe
    PRC - [2007-08-20 09:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2007-04-02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2006-12-26 11:48:47 | 000,507,904 | ---- | M] () -- E:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2006-10-31 13:13:00 | 001,990,656 | ---- | M] (FirebirdSQL Project) -- E:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    PRC - [2006-04-18 07:19:19 | 000,118,784 | ---- | M] () -- E:\Program Files\HybridTM_IR(A)\RC620_A.exe
    PRC - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- E:\Program Files\Kalendarz XP\Kalendarz.exe
    PRC - [2005-03-02 07:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) -- E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
    PRC - [2004-02-12 15:59:58 | 000,077,824 | ---- | M] (Labtec Inc.) -- E:\Program Files\Logitech\Video\LogiTray.exe
    PRC - [2004-01-21 02:24:22 | 000,135,214 | ---- | M] (Labtec Inc.) -- E:\WINDOWS\system32\LVComS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010-08-25 23:12:26 | 000,555,624 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nView\nvShell.dll
    MOD - [2010-04-02 15:19:36 | 000,091,456 | ---- | M] () -- E:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    MOD - [2009-02-27 18:04:20 | 000,311,296 | ---- | M] () -- E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
    MOD - [2008-07-09 09:05:50 | 000,421,888 | ---- | M] () -- E:\WINDOWS\system32\ac3filter.acm
    MOD - [2006-12-26 11:48:47 | 000,507,904 | ---- | M] () -- E:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2006-12-11 21:12:04 | 000,176,235 | ---- | M] () -- E:\WINDOWS\system32\Primomonnt.dll
    MOD - [2006-04-18 07:19:19 | 000,118,784 | ---- | M] () -- E:\Program Files\HybridTM_IR(A)\RC620_A.exe
    MOD - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- E:\Program Files\Kalendarz XP\Kalendarz.exe
    MOD - [2006-02-07 07:12:48 | 000,028,672 | ---- | M] () -- E:\Program Files\HybridTM_IR(A)\VendorCmd620.dll
    MOD - [2005-03-02 07:10:00 | 000,054,328 | ---- | M] () -- E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dll
    MOD - [2001-10-26 20:27:02 | 000,015,360 | ---- | M] () -- E:\WINDOWS\system32\tsd32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011-12-21 15:01:49 | 000,348,344 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2011-12-21 15:01:49 | 000,250,040 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2011-12-21 15:01:49 | 000,147,640 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2011-12-21 15:01:49 | 000,016,056 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2011-12-21 12:39:36 | 000,580,480 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- E:\Documents and Settings\tym\Ustawienia lokalne\Temp\UASIIKJ.exe -- (UASIIKJ)
    SRV - [2010-04-25 14:35:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010-04-02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- E:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009-12-22 00:08:39 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- E:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
    SRV - [2008-05-21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2007-04-02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- E:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2006-10-31 13:13:02 | 000,077,824 | ---- | M] (FirebirdSQL Project) [Auto | Stopped] -- E:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
    SRV - [2006-10-31 13:13:00 | 001,990,656 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- E:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
    SRV - [2005-03-02 07:10:00 | 000,193,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011-12-21 14:39:43 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\srosa2.sys -- (sK9Ou0s)
    DRV - [2011-03-25 09:21:11 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010-04-15 14:30:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010-04-12 13:07:17 | 000,021,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\eps2kt1.sys -- (token)
    DRV - [2010-04-12 13:07:17 | 000,012,800 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\smccard.sys -- (R5BaseSmc)
    DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009-10-27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2009-08-22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2009-08-02 12:54:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\UFS2XX.sys -- (UFS2XX)
    DRV - [2008-09-26 17:01:12 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2008-09-26 17:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008-05-28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2008-05-28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2008-05-28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008-05-15 12:07:00 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- E:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
    DRV - [2008-02-11 17:07:00 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2008-01-04 23:00:00 | 000,054,008 | ---- | M] (WinAbility® Software Corporation) [Kernel | On_Demand | Stopped] -- E:\Program Files\Folder Guard Pro\FGUARD32.SYS -- (FGUARD32)
    DRV - [2007-04-27 16:20:44 | 000,275,968 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser)
    DRV - [2007-04-23 11:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-03-01 09:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2006-12-23 08:02:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- E:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- E:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006-04-14 05:55:22 | 000,017,280 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
    DRV - [2006-04-10 11:09:04 | 000,044,416 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
    DRV - [2006-04-04 08:15:28 | 000,189,568 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid) USB Hybrid TV Receiver (TM6000)
    DRV - [2005-08-17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005-08-17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005-08-17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2005-06-23 13:56:26 | 000,048,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2005-04-26 08:01:38 | 000,003,584 | ---- | M] (Trident Microsystem Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Triddev.sys -- (TridDev) USB Hybrid TV Device (TM6000)
    DRV - [2005-03-02 07:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2005-03-01 02:13:20 | 000,013,312 | ---- | M] (axalto) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\egate.sys -- (Egatecard)
    DRV - [2005-03-01 02:13:20 | 000,011,264 | ---- | M] (axalto) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\egatebus.sys -- (Egatebus)
    DRV - [2005-03-01 02:13:20 | 000,010,752 | ---- | M] (axalto) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\egaterdr.sys -- (Egaterdr)
    DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2004-08-03 21:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2004-04-20 19:35:00 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2004-04-20 19:34:00 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2004-01-21 02:14:46 | 000,005,915 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2004-01-21 02:14:42 | 000,271,360 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) Labtec WebCam Pro(PID_08A0)
    DRV - [2002-01-12 15:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk)
    DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    IE - HKCU\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "mipony-plugin Customized Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.pl"
    FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs(_at_)sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5
    FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
    FF - prefs.js..extensions.enabledItems: {90d46c30-9f25-4104-aea9-35c3f84477ff}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: bkmrksync(_at_)nokia.com:1.0.0.723
    FF - prefs.js..extensions.enabledItems: rsDownloadHelper(_at_)yevgenyandrov.net:1.0
    FF - prefs.js..extensions.enabledItems: {3a28245c-0db8-496b-9e54-3478518d9524}:0.8
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.biblioteka.gumed.edu.pl/proxy.pac"
    FF - prefs.js..network.proxy.backup.ftp: "142.150.3.78"
    FF - prefs.js..network.proxy.backup.ftp_port: 3124
    FF - prefs.js..network.proxy.backup.gopher: "142.150.3.78"
    FF - prefs.js..network.proxy.backup.gopher_port: 3124
    FF - prefs.js..network.proxy.backup.socks: "142.150.3.78"
    FF - prefs.js..network.proxy.backup.socks_port: 3124
    FF - prefs.js..network.proxy.backup.ssl: "142.150.3.78"
    FF - prefs.js..network.proxy.backup.ssl_port: 3124
    FF - prefs.js..network.proxy.ftp: "174.142.24.201"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.gopher: "174.142.24.201"
    FF - prefs.js..network.proxy.gopher_port: 3128
    FF - prefs.js..network.proxy.http: "174.142.24.201"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "174.142.24.201"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "174.142.24.201"
    FF - prefs.js..network.proxy.ssl_port: 3128

