CR7777 utworzono 12 lipca 2009 utworzono 12 lipca 2009 Witam mam problem z komputerem, pomijając to że często się zacina to gdy chcę wejść na partycje dysku, D lub E pokazuje mi się okno "Otwórz za pomocą" (na C jest normalnie). To pewnie przez jakiś wirus typu trojan. Mam plik ComboFix.txt który utworzyłem programem ComboFix, wiem że powinienem zamieścić jego treśc na forum ale całą czy tylko jakiś fragment ? Napiszcie co mam wkleić i pomóżcie rozwiązać problem.
MarekM25 komentarz 12 lipca 2009 komentarz 12 lipca 2009 1. Użyj narzędzia Flash DisInfector. Jeżeli posiadasz jakąś pamięć przenośną niech będzie w tym czasie podłączona. Niektóre antywirusy wykrywają te narzędzie jako wirusa, ale oczywiście Flash DisInfector nim nie jest. 2. To co andziorka napisała;) 3. Czy problem po użyciu flash disinfector nadal występuje??
Psycholandia komentarz 12 lipca 2009 komentarz 12 lipca 2009 Ale logi daj, infekcja może być jeszcze na Twoim komputerze. Lepiej niech Ci sprawdzą loga.
CR7777 komentarz 12 lipca 2009 Autor komentarz 12 lipca 2009 - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Downloaded Program Files\setup.infc:\windows\system32\sexit.datc:\windows\system32\wsnpoemc:\windows\system32\wsnpoem\audio.dllc:\windows\system32\wsnpoem\audio.dll.clac:\windows\system32\wsnpoem\video.dllD:\Autorun.infE:\Autorun.inf.((((((((((((((((((((((((( Pliki utworzone od 2009-06-12 do 2009-07-12 ))))))))))))))))))))))))))))))).2009-07-12 02:10 . 2009-07-12 02:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DrivingSpeed22009-07-12 02:05 . 2009-07-12 02:05 <DIR> d-------- c:\program files\Foxit Software2009-07-11 17:57 . 2008-10-27 19:37 4,499,280 --a------ c:\windows\system32\D3dx9d_40.dll2009-07-11 17:57 . 2008-10-27 19:37 3,796,816 --a------ c:\windows\system32\d3dx9d_33.dll2009-07-11 17:57 . 2008-10-27 19:37 3,084,624 --a------ c:\windows\system32\d3d9d.dll2009-07-11 17:57 . 2008-10-27 19:37 906,576 --a------ c:\windows\system32\xaudioD2_3.dll2009-07-11 17:57 . 2008-10-27 19:36 496,464 --a------ c:\windows\system32\D3DX10d_40.dll2009-07-11 17:57 . 2008-10-27 19:39 360,784 --a------ c:\windows\system32\XactEngineA3_3.dll2009-07-11 17:57 . 2008-10-27 19:39 359,760 --a------ c:\windows\system32\dinput8d.dll2009-07-11 17:57 . 2008-10-27 19:39 349,520 --a------ c:\windows\system32\d3dref9.dll2009-07-11 17:57 . 2008-10-27 19:39 286,032 --a------ c:\windows\system32\XactEngineD3_3.dll2009-07-11 17:57 . 2008-10-27 19:39 123,216 --a------ c:\windows\system32\XAPOFXD1_2.dll2009-07-11 17:57 . 2008-10-27 19:38 47,440 --a------ c:\windows\system32\X3DAudioD1_5.dll2009-07-11 17:48 . 2009-07-11 17:57 <DIR> d-------- c:\program files\Microsoft DirectX SDK (November 2008)2009-07-11 17:47 . 2009-07-11 17:47 119,120 --a------ c:\windows\dxsdkuninst.exe2009-07-10 20:50 . 2009-07-10 20:50 <DIR> d-------- c:\program files\Avira2009-07-10 20:50 . 2009-07-10 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Avira2009-07-10 20:50 . 2009-03-24 16:08 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys2009-07-10 17:31 . 2009-07-10 17:31 <DIR> d-------- c:\documents and settings\Szczepan\Dane aplikacji\PSpad2009-07-10 14:45 . 2009-07-10 14:45 <DIR> d-------- C:\ATI2009-07-10 14:09 . 2009-07-11 23:34 664 --a------ c:\windows\system32\d3d9caps.dat2009-07-09 18:54 . 2009-07-09 18:54 <DIR> d-------- c:\documents and settings\Szczepan\Dane aplikacji\Foxit2009-07-09 18:25 . 2009-07-09 18:25 <DIR> d-------- c:\program files\CyberLink2009-07-09 18:11 . 2009-07-09 18:11 <DIR> d-------- c:\program files\Firegraphic2009-07-09 10:19 . 2009-07-09 10:23 <DIR> d--h----- c:\program files\Zero G Registry2009-07-09 09:49 . 2009-07-09 09:55 <DIR> d-------- c:\program files\GameTop.com2009-07-06 13:27 . 2009-07-06 13:27 <DIR> d-------- c:\program files\Lavalys2009-07-05 13:54 . 2009-07-05 13:54 <DIR> d-------- c:\program files\NCH Software2009-07-05 13:54 . 2009-07-05 13:54 <DIR> d-------- c:\documents and settings\Szczepan\Dane aplikacji\NCH Swift Sound2009-07-05 13:54 . 2009-07-06 13:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound2009-07-05 13:53 . 2009-07-05 13:54 <DIR> d-------- c:\program files\NCH Swift Sound2009-07-03 12:55 . 2009-07-03 12:55 <DIR> d-------- c:\documents and settings\Szczepan\Dane aplikacji\COWON2009-07-03 12:53 . 2009-07-10 16:53 <DIR> d-------- c:\program files\JetAudio2009-07-03 12:53 . 2009-07-03 12:54 <DIR> d-------- c:\program files\Common Files\COWON2009-07-02 23:16 . 2009-07-02 23:16 <DIR> d-------- c:\program files\NASA2009-07-01 09:15 . 2009-07-01 09:15 <DIR> d-------- c:\program files\RealVNC2009-07-01 09:12 . 2009-07-01 09:12 <DIR> d-------- c:\program files\Hamachi2009-07-01 09:12 . 2009-07-12 17:41 <DIR> d-------- c:\documents and settings\Szczepan\Dane aplikacji\Hamachi2009-07-01 09:12 . 2009-07-01 09:12 25,280 --a------ c:\windows\system32\drivers\hamachi.sys2009-06-15 21:52 . 2009-07-06 20:16 <DIR> d-------- c:\program files\RelevantKnowledge2009-06-15 21:52 . 2009-06-15 21:52 <DIR> d-------- c:\program files\Mp3 Knife2009-06-15 21:52 . 2004-04-12 17:27 1,081,616 --a------ c:\windows\system32\mscomctl.ocx2009-06-15 21:52 . 2004-04-12 17:27 609,584 --a------ c:\windows\system32\comctl32.ocx2009-06-15 21:52 . 2004-04-12 17:27 152,848 --a------ c:\windows\system32\comdlg32.ocx.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-12 16:49 --------- d-----w c:\documents and settings\Szczepan\Dane aplikacji\Skype2009-07-10 15:28 --------- d--h--w c:\program files\InstallShield Installation Information2009-07-10 14:53 --------- d-----w c:\program files\hp deskjet 920c series2009-07-10 14:53 --------- d-----w c:\program files\Graffiti Studio 2.02009-07-10 14:42 --------- d-----w c:\program files\Google2009-07-09 08:30 --------- d-----w c:\documents and settings\Szczepan\Dane aplikacji\Sports Interactive2009-06-05 14:57 --------- d-----w c:\documents and settings\Szczepan\Dane aplikacji\Ulead Systems2009-06-05 13:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems2009-06-05 13:13 --------- d-----w c:\program files\Common Files\InterVideo2009-06-05 13:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InterVideo2009-06-05 13:12 --------- d-----w c:\program files\Windows Media Components2009-06-05 13:12 --------- d-----w c:\program files\Common Files\Ulead Systems2009-06-01 02:12 --------- d-----w c:\program files\INTERIAPL2009-06-01 02:07 --------- d-----w c:\program files\Gadu-Gadu2009-05-28 13:57 --------- d-----w c:\program files\DAEMON Tools Pro2009-05-28 13:57 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro2009-05-28 13:55 721,904 ----a-w c:\windows\system32\drivers\sptd.sys2009-05-28 13:54 --------- d-----w c:\documents and settings\Szczepan\Dane aplikacji\DAEMON Tools Pro2009-05-21 20:33 410,984 ----a-w c:\windows\system32\deploytk.dll2009-05-21 20:33 --------- d-----w c:\program files\Java2009-05-21 20:30 --------- d-----w c:\program files\ICeQ2009-05-01 18:30 3,366,912 ----a-w c:\windows\system32\GPhotos.scr2009-04-12 21:58 1,562 ----a-w c:\windows\system32\ealregsnapshot1.reg2007-12-28 01:22 8 --sh--r c:\windows\system32\9BBD5BF1E0.sys2007-12-28 01:23 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-06-08 23233576]"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 471040]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]"EA Core"="d:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]"UVS11 Preload"="e:\wideo\uvPL.exe" [2007-09-12 340136]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"SoundMan"="SOUNDMAN.EXE" [2004-09-16 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\system32\userinit.