FrozenOne utworzono 12 lipca 2009 utworzono 12 lipca 2009 (edytowane) Witam. Od jakiegoś czasu mam problem z używaniem internetu. Bez wyraźnego powodu zaczyna on bardzo zwalniac (strony otwierają się po kilku minutach) bądź przestaje działac kompletnie. Nie miałem pojęcia gdzie może tkwic źródło tego problemu aż do momentu uruchomienia menadżera zadań: http://img44.imageshack.us/img44/4909/wtfagq.jpg Jak widzimy uruchomione są setki takich samych procesów: cmd.exe i services.exe. Wie ktoś może czym może byc to spowodowane? Ja nie potrafię znalesc odpowiedzi, szczególnie że problem nie pojawia się z każdym uruchomieniem komputera, czasem nawet po kilku godzinach użytkowania jest ok. Nie jest to raczej wina wirusa bo kilkukrotne skanowania dysku programem antywirusowym nie dały rezultatu. // Zmień nazwę tematu, inaczej kosz. // Kamil //PRZYPOMINAM!!
agro1 komentarz 12 lipca 2009 komentarz 12 lipca 2009 sa wirusy ktorych antywiry nawet nie wykrywaja.. wejdz w start,> uruchom wpisz msconfig i zakladka uruchamianie sprawdz czy nie masz powielonych tych pozycji przypadkiem, ewentualnie sprawdz w rejestrze
FrozenOne komentarz 12 lipca 2009 Autor komentarz 12 lipca 2009 Mam to zrobic kiedy wystąpi problem czy w dowolnym momencie?
FrozenOne komentarz 12 lipca 2009 Autor komentarz 12 lipca 2009 http://rapidshare.com/files/255086173/x.rar.html W to wrzuciłem te wszystkie pliki tekstowe
FrozenOne komentarz 12 lipca 2009 Autor komentarz 12 lipca 2009 (edytowane) UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-06-26.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 2008-04-10 02:14:20System Uptime: 2009-07-12 21:56:16 (0 hours ago)Motherboard: | | P4i65GProcessor: Intel? Pentium? 4 CPU 2.80GHz | mPGA478 | 2799/200mhzProcessor: Intel? Pentium? 4 CPU 2.80GHz | mPGA478 | 2799/200mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 233 GiB total, 157,718 GiB free.D: is CDROM (CDFS)E: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP289: 2009-04-14 15:57:07 - Punkt kontrolny systemuRP290: 2009-04-15 20:52:16 - Punkt kontrolny systemuRP291: 2009-04-16 23:00:16 - Punkt kontrolny systemuRP292: 2009-04-19 14:45:26 - Punkt kontrolny systemuRP293: 2009-04-20 15:04:24 - Punkt kontrolny systemuRP294: 2009-04-21 22:03:32 - Punkt kontrolny systemuRP295: 2009-04-23 17:01:50 - Punkt kontrolny systemuRP296: 2009-04-24 23:18:28 - Punkt kontrolny systemuRP297: 2009-04-25 20:37:24 - Zainstalowane sterowniki drukarek: Samsung ML-1640 SeriesRP298: 2009-04-26 22:42:49 - Punkt kontrolny systemuRP299: 2009-04-28 08:09:01 - Software Distribution Service 3.0RP300: 2009-04-30 22:07:16 - Punkt kontrolny systemuRP301: 2009-05-02 10:52:14 - Punkt kontrolny systemuRP302: 2009-05-02 16:56:12 - Instalacja niepodpisanego sterownikaRP303: 2009-05-03 21:00:56 - Punkt kontrolny systemuRP304: 2009-05-04 21:12:26 - Punkt kontrolny systemuRP305: 2009-05-05 22:06:28 - Punkt kontrolny systemuRP306: 2009-05-07 19:35:57 - Punkt kontrolny systemuRP307: 2009-05-08 21:20:43 - Punkt kontrolny systemuRP308: 2009-05-09 21:39:59 - Punkt kontrolny systemuRP309: 2009-05-11 06:59:19 - Punkt kontrolny systemuRP310: 2009-05-12 18:21:27 - Punkt kontrolny systemuRP311: 2009-05-15 16:47:02 - Punkt kontrolny systemuRP312: 2009-05-17 19:45:59 - Punkt kontrolny systemuRP313: 2009-05-18 22:55:17 - Punkt kontrolny systemuRP314: 2009-05-20 05:54:10 - Punkt kontrolny systemuRP315: 2009-05-21 12:29:11 - Punkt kontrolny systemuRP316: 2009-05-23 12:42:07 - Punkt kontrolny systemuRP317: 2009-05-24 12:43:12 - Punkt kontrolny systemuRP318: 2009-05-26 15:26:03 - Punkt kontrolny systemuRP319: 2009-05-27 20:54:25 - Punkt kontrolny systemuRP320: 2009-05-29 16:07:39 - Punkt kontrolny systemuRP321: 2009-05-30 10:13:36 - Configured USB Disk Win98 DriverRP322: 2009-05-30 13:29:09 - Software Distribution Service 3.0RP323: 2009-05-31 13:53:43 - Punkt kontrolny systemuRP324: 2009-06-01 22:49:13 - Punkt kontrolny systemuRP325: 2009-06-03 19:11:41 - Punkt kontrolny systemuRP326: 2009-06-04 20:16:39 - Punkt kontrolny systemuRP327: 2009-06-05 20:42:10 - Punkt kontrolny systemuRP328: 2009-06-06 22:26:24 - Punkt kontrolny systemuRP329: 2009-06-07 23:11:41 - Punkt kontrolny systemuRP330: 2009-06-09 18:27:57 - Punkt kontrolny systemuRP331: 2009-06-10 07:13:53 - Software Distribution Service 3.0RP332: 2009-06-11 08:58:03 - Punkt kontrolny systemuRP333: 2009-06-12 10:28:52 - Punkt kontrolny systemuRP334: 2009-06-13 12:55:19 - Punkt kontrolny systemuRP335: 2009-06-14 14:01:31 - Punkt kontrolny systemuRP336: 2009-06-15 15:09:49 - Punkt kontrolny systemuRP337: 2009-06-16 16:11:23 - Punkt kontrolny systemuRP338: 2009-06-18 10:12:34 - Punkt kontrolny systemuRP339: 2009-06-19 19:30:15 - Punkt kontrolny systemuRP340: 2009-06-20 21:28:01 - Punkt kontrolny systemuRP341: 2009-06-21 22:37:30 - Punkt kontrolny systemuRP342: 2009-06-23 08:18:06 - Punkt kontrolny systemuRP343: 2009-06-24 08:21:23 - Punkt kontrolny systemuRP344: 2009-06-25 09:18:46 - Punkt kontrolny systemuRP345: 2009-06-27 09:42:53 - Punkt kontrolny systemuRP346: 2009-06-28 13:14:39 - Punkt kontrolny systemuRP347: 2009-06-29 17:18:39 - Punkt kontrolny systemuRP348: 2009-06-30 17:43:06 - Punkt kontrolny systemuRP349: 2009-07-01 20:21:59 - Punkt kontrolny systemuRP350: 2009-07-02 20:54:03 - Punkt kontrolny systemuRP351: 2009-07-04 13:32:01 - Punkt kontrolny systemuRP352: 2009-07-05 14:23:24 - Punkt kontrolny systemuRP353: 2009-07-06 14:29:01 - Punkt kontrolny systemuRP354: 2009-07-07 14:41:59 - Punkt kontrolny systemuRP355: 2009-07-08 21:05:33 - Punkt kontrolny systemuRP356: 2009-07-09 21:12:36 - Punkt kontrolny systemuRP357: 2009-07-10 21:20:49 - Punkt kontrolny systemuRP358: 2009-07-11 21:38:25 - Punkt kontrolny systemuRP359: 2009-07-12 21:47:46 - Punkt kontrolny systemu==== Installed Programs ======================Ad-Aware 2007Adobe Flash Player 10 PluginAdobe Flash Player ActiveXAdobe Photoshop 7.0 CEAdobe Reader 6.0.2 CEAdobe? Photoshop? Album Starter Edition 3.0Aktualizacja dla systemu Windows XP (KB898461)Aktualizacja dla systemu Windows XP (KB955839)Aktualizacja dla systemu Windows XP (KB967715)Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)Aktualizacja zabezpieczeń dla systemu Windows XP (KB963027)Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)Aktualizacja zabezpieczeń dla systemu Windows XP (KB969897)Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)Aktualizacja zabezpieczeń dla Windows XP (KB923689)Aktualizacja zabezpieczeń dla Windows XP (KB941569)ALLPlayer V3.XArchiwizator WinRARATI - Software Uninstall UtilityATI Catalyst Control CenterATI Control PanelATI Display DriverC-Media 3D AudioCombined Community Codec Pack 2008-01-24FrapsGadu-Gadu 7.7GIMP 2.4.6GothicJava 6 Update 4Java 6 Update 5livebox tpMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft Office Excel MUI (Polish) 2007Microsoft Office Outlook MUI (Polish) 2007Microsoft Office PowerPoint MUI (Polish) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Polish) 2007Microsoft Office Proofing (Polish) 2007Microsoft Office Publisher 2007Microsoft Office Publisher MUI (Polish) 2007Microsoft Office Shared MUI (Polish) 2007Microsoft Office Standard 2007Microsoft Office Word MUI (Polish) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (Polish) 12Microsoft Visual C++ 2005 RedistributableMozilla Firefox (3.0.11)MSXML 4.0 SP2 (KB954430)Nero 7 Ultra EditionneroxmlPCI Audio DriverPoprawka dla systemu Windows XP (KB952287)Produkt Microsoft Office Standard 2007 w wersji próbnejQuickTime Alternative 1.56Real Alternative 1.51Samsung ML-1640 Seriessave2pc Light 3.43Sid Meier's Civilization 4Skype? 3.6Sony Ericsson PC SuiteSopCast 3.0.3Sp5Sp5IntlSp5TTIntSpCommonSpPhonesSystem Requirements LabThe GIMP 2.3.18USB Disk Win98 DriverWebFldrs XPWinamp Toolbar for FirefoxWindows Installer 3.1 (KB893803)Windows Media Format RuntimeWindows XP Service Pack 2Wolfenstein - Enemy Territory==== End Of File =========================== DS (Ver_09-06-26.01) - NTFSx86 Run by Leo at 21:58:54,32 on 2009-07-12Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.520 [GMT 2:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\Mixer.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\USB Disk Win98 Driver\Res.EXEC:\WINDOWS\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\TEMP\C19A.tmpC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\svchost.exesvchostC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Leo\Pulpit\dds.pif============== Pseudo HJT Report ===============uStart Page = hxxp://www.optimus.plmDefault_Page_URL = hxxp://www.optimus.plBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0 ce\reader\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndmRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptionsmRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"mRun: [C-Media Mixer] Mixer.exe /startupmRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -DelaymRun: [uSB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXEmRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exemRun: [services] c:\windows\services.exemRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorunmRun: [WindowsHive] c:\windows\system32\rpcc.exedRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\documents and settings\leo\menu start\programy\autostart\rncsys32.exeStartupFolder: c:\docume~1\alluse~1.win\menust~1\programy\autost~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dllNotify: crypt - crypts.dllSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\leo\daneap~1\mozilla\firefox\profiles\k1af2uga.default\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}============= SERVICES / DRIVERS ===============R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]S3 GAGPDrv;GAGPDrv; [x]=============== Created Last 30 ================2009-07-12 20:28 <DIR> --d----- c:\windows\pss2009-06-18 07:47 102,206 a------- c:\windows\system32\drivers\41a52310.sys2009-06-18 07:46 35,840 a------- c:\windows\system32\rpcc.exe2009-06-17 08:13 3,450 a------- c:\windows\system32\wbem\Outlook_01c9ef12c6190cb0.mof==================== Find3M ====================2009-06-17 08:13 439,326 a------- c:\windows\system32\perfh015.dat2009-06-17 08:13 68,334 a------- c:\windows\system32\perfc015.dat2009-05-07 17:44 346,112 a------- c:\windows\system32\localspl.dll2009-04-29 06:53 662,016 a------- c:\windows\system32\wininet.dll2009-04-29 06:53 81,920 -------- c:\windows\system32\ieencode.dll2009-04-19 22:11 1,846,912 a------- c:\windows\system32\win32k.sys2009-04-15 17:18 584,192 a------- c:\windows\system32\rpcrt4.dll2008-04-06 03:51 32 a------- c:\docume~1\alluse~1.win\daneap~1\ezsid.dat2007-07-26 08:17 1,862 a------- c:\program files\my.m3u2001-11-23 07:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL============= FINISH: 21:59:30,07 =============== info.txt logfile of random's system information tool 1.06 2009-07-12 22:05:51======Uninstall list======-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL-->C:\WINDOWS\UNRecode.exe /UNINSTALL-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAd-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exeAdobe Photoshop 7.0 CE-->C:\WINDOWS\ISUN0415.EXE -f"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.dll"Adobe Reader 6.0.2 CE-->MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}Adobe? Photoshop? Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"ALLPlayer V3.X-->"C:\Program Files\MarBit\ALLPlayer\unins000.exe"Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exeATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanC-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exeCombined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"Fraps-->"C:\Fraps\uninstall.exe"Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exeGIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins001.exe"Gothic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{758A4269-70E5-4B11-B419-F692882408A9}\setup.exe" -l0x15 -removeonlyHijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstallJava 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}livebox tp-->C:\Program Files\InstallShield Installation Information\{AB3F9176-E74A-4F28-9A09-4F22349B145E}\setup.exe -runfromtemp -l0x0015 -removeonlyMicrosoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}Microsoft Office Publisher 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHERR /dll OSETUP.DLLMicrosoft Office Publisher 2007-->MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}Nero 7 Ultra Edition-->MsiExec.exe /X{D98C0C51-F9BB-4EE4-B791-22BF6EE31045}neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}PCI Audio Driver-->cmuninst.exePoprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Produkt Microsoft Office Standard 2007 w wersji próbnej-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLLQuickTime Alternative 1.56-->"C:\Program Files\QuickTime Alternative\unins000.exe"Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"Samsung ML-1640 Series-->C:\Program Files\Samsung\Samsung ML-1640 Series\Install\Setup.exe /Rsave2pc Light 3.43-->"C:\Program Files\FDRLab\save2pc\unins000.exe"Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonlySkype? 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exeSp5-->MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}Sp5Intl-->MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}Sp5TTInt-->MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124}SpCommon-->MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5}SpPhones-->MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exeThe GIMP 2.3.18-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe" Winamp Toolbar for Firefox-->"C:\Documents and Settings\Leo\Dane aplikacji\Mozilla\Firefox\Profiles\k1af2uga.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exeWolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log======System event log======Computer Name: ADAMEvent Code: 7035Message: Do usługi Menedżer połączeń usługi Dostęp zdalny został pomyślnie wysłany kod sterowania uruchom.Record Number: 257746Source Name: Service Control ManagerTime Written: 20090625120643.000000+120Event Type: informacjeUser: ADAM\LeoComputer Name: ADAMEvent Code: 7036Message: Usługa Windows Image Acquisition (WIA) weszła w stan uruchomienia.Record Number: 257745Source Name: Service Control ManagerTime Written: 20090625120643.000000+120Event Type: informacjeUser: Computer Name: ADAMEvent Code: 7036Message: Usługa Telefonia weszła w stan uruchomienia.Record Number: 257744Source Name: Service Control ManagerTime Written: 20090625120643.000000+120Event Type: informacjeUser: Computer Name: ADAMEvent Code: 7036Message: Usługa Usługa odnajdywania SSDP weszła w stan uruchomienia.Record Number: 257743Source Name: Service Control ManagerTime Written: 20090625120643.000000+120Event Type: informacjeUser: Computer Name: ADAMEvent Code: 7036Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.Record Number: 257742Source Name: Service Control ManagerTime Written: 20090625120643.000000+120Event Type: informacjeUser: =====Application event log=====Computer Name: ADAMEvent Code: 1000Message: Aplikacja powodująca błąd 017B0075006C0069006F006E00650072007A00790020004E0047002E006500780065, wersja 0.0.0.0, moduł powodujący błąd 017B0075006C0069006F006E00650072007A00790020004E0047002E006500780065, wersja 0.0.0.0, adres błędu 0x0005152d.Record Number: 122Source Name: Application ErrorTime Written: 20080409131643.000000+120Event Type: błądUser: Computer Name: ADAMEvent Code: 4097Message: Aplikacja C:\Program Files\Ortalion Entertainment\Żulionerzy NG\Żulionerzy NG.exe wygenerowała błąd aplikacji.Błąd wystąpił na 04/09/2008 @ 08:04:47.515.Wygenerowany wyjątek to c0000005 pod adresem 77F69ECD (ntdll!RtlpWaitForCriticalSection).Record Number: 121Source Name: DrWatsonTime Written: 20080409080447.000000+120Event Type: informacjeUser: Computer Name: ADAMEvent Code: 1000Message: Aplikacja powodująca błąd 017B0075006C0069006F006E00650072007A00790020004E0047002E006500780065, wersja 0.