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: E:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-23 11:45:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: E:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-09 09:10:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010-11-26 13:36:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010-07-21 18:02:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: E:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-09 09:10:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: E:\WINDOWS\vf_hip\ [2010-07-07 16:24:46 | 000,000,000 | ---D | M]

    [2009-11-16 23:51:05 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Extensions
    [2011-12-21 14:46:07 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions
    [2010-01-23 20:21:03 | 000,000,000 | ---D | M] (Minimap Addon) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    [2010-03-02 19:21:12 | 000,000,000 | ---D | M] (Rozszerzenia Aukcjoner.pl) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{3a28245c-0db8-496b-9e54-3478518d9524}
    [2010-12-04 09:30:12 | 000,000,000 | ---D | M] (mipony-plugin Toolbar) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
    [2010-04-05 15:47:16 | 000,000,000 | ---D | M] (LeechBlock) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
    [2010-06-29 18:00:54 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\rsDownloadHelper@yevgenyandrov.net
    [2010-03-20 13:45:26 | 000,000,000 | ---D | M] (Zrzuta.eu) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\zrzuta.eu@gmail.com
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\BearShareWebSearch.xml
    [2010-01-20 12:16:46 | 000,000,929 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\conduit.xml
    [2011-12-13 18:28:08 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
    [2010-10-15 15:36:40 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) -- E:\DOCUMENTS AND SETTINGS\TYM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\FT22VRUP.DEFAULT\EXTENSIONS\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
    [2010-10-15 15:36:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-03-09 09:10:59 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- E:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
    [2009-11-23 11:45:32 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- E:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
    [2010-10-15 15:36:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009-07-31 12:06:48 | 001,654,784 | ---- | M] (LizardTech) -- E:\Program Files\mozilla firefox\plugins\npdjvu.dll
    [2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    [2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
    [2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
    [2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
    [2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
    [2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