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Hamachi\\hamachi.exe"="c:\\games\\zombiepox\\zombiepox.exe"="d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="c:\\program files\\relevantknowledge\\rlvknlg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2008-01-07 90568]R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-10 108289]R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}]\Shell\AutoRun\command - I:\nhbivui.exe\Shell\explore\Command - I:\nhbivui.exe\Shell\open\Command - I:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1da28289-2369-11dc-8b78-806d6172696f}]\Shell\AutoRun\command - nhbivui.exe\Shell\explore\Command - nhbivui.exe\Shell\open\Command - nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1da2828a-2369-11dc-8b78-806d6172696f}]\Shell\AutoRun\command - nhbivui.exe\Shell\explore\Command - nhbivui.exe\Shell\open\Command - nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}]\Shell\AutoRun\command - H:\ft96s.exe\Shell\open\Command - H:\ft96s.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69f34b3-af0b-11dc-9d75-00142a576ef9}]\Shell\AutoRun\command - H:\nhbivui.exe\Shell\explore\Command - H:\nhbivui.exe\Shell\open\Command - H:\nhbivui.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f88266-2381-11dc-9c3c-806d6172696f}]\Shell\AutoRun\command - G:\Autorun.exe.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exeHKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exeHKLM-Run-mhlclyg - c:\program files\Common Files\System\yyjnldu.exeHKLM-Run-nhbivui - c:\program files\Common Files\Microsoft Shared\xnxlufi.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Winamp Toolbar Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllc:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}hxxp://powersoccer.minigry.pl/applet/PowerLoader.cabc:\windows\Downloaded Program Files\PowerLoader.infFF - ProfilePath - c:\documents and settings\Szczepan\Dane aplikacji\Mozilla\Firefox\Profiles\90lteis8.default\FF - prefs.js: browser.startup.homepage - hxxp://wp.pl/FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-12 21:30:32Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(620)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2009-07-12 21:34:55ComboFix-quarantined-files.txt 2009-07-12 19:33:38Przed: 2 036 383 744 bajtów wolnychPo: 6,816,358,400 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect232 --- E O F --- 2008-09-09 22:16:53 <----- oto one
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 c:\windows\system32\sexit.dat To źle mi się kojarzy.! Gdzię są pliki tej infekcji, nigdzie ich nie widać? Widać jeszcze klucze z infekcji na penie, ale potem się tym zajmiemy. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 Malwarebytes' Anti-Malware 1.38Wersja bazy definicji: 2297Windows 5.1.2600 Dodatek Service Pack 22009-07-13 13:45:00mbam-log-2009-07-13 (13-45-00).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|)Przeskanowane obiekty: 162703Upłynęło: 1 hour(s), 1 minute(s), 1 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 1Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 1Zainfekowane pliki: 4Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.Zainfekowane pliki:c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.c:\program files\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 DDS - DDS DDS (Ver_09-06-26.01) - NTFSx86 Run by Szczepan at 14:06:48,78 on 2009-07-13Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.151 [GMT 2:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\D-Tools\daemon.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeD:\Program Files\Electronic Arts\EADM\Core.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Szczepan\Pulpit\dds.pif============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://www.google.com/search?q=%smWinlogon: Userinit=c:\windows\system32\userinit.exeBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No FileuRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /trayuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exeuRun: [EA Core] "d:\program files\electronic arts\eadm\Core.exe" -silentmRun: [siSUSBRG] c:\windows\SiSUSBrg.exemRun: [soundMan] SOUNDMAN.EXEmRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033mRun: [bigDogPath] c:\windows\VM_STI.EXE VIMICRO USB PC CameramRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [WinampAgent] "c:\program files\winamp\winampa.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservicemRun: [uVS11 Preload] e:\wideo\uvPL.exemRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /mindRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEIE: &Winamp Toolbar Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllDPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.minigry.pl/applet/PowerLoader.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\szczepan\daneap~1\mozilla\firefox\profiles\90lteis8.default\FF - prefs.js: browser.startup.homepage - hxxp://wp.pl/FF - plugin: c:\program files\google\picasa3\npPicasa2.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-10 11608]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-10 108289]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-10 185089]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-10 55640]R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2008-1-7 90568]S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]=============== Created Last 30 ================2009-07-13 14:06 <DIR> --d-h--- c:\windows\PIF2009-07-13 12:40 <DIR> --d----- c:\docume~1\szczepan\daneap~1\Malwarebytes2009-07-13 12:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys2009-07-13 12:40 19,096 a------- c:\windows\system32\drivers\mbam.sys2009-07-13 12:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2009-07-13 12:40 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Malwarebytes2009-07-13 12:15 0 a------- c:\windows\ativpsrm.bin2009-07-13 10:11 593,920 -------- c:\windows\system32\ati2sgag.exe2009-07-12 22:56 <DIR> --d----- c:\windows\SWAT 42009-07-12 22:45 <DIR> a-dshr-- C:\autorun.inf2009-07-12 21:26 <DIR> a-dshr-- C:\cmdcons2009-07-12 21:25 161,792 a------- c:\windows\SWREG.exe2009-07-12 21:25 98,816 a------- c:\windows\sed.exe2009-07-12 21:25 <DIR> --d----- C:\ComboFix2009-07-12 02:10 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\DrivingSpeed22009-07-12 02:05 <DIR> --d----- c:\program files\Foxit Software2009-07-11 17:57 906,576 a------- c:\windows\system32\xaudioD2_3.dll2009-07-11 17:57 286,032 a------- c:\windows\system32\XactEngineD3_3.dll2009-07-11 17:57 123,216 a------- c:\windows\system32\XAPOFXD1_2.dll2009-07-11 17:57 4,499,280 a------- c:\windows\system32\D3dx9d_40.dll2009-07-11 17:57 360,784 a------- c:\windows\system32\XactEngineA3_3.dll2009-07-11 17:57 359,760 a------- c:\windows\system32\dinput8d.dll2009-07-11 17:57 47,440 a------- c:\windows\system32\X3DAudioD1_5.dll2009-07-11 17:57 3,796,816 a------- c:\windows\system32\d3dx9d_33.dll2009-07-11 17:57 496,464 