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.1217, adres błędu 0x00019ecd.Record Number: 120Source Name: Application ErrorTime Written: 20080409080444.000000+120Event Type: błądUser: Computer Name: ADAMEvent Code: 105Message: The service was started.Record Number: 119Source Name: ATI SmartTime Written: 20080409074728.000000+120Event Type: informacjeUser: Computer Name: ADAMEvent Code: 105Message: The service was started.Record Number: 118Source Name: ATI SmartTime Written: 20080408173906.000000+120Event Type: informacjeUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared"windir"=%SystemRoot%"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=15"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel"PROCESSOR_REVISION"=0209"NUMBER_OF_PROCESSORS"=2"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"FP_NO_HOST_CHECK"=NO-----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random)Run by Leo at 2009-07-12 22:05:36Microsoft Windows XP Home Edition Dodatek Service Pack 2System drive C: has 162 GB (68%) free of 238 GBTotal RAM: 1023 MB (49% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:05:49, on 2009-07-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\Mixer.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\USB Disk Win98 Driver\Res.EXEC:\WINDOWS\services.exeC:\WINDOWS\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\TEMP\C19A.tmpC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exeC:\Documents and Settings\Leo\Pulpit\RSIT.exeC:\Program Files\trend micro\Leo.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimus.plR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optimus.plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [services] C:\WINDOWS\services.exeO4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorunO4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: rncsys32.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.optimus.plO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exeO23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\--End of file - 6127 bytes======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]"WinampAgent"=C:\Program Files\Winamp\winampa.exe []"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]"C-Media Mixer"=Mixer.exe /startup []"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]"services"=C:\WINDOWS\services.exe [2009-04-09 41472]"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-09-03 536576]"WindowsHive"=C:\WINDOWS\system32\rpcc.exe [2009-06-18 35840][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-06 21898024]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\AutostartAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeC:\Documents and Settings\Leo\Menu Start\Programy\Autostartrncsys32.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]C:\WINDOWS\system32\crypts.dll [2009-04-09 33280][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145"NoDriveAutoRun"=4294967295[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox""C:\Gry\Sid Meier's Civilization 4\Civilization4.exe"="C:\Gry\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4""C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook""C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{748c9290-3729-11de-adab-001966632f5a}]shell\autorun\command - F:\EmDesk.exeshell\emdesk\command - F:\EmDesk.exe======List of files/folders created in the last 1 months======2009-07-12 22:05:37 ----D---- C:\Program Files\trend micro2009-07-12 22:05:36 ----D---- C:\rsit2009-07-12 20:28:26 ----D---- C:\WINDOWS\pss2009-06-20 14:48:53 ----A---- C:\activ.txt2009-06-18 07:46:57 ----A---- C:\WINDOWS\system32\rpcc.exe======List of files/folders modified in the last 1 months======2009-07-12 22:05:45 ----D---- C:\WINDOWS\Prefetch2009-07-12 22:05:37 ----RD---- C:\Program Files2009-07-12 22:01:04 ----D---- C:\WINDOWS\Temp2009-07-12 21:58:35 ----D---- C:\Documents and Settings\Leo\Dane aplikacji\Skype2009-07-12 21:58:09 ----D---- C:\Program Files\Mozilla Firefox2009-07-12 21:57:15 ----D---- C:\WINDOWS2009-07-12 21:55:39 ----A---- C:\WINDOWS\SchedLgU.Txt2009-07-12 19:35:31 ----A---- C:\WINDOWS\NeroDigital.ini2009-07-12 17:16:28 ----D---- C:\Documents and Settings\Leo\Dane aplikacji\skypePM2009-07-07 20:00:02 ----D---- C:\Documents and Settings\Leo\Dane aplikacji\gtk-2.02009-07-04 10:45:37 ----A---- C:\id.txt2009-06-26 11:20:43 ----D---- C:\Program Files\Gadu-Gadu2009-06-18 07:47:11 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-18 07:47:08 ----D---- C:\WINDOWS\system32\drivers2009-06-18 07:47:01 ----D---- C:\WINDOWS\system32\CatRoot22009-06-18 07:46:57 ----D---- C:\WINDOWS\system322009-06-17 08:13:46 ----D---- C:\WINDOWS\system32\wbem2009-06-17 08:13:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40320]R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []R2 irda;Protokół IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-04 12672]R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys []S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]S3 npkcrypt;npkcrypt; \??\C:\Gry\Lineage II\system\npkcrypt.sys []S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\SE27bus.sys [2006-09-18 61600]S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\SE27mdm.sys [2006-09-18 97184]S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\System32\DRIVERS\se27nd5.sys [2006-09-18 18704]S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\SE27obex.sys [2006-09-18 86560]S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\System32\DRIVERS\se27unic.sys [2006-09-18 90800]S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]R2 Irmon;Monitor podczerwieni; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2008-04-09 66872]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]-----------------EOF----------------- OTL logfile created on: 2009-07-12 22:03:05 - Run 1OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Leo\PulpitWindows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd1022,79 Mb Total Physical Memory | 512,20 Mb Available Physical Memory | 50,08% Memory free2,40 Gb Paging File | 1,90 Gb Available in Paging File | 79,10% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232,88 Gb Total Space | 157,72 Gb Free Space | 67,73% Space Free | Partition Type: NTFSDrive D: | 1,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: ADAMCurrent User Name: LeoLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2006-05-03 18:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2008-03-19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exePRC - [2008-04-09 16:23:14 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exePRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2006-05-03 18:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2006-11-24 01:06:38 | 00,487,424 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exePRC - [2005-06-06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exePRC - [2008-02-22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exePRC - [2003-03-20 09:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exePRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exePRC - [2005-09-14 21:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.EXEPRC - [2009-04-09 21:13:31 | 00,041,472 | ---- | M] () -- C:\WINDOWS\services.exePRC - [2008-09-03 09:52:12 | 00,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exePRC - [2004-08-04 01:44:26 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exePRC - [2009-07-12 21:57:06 | 00,090,112 | ---- | M] () -- C:\WINDOWS\TEMP\C19A.tmpPRC - [2008-02-06 18:21:56 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exePRC - [2007-05-16 10:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exePRC - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exePRC - [2007-05-16 10:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exePRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exePRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exePRC - [2008-02-06 18:21:56 | 02,051,016 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exePRC - [2006-10-13 10:11:16 | 00,983,040 | R--- | M] (Obigo AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exePRC - [2006-11-13 16:17:38 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exePRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exePRC - [2009-06-12 12:52:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-07-12 22:01:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leo\Pulpit\OTL.exePRC - [2008-02-22 04:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe========== Win32 Services (SafeList) ==========SRV - [2008-03-19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2006-05-03 18:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])SRV - [2006-05-03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2005-11-14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2004-08-04 01:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])SRV - [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2008-04-09 16:23:14 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2006-05-03 18:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])DRV - [2002-11-18 10:51:40 | 00,377,358 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])DRV - [2005-05-12 08:21:08 | 01,332,544 | R--- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])DRV - [2008-01-10 03:34:57 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Running])DRV - [2004-08-04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])DRV - [2004-05-02 10:47:08 | 00,023,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])DRV - [2001-08-17 22:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])DRV - [2002-09-23 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])DRV - [2006-09-18 14:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])DRV - [2006-09-18 14:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])DRV - [2006-09-18 14:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])DRV - [2006-09-18 14:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])DRV - [2006-09-18 14:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])DRV - [2006-09-18 14:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])DRV - [2006-09-18 14:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])DRV - [2009-02-15 17:22:40 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])DRV - [2004-08-04 00:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optimus.plIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\s-1-5-19\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\s-1-5-21-484763869-1390067357-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\s-1-5-21-484763869-1390067357-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\s-1-5-21-484763869-1390067357-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimus.plIE - HKU\s-1-5-21-484763869-1390067357-839522115-1005\s-1-5-21-484763869-1390067357-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-15 10:24:51 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-12 12:52:52 | 00,000,000 | ---D | M][2008-08-26 20:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\mozilla\Extensions[2008-08-26 20:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-10 21:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\mozilla\Firefox\Profiles\k1af2uga.default\extensions[2008-04-06 13:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\mozilla\Firefox\Profiles\k1af2uga.