    O1 HOSTS File: ([2010-08-29 15:09:09 | 000,000,906 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 alcohol-soft.com
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - E:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - E:\Program Files\TextAloud\TAForIE.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [BDRegion] E:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [Bonus.SSR.FR10] E:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
    O4 - HKLM..\Run: [DataCardMonitor] E:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
    O4 - HKLM..\Run: [HybridTM_A] E:\Program Files\HybridTM_IR(A)\RC620_A.exe ()
    O4 - HKLM..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
    O4 - HKLM..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
    O4 - HKLM..\Run: [NBKeyScan] E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] E:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
    O4 - HKLM..\Run: [Samsung PanelMgr] E:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [UpdatePDRShortCut] E:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [AlcoholAutomount] E:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [Gadwin PrintScreen] E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [SoftAuto.exe] E:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
    O4 - HKLM..\RunOnce: [removedatamngr] cmd.exe /c RD /S /Q "E:\Program Files\BearShare Applications\MediaBar\" File not found
    O4 - HKLM..\RunOnce: [removetoolbar] cmd.exe /c RD /S /Q "E:\PROGRA~1\BEARSH~1\MediaBar\ToolBar" File not found
    O4 - Startup: E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = E:\Program Files\Kalendarz XP\Kalendarz.exe ()
    O4 - Startup: E:\Documents and Settings\tym\Menu Start\Programy\Autostart\TimeLeft.lnk = E:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Ściągaj z Mipony - E:\Program Files\MiPony\Browser\IEContext.htm ()
    O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - E:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - E:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{798EA6D4-D7AD-46AF-B95F-D187D774AE75}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CCD4F26-2473-4D69-B301-0545FB74AB83}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB59FF7E-BFE5-4160-8F10-ABAA49BC059F}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - E:\WINDOWS\wc98pp.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -E:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) -E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: TaskMan - (E:\Documents and Settings\tym\fswagz.exe) -E:\Documents and Settings\tym\fswagz.exe ()
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
    O24 - Desktop WallPaper: E:\WINDOWS\Web\Wallpaper\Idylla.bmp
    O24 - Desktop BackupWallPaper: E:\WINDOWS\Web\Wallpaper\Idylla.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008-05-13 14:59:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011-01-29 16:39:29 | 000,000,000 | ---D | M] - F:\Automapa 6.2 PL FULLmapa -- [ NTFS ]
    O33 - MountPoints2\{04b8c644-34cd-11df-a2ae-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{04b8c644-34cd-11df-a2ae-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{04b8c646-34cd-11df-a2ae-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{04b8c646-34cd-11df-a2ae-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{1081e2a2-8527-11e0-987b-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{1081e2a2-8527-11e0-987b-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{1081e2a3-8527-11e0-987b-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{1081e2a3-8527-11e0-987b-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{3a0c04e8-851a-11e0-9879-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a0c04e8-851a-11e0-9879-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{3d1d5764-0d20-11e0-8c79-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d1d5764-0d20-11e0-8c79-000e2e60001c}\Shell\AutoRun\command - "" = K:\AutoRun.exe
    O33 - MountPoints2\{6557b5f8-851e-11e0-987a-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{6557b5f8-851e-11e0-987a-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{7527fade-6437-11df-a3d8-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{7527fade-6437-11df-a3d8-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{7527fadf-6437-11df-a3d8-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{7527fadf-6437-11df-a3d8-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{9259357a-86d3-11e0-9882-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{9259357a-86d3-11e0-9882-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{9935b8a8-9d92-11df-a568-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{9935b8a8-9d92-11df-a568-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{c5d57cac-86d4-11e0-9883-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{c5d57cac-86d4-11e0-9883-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{d179fec6-bdb3-11e0-9a28-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d179fec6-bdb3-11e0-9a28-000e2e60001c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{d20c423c-378a-11df-a2be-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d20c423c-378a-11df-a2be-000e2e60001c}\Shell\AutoRun\command - "" = N:\AutoRun.exe
    O33 - MountPoints2\{d20c423d-378a-11df-a2be-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d20c423d-378a-11df-a2be-000e2e60001c}\Shell\AutoRun\command - "" = N:\AutoRun.exe
    O33 - MountPoints2\{d50d021c-4d62-11df-a339-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d50d021c-4d62-11df-a339-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{d50d021f-4d62-11df-a339-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{d50d021f-4d62-11df-a339-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{df9b351b-cb24-11df-a5d5-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{df9b351b-cb24-11df-a5d5-000e2e60001c}\Shell\AutoRun\command - "" = K:\AutoRun.exe
    O33 - MountPoints2\{eb7e736c-30d8-11df-a298-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb7e736c-30d8-11df-a298-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{eb7e736e-30d8-11df-a298-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb7e736e-30d8-11df-a298-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{eb7e736f-30d8-11df-a298-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb7e736f-30d8-11df-a298-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\{fc37bb7b-6454-11e0-973c-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc37bb7b-6454-11e0-973c-000e2e60001c}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{ffd54c5f-fd17-11de-a175-000e2e60001c}\Shell - "" = AutoRun
    O33 - MountPoints2\{ffd54c5f-fd17-11de-a175-000e2e60001c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-12-21 14:38:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tym\Menu Start\Programy\CyberLink PowerDVD 8