a------- c:\windows\system32\D3DX10d_40.dll2009-07-11 17:57 3,084,624 a------- c:\windows\system32\d3d9d.dll2009-07-11 17:57 349,520 a------- c:\windows\system32\d3dref9.dll2009-07-11 17:48 <DIR> --d----- c:\program files\Microsoft DirectX SDK (November 2008)2009-07-11 17:47 119,120 a------- c:\windows\dxsdkuninst.exe2009-07-10 20:50 55,640 a------- c:\windows\system32\drivers\avgntflt.sys2009-07-10 20:50 <DIR> --d----- c:\program files\Avira2009-07-10 20:50 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Avira2009-07-10 17:31 <DIR> --d----- c:\docume~1\szczepan\daneap~1\PSpad2009-07-10 14:45 <DIR> --d----- C:\ATI2009-07-10 14:09 664 a------- c:\windows\system32\d3d9caps.dat2009-07-09 18:54 <DIR> --d----- c:\docume~1\szczepan\daneap~1\Foxit2009-07-09 18:11 <DIR> --d----- c:\program files\Firegraphic2009-07-09 10:19 <DIR> --d-h--- c:\program files\Zero G Registry2009-07-09 09:49 <DIR> --d----- c:\program files\GameTop.com2009-07-06 13:27 <DIR> --d----- c:\program files\Lavalys2009-07-05 13:54 <DIR> --d----- c:\program files\NCH Software2009-07-05 13:53 <DIR> --d----- c:\program files\NCH Swift Sound2009-07-03 12:55 <DIR> --d----- c:\docume~1\szczepan\daneap~1\COWON2009-07-03 12:53 <DIR> --d----- c:\program files\common files\COWON2009-07-03 12:53 <DIR> --d----- c:\program files\JetAudio2009-07-02 23:16 <DIR> --d----- c:\program files\NASA2009-07-01 09:15 <DIR> --d----- c:\program files\RealVNC2009-07-01 09:12 25,280 a------- c:\windows\system32\drivers\hamachi.sys2009-07-01 09:12 <DIR> --d----- c:\program files\Hamachi2009-06-15 21:52 1,081,616 a------- c:\windows\system32\mscomctl.ocx2009-06-15 21:52 609,584 a------- c:\windows\system32\comctl32.ocx2009-06-15 21:52 152,848 a------- c:\windows\system32\comdlg32.ocx2009-06-15 21:52 <DIR> --d----- c:\program files\Mp3 Knife==================== Find3M ====================2009-07-11 17:52 448,004 a------- c:\windows\system32\perfh015.dat2009-07-11 17:52 74,230 a------- c:\windows\system32\perfc015.dat2009-05-28 15:55 721,904 a------- c:\windows\system32\drivers\sptd.sys2009-05-21 22:33 410,984 a------- c:\windows\system32\deploytk.dll2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr2007-12-28 03:22 8 ---shr-- c:\windows\system32\9BBD5BF1E0.sys2007-12-28 03:23 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys============= FINISH: 14:07:16,87 =============== DDS - Attach UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-06-26.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 2007-06-25 22:37:14System Uptime: 2009-07-13 13:57:38 (1 hours ago)Processor: AMD Athlon 64 Processor 2800+ | | 1799/mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 16 GiB total, 6,016 GiB free.D: is FIXED (NTFS) - 50 GiB total, 29,327 GiB free.E: is FIXED (NTFS) - 49 GiB total, 33,087 GiB free.F: is CDROM ()G: is CDROM (UDF)==== Disabled Device Manager Items =============Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}Description: Port komunikacyjnyDevice ID: ACPI\PNP0501\2Manufacturer: (Standardowe typy portów)Name: Port komunikacyjny (COM2)PNP Device ID: ACPI\PNP0501\2Service: Serial==== System Restore Points ===================RP483: 2009-07-09 12:34:18 - Punkt kontrolny systemuRP484: 2009-07-09 18:11:40 - Installed Firegraphic 9RP485: 2009-07-10 16:42:03 - Usunięto Google Earth.RP486: 2009-07-10 17:11:38 - Installed PC Inspector File RecoveryRP487: 2009-07-10 17:18:28 - Removed PC Inspector File RecoveryRP488: 2009-07-10 17:19:12 - Installed PC Inspector File RecoveryRP489: 2009-07-10 17:28:16 - Removed PC Inspector File RecoveryRP490: 2009-07-10 19:01:36 - Zainstalowany program DirectXRP491: 2009-07-10 20:49:43 - Avira AntiVir Personal - 2009-07-10 20:49RP492: 2009-07-11 17:53:22 - Zainstalowany program DirectXRP493: 2009-07-12 19:52:07 - ComboFix created restore pointRP494: 2009-07-12 21:25:30 - ComboFix created restore point==== Installed Programs ======================Adobe Flash Player 10 ActiveXAdobe Shockwave PlayerAktualizacja dla systemu Windows XP (KB894391)Aktualizacja dla systemu Windows XP (KB898461)Aktualizacja dla systemu Windows XP (KB900485)Aktualizacja dla systemu Windows XP (KB904942)Aktualizacja dla systemu Windows XP (KB908531)Aktualizacja dla systemu Windows XP (KB910437)Aktualizacja dla systemu Windows XP (KB911280)Aktualizacja dla systemu Windows XP (KB916595)Aktualizacja dla systemu Windows XP (KB920872)Aktualizacja dla systemu Windows XP (KB922582)Aktualizacja dla systemu Windows XP (KB927891)Aktualizacja dla systemu Windows XP (KB930916)Aktualizacja dla systemu Windows XP (KB932823-v3)Aktualizacja dla systemu Windows XP (KB938828)Aktualizacja dla systemu Windows XP (KB942763)Aktualizacja dla systemu Windows XP (KB942840)Aktualizacja dla systemu Windows XP (KB951072-v2)Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782)Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB942615)Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB944533)Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB950759)Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756)Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358)Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423)Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428)Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587)Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591)Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725)Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017)Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214)Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400)Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414)Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749)Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519)Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562)Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927)Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580)Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388)Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389)Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953)Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118)Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439)Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007)Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213)Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670)Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683)Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685)Aktualizacja zabezpieczeń dla systemu Windows XP (KB921503)Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819)Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191)Aktualizacja zabezpieczeń dla systemu Windows XP (KB923414)Aktualizacja zabezpieczeń dla systemu Windows XP (KB923980)Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270)Aktualizacja zabezpieczeń dla systemu Windows XP (KB924667)Aktualizacja zabezpieczeń dla systemu Windows XP (KB925902)Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255)Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436)Aktualizacja zabezpieczeń dla systemu Windows XP (KB927779)Aktualizacja zabezpieczeń dla systemu Windows XP (KB927802)Aktualizacja zabezpieczeń dla systemu Windows XP (KB928255)Aktualizacja zabezpieczeń dla systemu Windows XP (KB928843)Aktualizacja zabezpieczeń dla systemu Windows XP (KB929123)Aktualizacja zabezpieczeń dla systemu Windows XP (KB930178)Aktualizacja zabezpieczeń dla systemu Windows XP (KB931261)Aktualizacja zabezpieczeń dla systemu Windows XP (KB931784)Aktualizacja zabezpieczeń dla systemu Windows XP (KB932168)Aktualizacja zabezpieczeń dla systemu Windows XP (KB933729)Aktualizacja zabezpieczeń dla systemu Windows XP (KB935839)Aktualizacja zabezpieczeń dla systemu Windows XP (KB935840)Aktualizacja zabezpieczeń dla systemu Windows XP (KB936021)Aktualizacja zabezpieczeń dla systemu Windows XP (KB937894)Aktualizacja zabezpieczeń dla systemu Windows XP (KB938127)Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)Aktualizacja zabezpieczeń dla systemu Windows XP (KB938829)Aktualizacja zabezpieczeń dla systemu Windows XP (KB941202)Aktualizacja zabezpieczeń dla systemu Windows XP (KB941568)Aktualizacja zabezpieczeń dla systemu Windows XP (KB941644)Aktualizacja zabezpieczeń dla systemu Windows XP (KB941693)Aktualizacja zabezpieczeń dla systemu Windows XP (KB942615)Aktualizacja zabezpieczeń dla systemu Windows XP (KB943055)Aktualizacja zabezpieczeń dla systemu Windows XP (KB943460)Aktualizacja zabezpieczeń dla systemu Windows XP (KB943485)Aktualizacja zabezpieczeń dla systemu Windows XP (KB944653)Aktualizacja zabezpieczeń dla systemu Windows XP (KB945553)Aktualizacja zabezpieczeń dla systemu Windows XP (KB946026)Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)Aktualizacja zabezpieczeń dla systemu Windows XP (KB948590)Aktualizacja zabezpieczeń dla systemu Windows XP (KB948881)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950749)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)Aktualizacja zabezpieczeń dla Windows XP (KB923689)Aktualizacja zabezpieczeń dla Windows XP (KB941569)Archiwizator WinRARAres 2.1.1ATI Display DriverAvira AntiVir Personal - Free AntivirusCrazy MachinesDAEMON ToolsDriving Speed 2.0EA Download ManagereMusic - 50 Free MP3 offerESET NOD32 AntivirusEVEREST Home Edition v2.20Express BurnExpress RipFIFA 09Firegraphic 9Football Manager 2009Foxit ReaderGadu-Gadu 7.7GlaceGoogle Toolbar for Internet ExplorerGraffiti Studio 2.0Hamachi 1.0.3.0Hotfix for Windows XP (KB915865)hp deskjet 920c series (Tylko usuń)ICatch (VI) PC CameraIceCubeDeluxeInterVideo DeviceServiceJava 2 Runtime Environment, SE v1.4.2_15Java 6 Update 13Java 6 Update 3jetAudio BasicK-Lite Codec Pack 4.0.0 (Full)Malwarebytes' Anti-MalwareMedi@ShowMedieval - Total War - Złota EdycjaMicrosoft .NET Framework 2.0Microsoft DirectX SDK (November 2008)Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Mozilla Firefox (3.0.11)Mp3 Knife 3.2MSXML 4.0 SP2 (KB936181)Natalia PolChat Client ApplicationPac-Manic Worlds ver 1.0PacDude 100% Version 5.0.99PacMan Adventures 3DPacShooter 1.0Picasa 3Pixie Power Swapper 1.00Poprawka dla systemu Windows Internet Explorer 7 (KB947864)Poprawka dla systemu Windows XP (KB914440)Poprawka dla systemu Windows XP (KB952287)Poprawka systemu Windows XP - KB873339Poprawka systemu Windows XP - KB885835Poprawka systemu Windows XP - KB885836Poprawka systemu Windows XP - KB886185Poprawka systemu Windows XP - KB887472Poprawka systemu Windows XP - KB888302Poprawka systemu Windows XP - KB890859Poprawka systemu Windows XP - KB891781Real DominoesRealtek AC'97 AudioRockFrenzySAMSUNG CDMA Modem Driver SetSamsung PC StudioSiS 900 PCI Fast Ethernet Adapter DriverSiSRaidPackageSkype? 3.2SubEdit-PlayerSummer Bound 1.0SWAT 4Switch Sound File ConverterTesty B 2007The Sims 2Ulead VideoStudio 11vanBasco's Karaoke PlayerVideoStudioVNC Free Edition 4.1.3WavePad Sound EditorWebFldrs XPWinampWinamp RemoteWinamp Toolbar for Internet ExplorerWindows Genuine Advantage Notifications (KB905474)Windows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Media Format RuntimeZombiepox v1.1==== End Of File =========================== OTL 511,48 Mb Total Physical Memory | 153,39 Mb Available Physical Memory | 29,99% Memory free1,22 Gb Paging File | 0,85 Gb Available in Paging File | 69,90% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 15,63 Gb Total Space | 6,02 Gb Free Space | 38,50% Space Free | Partition Type: NTFSDrive D: | 49,92 Gb Total Space | 29,33 Gb Free Space | 58,74% Space Free | Partition Type: NTFSDrive E: | 48,93 Gb Total Space | 33,09 Gb Free Space | 67,61% Space Free | Partition Type: NTFSF: Drive not present or media not loadedDrive G: | 5,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDFH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SZCZEPAN-623701Current User Name: SzczepanLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2009-07-11 20:55:35 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009-07-11 20:55:35 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2007-03-06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exePRC - [2007-12-21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2009-05-21 22:33:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2007-03-03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exePRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2007-04-10 15:01:48 | 00,337,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exePRC - [2004-09-16 14:39:44 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2004-08-22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exePRC - [2004-06-09 08:37:02 | 00,040,960 | R--- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXEPRC - [2001-10-29 22:29:59 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exePRC - [2007-12-20 17:16:24 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2009-05-21 22:33:50 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2007-12-21 09:21:06 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2007-12-18 03:02:34 | 00,471,040 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exePRC - [2007-11-14 12:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exePRC - [2004-10-13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exePRC - [2009-01-21 20:41:35 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2009-04-29 19:55:24 | 03,338,240 | ---- | M] (Electronic Arts) -- D:\Program Files\Electronic Arts\EADM\Core.exePRC - [2009-06-23 13:34:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-07-13 14:10:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009-07-11 20:55:35 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])SRV - [2009-07-11 20:55:35 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])SRV - [2007-03-06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2007-12-21 09:22:44 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])SRV - [2007-12-21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])SRV - [2009-04-23 19:35:31 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2009-05-21 22:33:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2007-03-03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2004-09-21 13:53:18 | 02,278,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2007-12-21 09:19:54 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])DRV - [2007-12-21 09:20:14 | 00,030,216 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [system | Running])DRV - [2007-12-21 09:21:56 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])DRV - [2005-08-18 00:00:00 | 00,007,168 | ---- | M] () -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver [On_Demand | Stopped])DRV - [2009-07-01 09:12:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2003-07-18 03:58:20 | 00,036,992 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [boot | Running])DRV - [2003-03-25 11:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [boot | Running])DRV - [2002-10-17 09:14:46 | 00,049,024 | R--- | M] (Windows ? 