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2008-04-06 17:19:28 | 00,001,360 | ---- | M] () -- C:\Documents and Settings\Leo\Dane aplikacji\Mozilla\FireFox\Profiles\k1af2uga.default\searchplugins\winampsearch.xml[2009-07-10 21:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-12 12:52:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2008-04-07 12:08:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[2008-06-05 19:47:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[2009-06-12 12:52:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-12 12:52:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2009-06-12 12:52:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL[2003-05-15 10:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll[2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll[2005-09-16 21:07:22 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll[2005-09-16 21:07:22 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll[2005-09-16 21:07:22 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll[2005-09-16 21:07:22 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll[2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)O4 - HKLM..\Run: [Cmaudio] File not foundO4 - HKLM..\Run: [C-Media Mixer] File not foundO4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()O4 - HKLM..\Run: [services] C:\WINDOWS\services.exe ()O4 - HKLM..\Run: [sony Ericsson PC Suite] File not foundO4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not foundO4 - HKLM..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe ()O4 - HKU\s-1-5-21-484763869-1390067357-839522115-1005..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)O4 - HKU\s-1-5-21-484763869-1390067357-839522115-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O4 - HKU\s-1-5-21-484763869-1390067357-839522115-1005..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe ()O4 - Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Registration .LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East - Demo\Register\RegistrationReminder.exe File not foundO4 - Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Gry\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe ()O4 - Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Gry\Heroes of Might and Magic V - Dzikie Hordy\registration\RegistrationReminder.exe ()O4 - Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Registration Heroes of Might & Magic 5.LNK = C:\Gry\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O4 - Startup: C:\Documents and Settings\Leo\Menu Start\Programy\Autostart\rncsys32.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\s-1-5-21-484763869-1390067357-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\s-1-5-21-484763869-1390067357-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt: DllName - crypts.dll - C:\WINDOWS\System32\crypts.dll ()O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\System32\digiwet.dll ()O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-04-28 03:00:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2006-05-25 10:27:08 | 00,323,584 | R--- | M] (Nival Interactive) - D:\AutoRun.exe -- [ CDFS ]O32 - AutoRun File - [2006-05-25 10:27:09 | 00,050,534 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]O32 - AutoRun File - [2006-05-25 10:27:08 | 00,323,584 | R--- | M] (Nival Interactive) - D:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2006-05-25 10:27:09 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{748c9290-3729-11de-adab-001966632f5a}\Shell\autorun\command - "" = F:\EmDesk.exe -- File not foundO33 - MountPoints2\{748c9290-3729-11de-adab-001966632f5a}\Shell\emdesk\command - "" = F:\EmDesk.exe -- File not foundO34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not foundO34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()========== Files/Folders - Created Within 30 Days ==========[18 C:\WINDOWS\*.tmp files][2009-07-12 22:01:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leo\Pulpit\OTL.exe[2009-07-12 20:28:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss[2009-07-12 17:51:51 | 01,086,066 | ---- | C] () -- C:\Documents and Settings\Leo\Pulpit\wtf.jpg[2009-07-06 19:31:37 | 00,005,979 | ---- | C] () -- C:\Documents and Settings\Leo\Moje dokumenty\zoro_big.jpg[2009-07-06 19:10:49 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Leo\Moje dokumenty\One_Piece-8469.jpg[2009-06-27 08:02:51 | 00,129,475 | ---- | C] () -- C:\Documents and Settings\Leo\Moje dokumenty\r0rzq1.png[2009-06-18 07:47:08 | 00,102,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\41a52310.sys[2009-06-18 07:46:57 | 00,035,840 | ---- | C] () -- C:\WINDOWS\System32\rpcc.exe[2009-04-25 20:37:00 | 00,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll[2009-04-09 21:13:31 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\crypts.dll[2009-04-09 21:10:04 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\digiwet.dll[2009-02-08 13:57:11 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2008-08-23 19:47:22 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI[2008-04-18 17:27:23 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini[2008-04-18 17:25:18 | 00,018,442 | ---- | C] () -- C:\WINDOWS\cmijack.ini[2008-04-18 17:25:17 | 00,016,271 | ---- | C] () -- C:\WINDOWS\cmaudio.ini[2008-04-13 04:32:55 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll[2008-04-10 03:02:27 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll[2008-04-10 03:02:21 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI[2008-04-10 03:02:21 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI[2008-04-10 03:02:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini[2008-04-10 03:02:03 