    [2011-12-21 14:26:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dane aplikacji\ESET
    [2011-12-21 11:06:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Menu Start\Programy\avast! Antivirus
    [2011-12-21 11:06:31 | 000,094,392 | ---- | C] (ALWIL Software) -- E:\WINDOWS\System32\AvastSS.scr
    [2011-12-21 11:06:31 | 000,093,264 | ---- | C] (ALWIL Software) -- E:\WINDOWS\System32\drivers\aswmon.sys
    [2011-12-21 11:06:05 | 001,163,960 | ---- | C] (ALWIL Software) -- E:\WINDOWS\System32\aswBoot.exe
    [2011-12-20 22:32:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Opera
    [2011-12-20 22:32:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Dane aplikacji\Opera
    [2011-12-19 18:12:06 | 000,000,000 | ---D | C] -- E:\Male Edge
    [2011-12-17 20:23:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\mipony-plugin
    [2011-12-13 16:39:55 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tym\Dane aplikacji\skypePM
    [2011-12-13 16:37:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Menu Start\Programy\Skype
    [2011-12-13 16:37:00 | 000,000,000 | ---D | C] -- E:\Program Files\Skype
    [2011-12-13 16:37:00 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Skype
    [2011-12-13 16:31:07 | 000,000,000 | ---D | C] -- E:\svcpack
    [2011-12-13 14:40:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tym\Dane aplikacji\Skype
    [2011-12-13 14:40:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dane aplikacji\Skype
    [2011-12-11 19:09:36 | 000,000,000 | ---D | C] -- E:\symbiam pack
    [2011-12-03 21:30:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Menu Start\Programy\Samsung PC Studio 3
    [2004-11-24 19:25:52 | 000,335,872 | ---- | C] ( ) -- E:\WINDOWS\System32\drvc.dll
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
    [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
    [1 E:\Documents and Settings\tym\Dane aplikacji\*.tmp files -> E:\Documents and Settings\tym\Dane aplikacji\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011-12-21 14:39:43 | 000,007,168 | ---- | M] () -- E:\WINDOWS\System32\srosa2.sys
    [2011-12-21 14:38:25 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
    [2011-12-21 11:06:35 | 000,001,709 | ---- | M] () -- E:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
    [2011-12-21 11:06:33 | 000,002,645 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
    [2011-12-20 19:32:35 | 001,444,432 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
    [2011-12-19 22:48:23 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
    [2011-12-17 20:23:01 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011-12-16 21:48:45 | 000,067,238 | ---- | M] () -- E:\2 kolor sciany.jpg
    [2011-12-16 21:48:39 | 000,066,304 | ---- | M] () -- E:\1 kolor sciany.jpg
    [2011-12-16 19:05:44 | 017,676,916 | ---- | M] () -- E:\Toyota F1 x Batmóvel - Toyota Racing With The Dark Knight [zapiska.pl].flv
    [2011-12-16 19:04:43 | 007,621,502 | ---- | M] () -- E:\Monster Bike [zapiska.pl].flv
    [2011-12-16 19:01:00 | 018,435,892 | ---- | M] () -- E:\Monsterbike [zapiska.pl].flv
    [2011-12-16 18:57:24 | 005,771,017 | ---- | M] () -- E:\Chainsaw Bike [zapiska.pl].flv
    [2011-12-16 18:54:24 | 002,493,880 | ---- | M] () -- E:\World Biggest Exhaust on Bike - Óriási motor kipufogó [zapiska.pl].flv
    [2011-12-16 18:53:40 | 007,473,676 | ---- | M] () -- E:\MOTORCYCLE CUSTOM WHEEL LIGHT KITS ATC 615-431-2294 [zapiska.pl].flv
    [2011-12-16 18:51:47 | 002,575,268 | ---- | M] () -- E:\Sick Glow In The Dark Rims On BMW 7 Series! [zapiska.pl].flv
    [2011-12-16 18:50:09 | 004,094,455 | ---- | M] () -- E:\Tron -light Bike [zapiska.pl].flv
    [2011-12-16 18:48:44 | 003,588,002 | ---- | M] () -- E:\BatMobile-Dark Knight [zapiska.pl].flv
    [2011-12-16 18:47:13 | 001,786,753 | ---- | M] () -- E:\2010 Mercedes-Benz Biome Concept [zapiska.pl].flv
    [2011-12-16 18:43:47 | 008,135,961 | ---- | M] () -- E:\Ferrari or Lamborghini in KL [zapiska.pl].flv
    [2011-12-16 18:37:09 | 003,918,997 | ---- | M] () -- E:\BMW E90 elektrycznie zwalniany hak holowniczy [zapiska.pl].flv
    [2011-12-16 14:51:17 | 019,663,889 | ---- | M] () -- E:\SATA - Jak malować poprawnie [zapiska.pl].flv
    [2011-12-16 14:49:43 | 009,940,359 | ---- | M] () -- E:\Miro-Folio - Audi S5 Chrome [zapiska.pl].flv
    [2011-12-14 13:53:22 | 000,002,257 | ---- | M] () -- E:\Documents and Settings\All Users\Pulpit\Skype.lnk
    [2011-12-14 10:12:39 | 005,761,912 | ---- | M] () -- E:\Infernal - Keen On Disco.mp3
    [2011-12-13 16:39:56 | 000,000,056 | -H-- | M] () -- E:\WINDOWS\System32\ezsidmv.dat
    [2011-12-13 16:39:40 | 000,148,480 | ---- | M] () -- E:\Documents and Settings\tym\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-12-12 11:12:41 | 000,026,794 | ---- | M] () -- E:\Mniej bakterii w mleku.odt
    [2011-12-12 11:07:47 | 000,028,709 | ---- | M] () -- E:\Wymagania dla gospodarstw mlecznych.odt
    [2011-12-12 10:35:36 | 000,027,042 | ---- | M] () -- E:\Komórki somatyczne w mleku.odt
    [2011-12-11 19:09:11 | 016,346,101 | ---- | M] () -- E:\symbiam pack.rar
    [2011-12-09 17:51:20 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
    [2011-12-03 21:34:33 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
    [2011-12-03 21:30:06 | 000,000,673 | ---- | M] () -- E:\Documents and Settings\All Users\Pulpit\Samsung PC Studio 3.lnk
    [2011-12-02 10:18:28 | 000,024,576 | ---- | M] (VsH-GsM.com) -- E:\WINDOWS\eg0bus.exe
    [2011-12-02 10:16:32 | 000,000,645 | ---- | M] () -- E:\Documents and Settings\tym\Pulpit\UST_Errors.lnk
    [2011-12-02 10:16:32 | 000,000,640 | ---- | M] () -- E:\Documents and Settings\tym\Pulpit\UST_Important.lnk
    [2011-12-02 10:16:32 | 000,000,628 | ---- | M] () -- E:\Documents and Settings\tym\Pulpit\USTPro2.lnk
    [2011-12-02 10:16:32 | 000,000,628 | ---- | M] () -- E:\Documents and Settings\tym\Pulpit\SN Reader.lnk
    [2011-11-29 12:44:06 | 027,567,581 | ---- | M] () -- E:\Lennox Lewis - wywiad dla ringpolska.pl (Warszawa, 16.09.2011).flv
    [2011-11-28 11:57:19 | 000,491,058 | ---- | M] () -- E:\WINDOWS\System32\perfh015.dat
    [2011-11-28 11:57:19 | 000,433,156 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
    [2011-11-28 11:57:19 | 000,084,116 | ---- | M] () -- E:\WINDOWS\System32\perfc015.dat
    [2011-11-28 11:57:19 | 000,067,768 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
    [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
    [1 E:\Documents and Settings\tym\Dane aplikacji\*.tmp files -> E:\Documents and Settings\tym\Dane aplikacji\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011-12-21 14:21:32 | 000,114,176 | RHS- | C] () -- E:\Documents and Settings\tym\fswagz.exe
    [2011-12-21 12:17:06 | 000,007,168 | ---- | C] () -- E:\WINDOWS\System32\srosa2.sys