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [boot | Running])DRV - [2002-07-10 17:39:34 | 00,032,256 | R--- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])DRV - [2002-08-20 11:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [boot | Running])DRV - [2004-09-03 07:43:00 | 00,046,464 | R--- | M] (Silicon Integrated Systems) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid [boot | Running])DRV - [2009-05-28 15:55:01 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2004-11-07 20:33:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])DRV - [2004-11-07 20:36:38 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])DRV - [2004-11-07 20:36:46 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])DRV - [2009-07-11 20:55:35 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])DRV - [2004-09-07 09:11:50 | 00,090,568 | R--- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC302 [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\S-1-5-21-1547161642-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://wp.pl/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-21 22:33:50 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-05 16:27:37 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-23 13:34:57 | 00,000,000 | ---D | M][2009-03-10 18:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Extensions[2009-03-10 18:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2008-05-07 19:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Firefox\Profiles\90lteis8.default\extensions[2009-07-12 22:17:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-23 13:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009-05-21 22:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009-06-23 13:34:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-23 13:34:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2008-11-24 15:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll[2009-05-21 22:33:50 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009-06-23 13:34:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2008-03-24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O3 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [uVS11 Preload] E:\wideo\uvPL.exe (InterVideo Digital Technology Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_15)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-06-25 22:34:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:46 | 00,410,888 | -HS- | M] (Electronic Arts) - D:\Autorun.exe -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:44 | 09,193,984 | ---- | M] () - D:\autorun.dat -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:46 | 00,410,888 | -HS- | M] (Electronic Arts) - D:\AutoRun.exe -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:43 | 09,193,984 | R--- | M] () - G:\autorun.dat -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:35:58 | 00,000,136 | R--- | M] () - G:\autorun.inf -- [ UDF ]O33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\AutoRun\command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\explore\Command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\open\Command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\Shell\AutoRun\command - "" = H:\ft96s.exe -- File not foundO33 - MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\Shell\open\Command - "" = H:\ft96s.exe -- File not foundO34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[3 C:\WINDOWS\*.tmp files][2009-07-13 14:10:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe[2009-07-13 14:06:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF[2009-07-13 12:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Malwarebytes[2009-07-13 12:40:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2009-07-13 12:40:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-13 12:40:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-13 12:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-13 12:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-13 12:15:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin[2009-07-13 10:11:17 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe[2009-07-12 22:56:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\SWAT 4[2009-07-12 22:45:39 | 00,000,000 | RHSD | C] -- C:\autorun.inf[2009-07-12 21:35:53 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009-07-12 21:26:25 | 00,000,211 | ---- | C] () -- C:\Boot.bak[2009-07-12 21:26:19 | 00,260,272 | ---- | C] () -- C:\cmldr[2009-07-12 21:26:08 | 00,000,000 | RHSD | C] -- C:\cmdcons[2009-07-12 21:25:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2009-07-12 21:25:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2009-07-12 21:25:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2009-07-12 21:25:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2009-07-12 21:25:16 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe[2009-07-12 21:25:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2009-07-12 21:25:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2009-07-12 21:25:16 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe[2009-07-12 21:25:16 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2009-07-12 21:25:00 | 00,000,000 | ---D | C] -- C:\ComboFix[2009-07-12 19:48:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2009-07-12 19:48:47 | 00,000,000 | ---D | C] -- C:\Qoobox[2009-07-12 02:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DrivingSpeed2[2009-07-12 02:05:39 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software[2009-07-11 17:57:50 | 00,906,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xaudioD2_3.dll[2009-07-11 17:57:49 | 00,286,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineD3_3.dll[2009-07-11 17:57:49 | 00,123,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFXD1_2.dll[2009-07-11 17:57:48 | 04,499,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3dx9d_40.dll[2009-07-11 17:57:48 | 00,360,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineA3_3.dll[2009-07-11 17:57:48 | 00,359,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8d.dll[2009-07-11 17:57:48 | 00,047,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudioD1_5.dll[2009-07-11 17:57:45 | 03,796,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9d_33.dll[2009-07-11 17:57:42 | 00,496,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX10d_40.dll[2009-07-11 17:57:41 | 03,084,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9d.dll[2009-07-11 17:57:41 | 00,349,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref9.dll[2009-07-11 17:54:38 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll[2009-07-11 17:54:38 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll[2009-07-11 17:54:37 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll[2009-07-11 17:54:36 