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll[2008-04-10 02:48:55 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys[2008-04-10 02:42:40 | 00,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2008-04-10 02:42:36 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2008-04-10 02:11:00 | 00,000,108 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008-04-09 16:23:26 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys[2008-04-06 07:38:29 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2008-04-06 03:19:07 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll[2004-05-27 11:51:30 | 00,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2002-09-23 14:00:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini[2002-09-23 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][18 C:\WINDOWS\*.tmp files][2009-07-12 22:04:02 | 00,102,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\41a52310.sys[2009-07-12 22:01:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leo\Pulpit\OTL.exe[2009-07-12 21:56:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-12 21:56:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-12 19:35:31 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-12 17:51:51 | 01,086,066 | ---- | M] () -- C:\Documents and Settings\Leo\Pulpit\wtf.jpg[2009-07-12 15:21:42 | 00,158,208 | ---- | M] () -- C:\Documents and Settings\Leo\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-07-06 19:39:11 | 00,005,979 | ---- | M] () -- C:\Documents and Settings\Leo\Moje dokumenty\zoro_big.jpg[2009-07-06 19:36:47 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Leo\Moje dokumenty\One_Piece-8469.jpg[2009-06-30 14:17:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-06-27 08:02:52 | 00,129,475 | ---- | M] () -- C:\Documents and Settings\Leo\Moje dokumenty\r0rzq1.png[2009-06-18 07:46:57 | 00,035,840 | ---- | M] () -- C:\WINDOWS\System32\rpcc.exe[2009-06-17 08:13:46 | 00,947,528 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009-06-17 08:13:46 | 00,439,326 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2009-06-17 08:13:46 | 00,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009-06-17 08:13:46 | 00,068,334 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2009-06-17 08:13:46 | 00,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat========== LOP Check ==========[2008-03-11 11:06:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Adam\Dane aplikacji[2007-04-28 18:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\ATI[2007-04-27 19:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu[2008-04-02 21:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\gtk-2.0[2007-07-30 13:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\GuiltyGearIsukaNA[2008-03-09 15:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\LimeWire[2008-03-28 16:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\MegauploadToolbar[2007-10-12 18:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\My Games[2007-10-20 15:12:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\PPMate[2008-02-10 15:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\Teleca[2007-06-02 20:17:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Dane aplikacji\uTorrent[2007-04-27 18:54:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji[2008-03-11 11:06:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2007-07-22 17:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Age of Empires 3[2008-02-10 15:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca[2009-05-14 22:49:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji[2009-02-07 16:24:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ahead[2008-04-06 10:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Teleca[2009-02-09 17:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP[2007-04-27 18:54:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2008-04-10 02:59:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User.WINDOWS\Dane aplikacji[2009-06-18 07:46:50 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Leo\Dane aplikacji[2009-02-07 16:26:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\Ahead[2008-05-23 09:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\ATI[2008-04-06 06:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\Gadu-Gadu[2009-07-07 20:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\gtk-2.0[2008-04-06 10:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\Leadertech[2009-03-30 18:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\LimeWire[2009-02-15 18:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\My Games[2008-11-06 21:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\Nowe Gadu-Gadu[2008-08-21 12:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\OpenOffice.org2[2008-04-06 10:04:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Dane aplikacji\Teleca[2007-04-28 03:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2008-04-10 02:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Dane aplikacji[2007-04-28 03:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2008-04-10 02:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji[2002-09-23 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-12 21:56:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:05EE1EEF< End of report >
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 C:\WINDOWS\System32\drivers\41a52310.sys Niestety to jest Rootkit, OTL nie daje rady sobie z takimi rzeczami. Daj log z ComboFixa. .