    [2011-12-21 11:06:35 | 000,001,709 | ---- | C] () -- E:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
    [2011-12-21 11:06:05 | 000,380,928 | ---- | C] () -- E:\WINDOWS\System32\actskin4.ocx
    [2011-12-16 21:48:45 | 000,067,238 | ---- | C] () -- E:\2 kolor sciany.jpg
    [2011-12-16 21:48:38 | 000,066,304 | ---- | C] () -- E:\1 kolor sciany.jpg
    [2011-12-16 19:03:09 | 007,621,502 | ---- | C] () -- E:\Monster Bike [zapiska.pl].flv
    [2011-12-16 19:02:28 | 017,676,916 | ---- | C] () -- E:\Toyota F1 x Batmóvel - Toyota Racing With The Dark Knight [zapiska.pl].flv
    [2011-12-16 18:57:33 | 018,435,892 | ---- | C] () -- E:\Monsterbike [zapiska.pl].flv
    [2011-12-16 18:56:04 | 005,771,017 | ---- | C] () -- E:\Chainsaw Bike [zapiska.pl].flv
    [2011-12-16 18:53:53 | 002,493,880 | ---- | C] () -- E:\World Biggest Exhaust on Bike - Óriási motor kipufogó [zapiska.pl].flv
    [2011-12-16 18:52:38 | 007,473,676 | ---- | C] () -- E:\MOTORCYCLE CUSTOM WHEEL LIGHT KITS ATC 615-431-2294 [zapiska.pl].flv
    [2011-12-16 18:51:11 | 002,575,268 | ---- | C] () -- E:\Sick Glow In The Dark Rims On BMW 7 Series! [zapiska.pl].flv
    [2011-12-16 18:49:24 | 004,094,455 | ---- | C] () -- E:\Tron -light Bike [zapiska.pl].flv
    [2011-12-16 18:47:35 | 003,588,002 | ---- | C] () -- E:\BatMobile-Dark Knight [zapiska.pl].flv
    [2011-12-16 18:46:50 | 001,786,753 | ---- | C] () -- E:\2010 Mercedes-Benz Biome Concept [zapiska.pl].flv
    [2011-12-16 18:42:18 | 008,135,961 | ---- | C] () -- E:\Ferrari or Lamborghini in KL [zapiska.pl].flv
    [2011-12-16 18:36:30 | 003,918,997 | ---- | C] () -- E:\BMW E90 elektrycznie zwalniany hak holowniczy [zapiska.pl].flv
    [2011-12-16 14:46:52 | 019,663,889 | ---- | C] () -- E:\SATA - Jak malować poprawnie [zapiska.pl].flv
    [2011-12-16 14:46:29 | 009,940,359 | ---- | C] () -- E:\Miro-Folio - Audi S5 Chrome [zapiska.pl].flv
    [2011-12-13 16:39:56 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
    [2011-12-13 16:37:32 | 000,002,257 | ---- | C] () -- E:\Documents and Settings\All Users\Pulpit\Skype.lnk
    [2011-12-12 21:03:21 | 005,761,912 | ---- | C] () -- E:\Infernal - Keen On Disco.mp3
    [2011-12-12 11:12:40 | 000,026,794 | ---- | C] () -- E:\Mniej bakterii w mleku.odt
    [2011-12-12 11:07:46 | 000,028,709 | ---- | C] () -- E:\Wymagania dla gospodarstw mlecznych.odt
    [2011-12-12 10:35:35 | 000,027,042 | ---- | C] () -- E:\Komórki somatyczne w mleku.odt
    [2011-12-11 19:08:28 | 016,346,101 | ---- | C] () -- E:\symbiam pack.rar
    [2011-12-03 21:34:33 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
    [2011-12-03 21:30:36 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
    [2011-12-03 21:30:06 | 000,000,673 | ---- | C] () -- E:\Documents and Settings\All Users\Pulpit\Samsung PC Studio 3.lnk
    [2011-11-29 12:50:19 | 027,567,581 | ---- | C] () -- E:\Lennox Lewis - wywiad dla ringpolska.pl (Warszawa, 16.09.2011).flv
    [2011-11-04 16:50:12 | 000,454,656 | ---- | C] () -- E:\WINDOWS\ssndii.exe
    [2011-11-04 16:47:09 | 000,151,552 | ---- | C] () -- E:\WINDOWS\System32\SMC650CI.exe
    [2011-11-04 16:47:09 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\SMC650CI.dll
    [2011-11-04 16:47:01 | 000,151,552 | ---- | C] () -- E:\WINDOWS\System32\clp65ci.exe
    [2011-11-04 16:47:01 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\clp65ci.dll
    [2011-11-04 16:45:31 | 000,151,552 | ---- | C] () -- E:\WINDOWS\System32\SUGD2CI.exe
    [2011-11-04 16:45:31 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\SUGD2CI.dll
    [2011-06-08 19:25:58 | 000,240,592 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin
    [2011-06-08 19:25:51 | 000,240,592 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin
    [2011-06-08 19:25:51 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin
    [2011-06-08 19:25:17 | 002,293,194 | ---- | C] () -- E:\WINDOWS\System32\nvdata.bin
    [2011-03-05 11:52:20 | 000,024,944 | ---- | C] () -- E:\WINDOWS\System32\drivers\GVTDrv.sys
    [2010-12-17 22:24:39 | 000,129,024 | ---- | C] () -- E:\WINDOWS\System32\AVERM.dll
    [2010-12-17 22:24:39 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\AVEQT.dll
    [2010-12-16 12:34:12 | 000,051,712 | ---- | C] () -- E:\WINDOWS\wc98pp.dll
    [2010-12-05 17:48:20 | 000,000,021 | ---- | C] () -- E:\WINDOWS\progman.ini
    [2010-12-05 17:48:18 | 000,000,377 | ---- | C] () -- E:\WINDOWS\HAFASWIN.INI
    [2010-11-30 17:13:47 | 000,000,600 | ---- | C] () -- E:\Documents and Settings\tym\Dane aplikacji\winscp.rnd
    [2010-11-29 21:57:43 | 000,000,257 | ---- | C] () -- E:\WINDOWS\wcx_ftp.ini
    [2010-11-29 21:55:26 | 000,000,450 | ---- | C] () -- E:\WINDOWS\WINCMD.INI
    [2010-11-26 09:42:24 | 000,000,532 | ---- | C] () -- E:\WINDOWS\crackpdf.INI
    [2010-07-01 12:04:28 | 000,000,121 | ---- | C] () -- E:\WINDOWS\Winchat.ini
    [2010-05-24 12:50:47 | 000,000,030 | ---- | C] () -- E:\WINDOWS\Mirage_LV_v1.8.INI
    [2010-05-12 16:21:22 | 000,016,091 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
    [2010-05-10 12:34:44 | 000,017,191 | ---- | C] () -- E:\WINDOWS\System32\lvcoinst.ini
    [2010-05-03 16:47:12 | 000,000,071 | ---- | C] () -- E:\WINDOWS\System32\UFS2XXUN.ini
    [2010-05-02 18:50:54 | 000,000,004 | ---- | C] () -- E:\WINDOWS\System32\cvchost.dll
    [2010-04-30 07:53:43 | 000,000,062 | ---- | C] () -- E:\WINDOWS\wininit.ini
    [2010-04-25 14:38:51 | 000,000,038 | ---- | C] () -- E:\WINDOWS\AviSplitter.INI
    [2010-04-21 18:38:11 | 000,153,522 | ---- | C] () -- E:\WINDOWS\hpoins14.dat
    [2010-04-21 18:38:11 | 000,002,000 | ---- | C] () -- E:\WINDOWS\hpomdl14.dat
    [2010-04-14 15:52:53 | 000,000,222 | ---- | C] () -- E:\WINDOWS\System32\ftdiun2k.ini
    [2010-04-12 13:07:17 | 000,021,888 | ---- | C] () -- E:\WINDOWS\System32\drivers\eps2kt1.sys
    [2010-04-12 13:07:17 | 000,004,608 | ---- | C] () -- E:\WINDOWS\System32\R5CoInst.dll
    [2010-04-09 17:27:24 | 000,000,319 | ---- | C] () -- E:\WINDOWS\ssce.ini
    [2010-04-09 17:14:22 | 000,000,390 | ---- | C] () -- E:\WINDOWS\w32dasm8.ini
    [2010-03-14 17:04:07 | 000,001,024 | ---- | C] () -- E:\WINDOWS\System32\pwdremover.dat
    [2010-03-14 17:04:07 | 000,000,036 | ---- | C] () -- E:\WINDOWS\verypdf.ini
    [2010-03-09 10:13:56 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc
    [2010-03-08 21:15:03 | 000,106,861 | ---- | C] () -- E:\WINDOWS\DirectCOM Uninstaller.exe
    [2010-03-08 21:01:21 | 000,028,160 | ---- | C] () -- E:\WINDOWS\System32\slbmgpg.dll
    [2010-02-26 10:51:59 | 000,176,235 | ---- | C] () -- E:\WINDOWS\System32\Primomonnt.dll
    [2010-02-14 14:40:24 | 000,000,143 | ---- | C] () -- E:\WINDOWS\wlist.dll
    [2010-01-29 21:25:23 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\PsisDecd.dll
    [2009-12-22 14:01:23 | 000,069,632 | ---- | C] () -- E:\WINDOWS\System32\vuins32.dll