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll[2009-07-11 17:54:36 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll[2009-07-11 17:54:35 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll[2009-07-11 17:54:35 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll[2009-07-11 17:54:34 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll[2009-07-11 17:54:34 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll[2009-07-11 17:54:33 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll[2009-07-11 17:54:33 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll[2009-07-11 17:54:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll[2009-07-11 17:54:32 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll[2009-07-11 17:50:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly[2009-07-11 17:49:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET[2009-07-11 17:48:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (November 2008)[2009-07-11 17:47:32 | 00,119,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe[2009-07-10 20:50:23 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-10 20:50:07 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-10 20:50:07 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-10 20:50:07 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009-07-10 20:50:07 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-10 20:50:07 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009-07-10 20:50:05 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009-07-10 20:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira[2009-07-10 19:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Moje dokumenty\Sports Interactive[2009-07-10 19:08:13 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Football Manager 2009.lnk[2009-07-10 17:31:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PSpad[2009-07-10 14:45:55 | 00,000,000 | ---D | C] -- C:\ATI[2009-07-10 14:09:52 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009-07-09 18:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Foxit[2009-07-09 18:25:32 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medi@Show.lnk[2009-07-09 18:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink[2009-07-09 18:14:54 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Firegraphic 9.lnk[2009-07-09 18:11:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Moje dokumenty\Firegraphic 9[2009-07-09 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Firegraphic[2009-07-09 10:30:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Sports Interactive[2009-07-09 10:19:12 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry[2009-07-09 09:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com[2009-07-06 13:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys[2009-07-05 13:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2009-07-05 13:54:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\NCH Swift Sound[2009-07-05 13:54:18 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software[2009-07-05 13:54:14 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Express Burn.lnk[2009-07-05 13:53:59 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\WavePad Sound Editor.lnk[2009-07-05 13:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound[2009-07-04 16:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\Axialis[2009-07-03 12:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\COWON[2009-07-03 12:54:09 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\jetAudio.lnk[2009-07-03 12:53:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON[2009-07-03 12:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\JetAudio[2009-07-02 23:17:19 | 00,520,976 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\setup11.exe[2009-07-02 23:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\NASA[2009-07-01 09:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC[2009-07-01 09:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Hamachi[2009-07-01 09:12:32 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys[2009-07-01 09:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi[2009-06-15 21:52:21 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx[2009-06-15 21:52:21 | 00,609,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx[2009-06-15 21:52:21 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx[2009-06-15 21:52:21 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Mp3 Knife.lnk[2009-06-15 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3 Knife[2009-06-05 15:13:08 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009-06-05 15:13:08 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009-06-05 15:13:08 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009-06-05 15:13:08 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009-06-05 15:13:07 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009-06-05 15:13:07 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009-05-28 15:55:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009-03-29 21:48:57 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\dirtysock.dll[2009-02-09 00:18:53 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI[2008-07-27 21:17:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2008-07-27 21:17:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008-07-27 21:17:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008-07-27 21:17:15 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2008-07-27 21:17:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-07-27 21:17:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-07-17 19:49:06 | 00,000,960 | ---- | C] () -- C:\WINDOWS\VPlayer.INI[2008-05-01 15:36:32 | 00,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini[2008-05-01 15:35:53 | 00,000,363 | ---- | C] () -- C:\WINDOWS\psnetwork.ini[2007-12-28 03:22:21 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2007-12-28 03:22:21 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9BBD5BF1E0.sys[2007-12-21 09:21:56 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys[2007-09-16 21:29:05 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL[2007-07-18 21:52:32 | 00,000,172 | ---- | C] () -- C:\WINDOWS\RtlRack.ini[2007-06-26 03:10:30 | 00,000,133 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2007-06-26 01:39:32 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll[2007-06-26 01:33:55 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini[2007-06-26 01:33:55 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini[2007-06-26 01:27:48 | 00,151,056 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL[2007-06-26 01:27:48 | 00,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21.DLL[2007-06-26 01:27:48 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\IYVU9.DLL[2007-06-26 01:27:48 | 00,018,384 | ---- | C] () -- C:\WINDOWS\System32\DCISVGA.DRV[2007-06-26 01:07:52 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2007-06-26 01:07:52 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2007-06-25 22:46:21 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll[2007-06-25 22:45:04 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini[2007-06-25 22:44:56 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll[2007-06-25 22:44:52 