FrozenOne komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 ComboFix 09-07-12.03 - Leo 2009-07-13 12:47.1.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.513 [GMT 2:00]Uruchomiony z: c:\documents and settings\Leo\Pulpit\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Adam\Dane aplikacji\Install.datc:\documents and settings\Leo\Dane aplikacji\wiaserva.logc:\documents and settings\Leo\Menu Start\Programy\Autostart\rncsys32.exec:\recycler\S-1-5-21-606747145-630328440-725345543-1005c:\recycler\S-1-5-21-606747145-630328440-725345543-500c:\windows\Installer\4b23c7.msic:\windows\services.exec:\windows\system32\crypts.dllc:\windows\system32\digiwet.dllc:\windows\system32\drivers\41a52310.sysc:\windows\system32\rpcc.exe.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_41a52310((((((((((((((((((((((((( Pliki utworzone od 2009-06-13 do 2009-07-13 ))))))))))))))))))))))))))))))).2009-07-12 20:05 . 2009-07-12 20:05 -------- d-----w- c:\program files\trend micro2009-07-12 20:05 . 2009-07-12 20:05 -------- d-----w- C:\rsit.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-13 11:02 . 2008-04-07 05:56 -------- d-----w- c:\documents and settings\Leo\Dane aplikacji\Skype2009-07-13 11:02 . 2002-09-23 12:00 68334 ----a-w- c:\windows\system32\perfc015.dat2009-07-13 11:02 . 2002-09-23 12:00 439326 ----a-w- c:\windows\system32\perfh015.dat2009-07-13 09:59 . 2008-04-06 01:51 -------- d-----w- c:\documents and settings\Leo\Dane aplikacji\skypePM2009-07-07 18:00 . 2008-04-07 10:19 -------- d-----w- c:\documents and settings\Leo\Dane aplikacji\gtk-2.02009-06-26 09:20 . 2008-04-06 04:35 -------- d-----w- c:\program files\Gadu-Gadu2009-05-22 06:35 . 2008-11-06 19:43 -------- d-----w- c:\program files\Nowe Gadu-Gadu2009-05-08 04:36 . 2008-05-23 07:53 72264 ----a-w- c:\documents and settings\Leo\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-07 15:44 . 2002-09-23 12:00 346112 ----a-w- c:\windows\system32\localspl.dll2009-04-29 04:53 . 2004-02-06 16:09 662016 ----a-w- c:\windows\system32\wininet.dll2009-04-29 04:53 . 2008-12-14 12:54 81920 ------w- c:\windows\system32\ieencode.dll2009-04-19 20:11 . 2003-09-25 17:23 1846912 ----a-w- c:\windows\system32\win32k.sys2009-04-15 15:18 . 2004-03-06 02:21 584192 ----a-w- c:\windows\system32\rpcrt4.dll2007-07-26 06:17 . 2007-07-26 06:17 1862 ----a-w- c:\program files\my.m3u.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2003-03-20 1855488][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\Adam\Menu Start\Programy\Autostart\OpenOffice.org 1.1.0.lnk - c:\program files\OpenOffice.org1.1.0\program\quickstart.exe [2003-10-9 61515]c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-9 113664][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Gry\\Sid Meier's Civilization 4\\Civilization4.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]S3 GAGPDrv;GAGPDrv; [x].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exeHKLM-Run-Cmaudio - cmicnfg.cpl.------- Skan uzupełniający -------.uStart Page = hxxp://www.optimus.plIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Leo\Dane aplikacji\Mozilla\Firefox\Profiles\k1af2uga.default\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-13 13:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(696)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(2592)c:\windows\system32\msi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Lavasoft\Ad-Aware 2007\aawservice.exec:\windows\system32\PnkBstrA.exec:\windows\system32\wdfmgr.exec:\windows\system32\wscntfy.exec:\windows\system32\ati2evxx.exec:\windows\system32\rundll32.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\program files\Skype\Plugin Manager\skypePM.exec:\program files\Common Files\Teleca Shared\Generic.exec:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe.**************************************************************************.Czas ukończenia: 2009-07-13 13:04 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-07-13 11:04Przed: 172 842 852 352 bajtów wolnychPo: 202 689 310 720 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot Loader]Timeout=2Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[Operating Systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptInc:\$win_nt$.~bt\BOOTSECT.DAT="Instalator systemu Microsoft Windows XP Professional"143 --- E O F --- 2009-06-10 05:14
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 ComboFix usunął tego Rootkita i całą infekcję i log wygląda na czysty. S3 GAGPDrv;GAGPDrv; [x] W logu widzę bezplikową usługę, można ją usunąć. ***************************************************************************************** 1. Start>>>Uruchom>>>cmd>>>Wklep to: SC DELETE S3 GAGPDrv Enter. 2. Odpal OTL'a i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera. 3. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
FrozenOne komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 Malwarebytes' Anti-Malware 1.38Wersja bazy definicji: 2418Windows 5.1.2600 Dodatek Service Pack 22009-07-13 15:55:35mbam-log-2009-07-13 (15-55-35).txtTyp skanowania: Pełne skanowanie (C:\|)Przeskanowane obiekty: 220034Upłynęło: 43 minute(s), 23 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 1Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\system volume information\_restore{d0a396ce-d7d7-45ce-9eb4-1d445ae120c7}\RP359\A0136133.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.