    [2009-11-24 21:22:18 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\tym\Dane aplikacji\$_hpcst$.hpc
    [2009-11-17 20:00:35 | 000,148,480 | ---- | C] () -- E:\Documents and Settings\tym\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-11-17 13:32:22 | 000,000,253 | ---- | C] () -- E:\WINDOWS\LEXSTAT.INI
    [2009-11-17 01:13:20 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
    [2009-11-16 23:51:02 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
    [2009-11-16 23:35:33 | 000,004,293 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
    [2009-11-16 23:33:02 | 001,444,432 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
    [2009-11-16 23:08:49 | 000,049,152 | R--- | C] () -- E:\WINDOWS\System32\ChCfg.exe
    [2009-11-16 22:56:50 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
    [2009-11-16 22:52:08 | 000,021,856 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
    [2008-07-05 11:14:48 | 000,456,192 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll
    [2008-07-05 11:14:44 | 003,591,168 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll
    [2008-07-05 11:13:16 | 000,708,096 | ---- | C] () -- E:\WINDOWS\System32\ff_x264.dll
    [2008-06-22 17:34:00 | 000,177,664 | ---- | C] () -- E:\WINDOWS\System32\ff_theora.dll
    [2008-06-13 11:39:38 | 000,023,552 | ---- | C] () -- E:\WINDOWS\System32\ff_wmv9.dll
    [2008-06-12 18:36:38 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
    [2006-11-06 23:49:36 | 000,000,310 | ---- | C] () -- E:\WINDOWS\primopdf.ini
    [2006-11-02 16:10:16 | 000,080,912 | ---- | C] () -- E:\WINDOWS\System32\sherlock2.exe
    [2004-10-03 17:50:54 | 000,129,024 | ---- | C] () -- E:\WINDOWS\System32\ff_mpeg2enc.dll
    [2004-08-03 23:56:48 | 000,001,788 | ---- | C] () -- E:\WINDOWS\System32\Dcache.bin
    [2004-08-02 13:20:40 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
    [2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys
    [2001-10-26 19:15:16 | 000,491,058 | ---- | C] () -- E:\WINDOWS\System32\perfh015.dat
    [2001-10-26 19:15:16 | 000,313,828 | ---- | C] () -- E:\WINDOWS\System32\perfi015.dat
    [2001-10-26 19:15:16 | 000,084,116 | ---- | C] () -- E:\WINDOWS\System32\perfc015.dat
    [2001-10-26 19:15:16 | 000,034,990 | ---- | C] () -- E:\WINDOWS\System32\perfd015.dat
    [2001-08-29 13:11:40 | 000,398,848 | R--- | C] () -- E:\WINDOWS\System32\DK2WIN32.DLL
    [2001-08-23 16:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
    [2001-08-23 16:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
    [2001-08-18 00:30:24 | 000,433,156 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
    [2001-08-18 00:30:24 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
    [2001-08-18 00:30:24 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
    [2001-08-18 00:30:22 | 000,067,768 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
    [2001-08-18 00:15:38 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
    [2001-07-22 01:36:48 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
    [2001-07-22 01:36:04 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
    [2001-07-22 01:24:16 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat
    [1999-01-27 12:39:06 | 000,065,024 | ---- | C] () -- E:\WINDOWS\System32\indounin.dll
    [1997-06-13 06:56:08 | 000,056,832 | ---- | C] () -- E:\WINDOWS\System32\Iyvu9_32.dll
    [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- E:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010-05-01 13:28:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
    [2011-05-25 14:32:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\DatacardService
    [2011-12-21 14:26:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\ESET
    [2010-02-10 20:55:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
    [2009-11-23 11:44:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Installations
    [2009-11-18 21:38:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\LightScribe
    [2010-07-26 10:33:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Mistrz Klawiatury II Data
    [2011-05-14 17:08:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\OpenFM
    [2010-03-09 09:08:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache
    [2010-04-15 14:56:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\PC Suite
    [2010-04-30 07:53:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
    [2010-05-20 10:20:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc
    [2010-05-20 10:15:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Temp
    [2010-02-21 18:16:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl
    [2011-08-31 10:01:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\WinZip
    [2010-05-08 16:27:46 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\{26D901A1-2540-4430-81DC-0317F01BD7BE}
    [2010-05-08 16:27:26 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\{720337A6-A523-4AE6-B08E-F097A396649B}
    [2011-03-05 12:39:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Audacity
    [2010-02-25 23:56:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Dev-Cpp
    [2011-12-21 12:16:48 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\tym\Dane aplikacji\drivers
    [2011-03-14 20:02:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Gadu-Gadu 10
    [2010-05-04 14:06:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\gtk-2.0
    [2010-03-16 10:07:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\HCM Updater
    [2010-07-02 15:04:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\HideIP
    [2010-04-21 17:46:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\iPlus
    [2010-06-30 22:02:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\IrfanView
    [2010-12-03 20:17:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Mipony
    [2010-05-01 13:46:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\MOBILedit
    [2010-07-20 19:34:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\mojosoft
    [2010-03-20 12:05:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Moyea
    [2010-01-05 20:58:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\NesterSoft
    [2010-12-20 19:54:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Nokia
    [2010-02-10 21:12:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\OpenFM
    [2009-11-16 23:37:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Opera
    [2010-12-20 19:21:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\PC Suite
    [2011-09-09 10:27:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Thinstall
    [2010-02-22 10:08:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Tlen.pl
    [2010-03-01 18:07:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\uTorrent
    [2010-07-05 19:06:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\tym\Dane aplikacji\Youtube Downloader HD