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2007-06-25 22:44:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2002-03-17 02:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL[2001-07-22 02:16:20 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-13 14:10:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe[2009-07-13 13:59:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-13 13:58:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-13 13:58:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-13 13:48:54 | 02,107,354 | -H-- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-13 12:40:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2009-07-13 12:15:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin[2009-07-13 09:32:21 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2009-07-13 08:29:57 | 00,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009-07-12 21:30:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009-07-12 21:26:25 | 00,000,281 | RHS- | M] () -- C:\boot.ini[2009-07-12 02:46:13 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-07-11 20:55:35 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-11 17:52:14 | 00,865,856 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009-07-11 17:52:14 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2009-07-11 17:52:14 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009-07-11 17:52:14 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2009-07-11 17:52:14 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009-07-11 17:47:32 | 00,119,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe[2009-07-10 20:50:23 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-10 19:08:13 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Football Manager 2009.lnk[2009-07-09 18:25:32 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medi@Show.lnk[2009-07-09 18:14:54 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Firegraphic 9.lnk[2009-07-05 13:54:14 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Express Burn.lnk[2009-07-05 13:53:59 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\WavePad Sound Editor.lnk[2009-07-03 12:54:09 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\jetAudio.lnk[2009-07-03 11:48:03 | 00,382,976 | ---- | M] () -- C:\WINDOWS\System32\dllcache\rstrui.exe[2009-07-02 23:17:52 | 00,520,976 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\setup11.exe[2009-07-01 10:27:28 | 00,025,256 | ---- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2009-07-01 09:12:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys[2009-06-28 15:52:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\RtlRack.ini[2009-06-17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-06-17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-06-15 21:52:21 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Mp3 Knife.lnk========== LOP Check ==========[2009-07-13 12:40:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2009-05-28 15:57:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro[2009-07-12 02:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DrivingSpeed2[2009-04-13 00:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts[2008-01-03 15:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET[2009-06-05 15:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo[2008-12-14 21:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2009-07-06 13:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2007-12-21 14:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks[2009-03-30 01:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive[2009-06-05 15:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems[2007-06-26 00:22:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2009-07-10 20:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2007-06-25 22:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-07-13 12:40:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji[2008-11-21 01:30:18 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\.#[2009-07-03 12:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\COWON[2008-07-18 10:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Crystal Player[2009-05-28 15:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\DAEMON Tools Pro[2009-07-09 18:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Foxit[2007-06-25 23:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Gadu-Gadu[2009-07-12 17:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Hamachi[2008-12-14 21:51:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\ipla[2009-04-06 23:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Leadertech[2009-07-05 13:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\NCH Swift Sound[2008-11-27 16:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PowerChallenge[2008-05-01 15:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PPMate[2008-05-01 15:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\ppStream[2008-07-26 16:48:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Samsung[2009-07-09 10:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Sports Interactive[2009-06-05 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Ulead Systems[2009-03-26 02:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Uniblue[2001-07-22 02:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-13 13:58:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==========< End of report >
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:46 | 00,410,888 | -HS- | M] (Electronic Arts) - D:\Autorun.exe -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:44 | 09,193,984 | ---- | M] () - D:\autorun.dat -- [ NTFS ]O32 - AutoRun File - [2008-09-09 03:50:46 | 00,410,888 | -HS- | M] (Electronic Arts) - D:\AutoRun.exe -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:43 | 09,193,984 | R--- | M] () - G:\autorun.dat -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:35:58 | 00,000,136 | R--- | M] () - G:\autorun.inf -- [ UDF ]O33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\AutoRun\command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\explore\Command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\Shell\open\Command - "" = I:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\AutoRun\command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\explore\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\Shell\open\Command - "" = H:\nhbivui.exe -- File not foundO33 - MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\Shell\AutoRun\command - "" = H:\ft96s.exe -- File not foundO33 - MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\Shell\open\Command - "" = H:\ft96s.exe -- File not foundO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.):FilesC:\autorun.infD:\autorun.infE:\autorun.infC:\RECYCLERC:\Boot.bakC:\cmldrC:\cmdconsC:\WINDOWS\SWXCACLS.exeC:\WINDOWS\SWREG.exeC:\WINDOWS\SWSC.exeC:\WINDOWS\sed.exeC:\WINDOWS\fdsv.exeC:\WINDOWS\grep.exeC:\WINDOWS\zip.exeC:\WINDOWS\VFIND.exeC:\WINDOWS\NIRCMD.exeC:\ComboFixC:\WINDOWS\ERDNTC:\Qoobox:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="":Commands[emptytemp][start explorer][Reboot] Kilkasz w Run Fix i zatwierdzasz restart komputera. Po restarcie pokazujesz log po usuwaniu. .