    ========== Purity Check ==========



    < End of report >
  • Renex
  • #2
    Kolobos
    IT specialist
    Daj log z combofix w zalaczniku.
  • Renex
  • #3
    soojer
    Level 11  
    nie moge uruchomic ComboFix, wyskakuje komunikat:
    wirus zablokowal sterowniki i programy tryb awaryjny nie dziala
  • Helpful post
    #4
    Kolobos
    IT specialist
    Wykonaj skrypt w OTL:

    :OTL
    SRV - [2011-12-21 12:39:36 | 000,580,480 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- E:\Documents and Settings\tym\Ustawienia lokalne\Temp\UASIIKJ.exe -- (UASIIKJ)
    DRV - [2011-12-21 14:39:43 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\srosa2.sys -- (sK9Ou0s)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    IE - HKCU\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "mipony-plugin Customized Web Search"
    FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
    FF - prefs.js..extensions.enabledItems: {90d46c30-9f25-4104-aea9-35c3f84477ff}:2.5.6.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q="
    [2010-12-04 09:30:12 | 000,000,000 | ---D | M] (mipony-plugin Toolbar) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\BearShareWebSearch.xml
    [2010-01-20 12:16:46 | 000,000,929 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\conduit.xml
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    O2 - BHO: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - E:\Program Files\TextAloud\TAForIE.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - E:\Program Files\mipony-plugin\tbmipo.dll (Conduit Ltd.)
    O4 - HKLM..\RunOnce: [removedatamngr] cmd.exe /c RD /S /Q "E:\Program Files\BearShare Applications\MediaBar\" File not found
    O4 - HKLM..\RunOnce: [removetoolbar] cmd.exe /c RD /S /Q "E:\PROGRA~1\BEARSH~1\MediaBar\ToolBar" File not found
    O20 - HKLM Winlogon: TaskMan - (E:\Documents and Settings\tym\fswagz.exe) -E:\Documents and Settings\tym\fswagz.exe ()
    [2011-12-21 14:39:43 | 000,007,168 | ---- | M] () -- E:\WINDOWS\System32\srosa2.sys
    [2011-12-02 10:18:28 | 000,024,576 | ---- | M] (VsH-GsM.com) -- E:\WINDOWS\eg0bus.exe
    [2011-12-21 14:21:32 | 000,114,176 | RHS- | C] () -- E:\Documents and Settings\tym\fswagz.exe
    [2011-12-21 12:17:06 | 000,007,168 | ---- | C] () -- E:\WINDOWS\System32\srosa2.sys

    :Commnads
    [emptytemp]

    Nastepnie skypt w Avengerze:

    Files to delete:
    E:\Documents and Settings\tym\fswagz.exe
    E:\WINDOWS\System32\srosa2.sys



    Po wykonaniu daj log z combofix oraz nowy log z OTL razem z extras.txt w zalacznik.
  • #5
    soojer
    Level 11  
    skrypt wykonany OTL, pliku extras.txt nie ma nigdzie tylko log.
    Awangera nie mozna uruchomic bo wywala: "avanger.exe nie jest prawidlowa aplikacja systemu win32".
    Combofix tez nie mozna uruchomic bo wywala jak wyzej.

    Mam ten program z wirusem takze spakowany bb5.zip 752KB, wiec moge go zamiescic to moze rozszyfrujesz co to za wirus? (wirus jest w katalogu patch).
    Jak wtedy w niego kliknolem to od razu zniknal z katalogu, ale trzymam programy-kopie takze w archiwach zapasowe.
    Attachments:
  • #7
    soojer
    Level 11  
    skanuje z płyty Dr. Web Cureit, dlugo trwa bo juz 2 godziny a dopiero 3% zeskanowalo.
    Trybu awaryjnego nie mozna uruchomic nadal.
  • Helpful post
    #8
    Acorus 20
    Level 43  
    Ściągnij nowego Combofixa pod inną nazwą.
  • #9
    soojer
    Level 11  
    pod inna nazwa tzn.?
    Chodzi o to ze po uruchomieniu windowsa nie mozna uruchomic zadnego programu .exe bo wyskakuje komunikat ze: ..."*.exe nie jest prawidlowa aplikacja systemu win32".
    Dr Web znalazl na razie kilka trojanów.
  • Helpful post
    #10
    Kolobos
    IT specialist
    Zapisz plik jako 123.exe lub 123.com i sprobuj uruchomic.
  • #11
    soojer
    Level 11  
    po zmienie nazwy na 123.com, wywala komunikat jak zawsze - exe.. nie jest aplikacja systemu win32.
    A program Malwarebytes Anti-Malware to wystarczy ze tylko otworze katalog z tym programem to od razu znika wszystko z pulpitu, a po chwili sie pojawia - ten wirus go blokuje. Jedyny program ktory dziala to OTL.
    Dr Web strasznie dlugo skanuje dlatego po 5 godzinach go wylaczylem, znalazl trojany ktore usunąłem i o dziwo naprawiło to dzwiek bo juz graja mp3. Jeszcze tylko trzeba odblokowac zeby programy sie mogly uruchamiac i tryb awaryjny.
    Pisalo w tym poscie https://www.elektroda.pl/rtvforum/topic1867057.html ze jesli jest plik sraso to jest to wirus bagle - u mnie Dr Web znajduje taki plik.
    Co zrobic zeby programy sie uruchamialy?
    Console cmd uruchamiam, próbowalem polecenia sfc /scannow tak jak pisalo w tym poscie http://pececik.com/showthread.php?t=4166 wlozylem cd windows ale nie pomogla podmiana plikow.
    Teraz wlaczylem skanowanie Dr Web LiveCD wszystkich partycji - pewnie dlugo potrwa.
  • #12
    Kolobos
    IT specialist
    Probowales naprawic tryb awaryjny i tam uruchomic combofix?
  • #13
    soojer
    Level 11  
    próbowalem tym: SafeBootKeyRepair.exe ale przy wybraniu z menu trybu awaryjnego zaczyna sie ladowac, po chwili wyskakuje na samym dole ekranu info. ze cos tam nacisnij enter w celu zaladowania jakiegos pliku.... a potem na ulamek sekundy pokazuje sie niebieski ekran i restart komputera.
  • #15
    soojer
    Level 11  
    na razie dwie partycje Dr Web przeskanowal, zejelo mu to 5 godzin, bylo około 300 podejrzanych plikow, w tym około 20 trojanów takich jak BackDoor, Downloader, Sno......itp.. roznych rodzajów. Jutro rano załacze skanowanie pozostalych partycji a na koncu uruchomie system i napisze co wyniklo.
    FindyKill probowalem wczesniej ale nie chcial sie uruchomic, moze po skanowaniu pojdzie.
  • #16
    soojer
    Level 11  
    5 godzin wczoraj i 5 godzin dzisjaj skanowania Dr Web, do tego naprawa windowsa z plyty 1godz., w sumie 11godzin prob naprawy nie przyniosly rezultatu.
    Udalo sie jednak uruchomic ComboFix ktory znalazl wirusy i usunal je. Przeskanowalem takze FindyKill oraz Combofix - w zalaczniku logi.
    Udalo sie tez przeskanowac Malwerbytes Anti-Malware - ale nic juz nie znalazlo.
    Niektore programy: Nero, Avast, Spyware itp.. dalej nie chca sie uruchomic bo zostaly uszkodzone i wyskakuje mi komunikat:
    E:\Program Files\Nazwa programu\program.exe nie jest prawidlowa aplikacja systemu Win32.
    Ale juz jest odblokowana instalacja/deinstalacja wiec od nowa je zainstaluje i beda dzialac.
    Jesli ktos bedzie miec takie objawy w kompie to polecam szukac po haslem: Usuwanie rootkita Bagle.
    http://www.searchengines.pl/Usuwanie-rootkita-Bagle-wariant-srosasys-t106680.html

    Wielkie dzieki za pomoc.
    Attachments:
  • Helpful post
    #17
    Kolobos
    IT specialist
    W FindyKill wybierz usuwanie.

    Wykonaj skrypt w OTL, ktory podalem wczesniej bo z tego co widze to do tej pory tego nie zrobiles i daj nowy log.
  • Helpful post
    #19
    Acorus 20
    Level 43  
    Odinstaluj mipony-plugin Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

    Quote:
    :OTL

    SRV - File not found [On_Demand | Stopped] -- -- (UASIIKJ)
    SRV - File not found [On_Demand | Stopped] -- -- (KLO)
    SRV - File not found [On_Demand | Stopped] -- -- (CBH)
    SRV - File not found [On_Demand | Stopped] -- -- (BYBXZQFEW)
    IE - HKCU\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "mipony-plugin Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "mipony-plugin Customized Web Search"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q="
    [2010-12-04 09:30:12 | 000,000,000 | ---D | M] (mipony-plugin Toolbar) -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\BearShareWebSearch.xml
    [2010-01-20 12:16:46 | 000,000,929 | ---- | M] () -- E:\Documents and Settings\tym\Dane aplikacji\Mozilla\Firefox\Profiles\ft22vrup.default\searchplugins\conduit.xml
    [2010-03-28 10:04:34 | 000,002,476 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    O2 - BHO: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - E:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - E:\Program Files\mipony-plugin\prxtbmip0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
    [2011-12-24 11:20:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\tym\Dane aplikacji\PriceGong

    :Commands
    [emptytemp]


    Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.
  • #20
    soojer
    Level 11  
    Wielkie dzieki koledzy za pomoc, komputer działa b.dobrze i uruchamia sie teraz 5 razy szybciej :)
| New topic