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 All processes killed========== OTL ==========No active process named explorer.exe was found!File not found.D:\Autorun.exe moved successfully.D:\autorun.dat moved successfully.File D:\AutoRun.exe not found.File not found.File not found.File move failed. G:\AutoRun.exe scheduled to be moved on reboot.File move failed. G:\Autorun.exe scheduled to be moved on reboot.File move failed. G:\autorun.dat scheduled to be moved on reboot.File move failed. G:\autorun.inf scheduled to be moved on reboot.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09791418-5a0a-11dc-9cfc-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ not found.File I:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ not found.File I:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1923565a-8ca7-11dd-9fa9-00142a576ef9}\ not found.File I:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aaf6fc1-4ab3-11de-9ffd-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b89fb51-4785-11de-9ff3-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aa326cd-a5e2-11dd-a00c-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a08cc634-3871-11dc-9c8b-00142a576ef9}\ not found.File H:\nhbivui.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b10340de-8cd4-11dd-9faa-00142a576ef9}\ not found.File H:\ft96s.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b10340de-8cd4-11dd-9faa-00142a576ef9}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b10340de-8cd4-11dd-9faa-00142a576ef9}\ not found.File H:\ft96s.exe not found.Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.Starting removal of ActiveX control {00000161-0000-0010-8000-00AA00389B71}C:\WINDOWS\Downloaded Program Files\msaudio.inf moved successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000161-0000-0010-8000-00AA00389B71}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000161-0000-0010-8000-00AA00389B71}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found.========== FILES ==========Folder move failed. C:\autorun.inf scheduled to be moved on reboot.Folder move failed. D:\autorun.inf scheduled to be moved on reboot.Folder move failed. E:\autorun.inf scheduled to be moved on reboot.C:\RECYCLER\S-1-5-21-1547161642-813497703-839522115-1003\Dc3 moved successfully.C:\RECYCLER\S-1-5-21-1547161642-813497703-839522115-1003 moved successfully.C:\RECYCLER moved successfully.C:\Boot.bak moved successfully.C:\cmldr moved successfully.Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot.Folder move failed. C:\cmdcons scheduled to be moved on reboot.C:\WINDOWS\SWXCACLS.exe moved successfully.C:\WINDOWS\SWREG.exe moved successfully.C:\WINDOWS\SWSC.exe moved successfully.C:\WINDOWS\sed.exe moved successfully.C:\WINDOWS\fdsv.exe moved successfully.C:\WINDOWS\grep.exe moved successfully.C:\WINDOWS\zip.exe moved successfully.C:\WINDOWS\VFIND.exe moved successfully.C:\WINDOWS\NIRCMD.exe moved successfully.C:\ComboFix moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001 moved successfully.C:\WINDOWS\ERDNT\Hiv-backup\Users moved successfully.C:\WINDOWS\ERDNT\Hiv-backup moved successfully.C:\WINDOWS\ERDNT moved successfully.C:\Qoobox\Quarantine\Registry_backups moved successfully.C:\Qoobox\Quarantine\E moved successfully.C:\Qoobox\Quarantine\D moved successfully.C:\Qoobox\Quarantine\C\WINDOWS\system32\wsnpoem moved successfully.C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files moved successfully.C:\Qoobox\Quarantine\C\WINDOWS moved successfully.C:\Qoobox\Quarantine\C moved successfully.C:\Qoobox\Quarantine moved successfully.C:\Qoobox\BackEnv moved successfully.C:\Qoobox moved successfully.========== REGISTRY ==========Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: Szczepan->Temp folder emptied: 186726 bytesFile delete failed. C:\Documents and Settings\Szczepan\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 23317320 bytes->Java cache emptied: 23152003 bytes->FireFox cache emptied: 34765453 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2114584 bytes%systemroot%\System32 .tmp files removed: 2596 bytesWindows Temp folder emptied: 33432 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 79,76 mbOTL by OldTimer - Version 3.0.7.1 log created on 07132009_184058Files\Folders moved on Reboot...File move failed. G:\AutoRun.exe scheduled to be moved on reboot.File move failed. G:\autorun.dat scheduled to be moved on reboot.File move failed. G:\autorun.inf scheduled to be moved on reboot.Folder move failed. C:\autorun.inf scheduled to be moved on reboot.Folder move failed. D:\autorun.inf scheduled to be moved on reboot.Folder move failed. E:\autorun.inf scheduled to be moved on reboot.Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot.Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot.Folder move failed. C:\cmdcons scheduled to be moved on reboot.Registry entries deleted on Reboot...
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 Utworzyły mi się na pulpicie plik Thumbs.db i folder Originals z 2 plikami i 2 zdjęciami. Ten plik i folder z pulpitu są tak mniej wyraziste niż normalne pliki. Bardziej przeźroczyste. Co to?? Mogę to usunąć??
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 Nie.! To są pliki "ukryte". Jeżeli chcesz wyłączyć to: Mój Komputer>>>Zakładka "Nardzędzia">>>Opcje folderów>>>Zakładka "Widok">>>Zahaczykuj tak jak tutaj na Screenie: No i po ,,Zahaczykowaniu" tych dwóch linijek naciskasz "Zastosuj">>>"OK". .
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 OTL OTL logfile created on: 2009-07-13 20:35:06 - Run 2OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Szczepan\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd511,48 Mb Total Physical Memory | 95,66 Mb Available Physical Memory | 18,70% Memory free1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,44% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 15,63 Gb Total Space | 5,75 Gb Free Space | 36,82% Space Free | Partition Type: NTFSDrive D: | 49,92 Gb Total Space | 29,34 Gb Free Space | 58,76% Space Free | Partition Type: NTFSDrive E: | 48,93 Gb Total Space | 33,09 Gb Free Space | 67,61% Space Free | Partition Type: NTFSF: Drive not present or media not loadedDrive G: | 5,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDFH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: SZCZEPAN-623701Current User Name: SzczepanLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exePRC - [2009-07-11 20:55:35 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2009-07-11 20:55:35 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2007-03-06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exePRC - [2007-12-21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2009-05-21 22:33:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2007-03-03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exePRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2007-04-10 15:01:48 | 00,337,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exePRC - [2004-09-16 14:39:44 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2004-08-22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exePRC - [2004-06-09 08:37:02 | 00,040,960 | R--- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXEPRC - [2001-10-29 22:29:59 | 00,196,608 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exePRC - [2007-12-20 17:16:24 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2009-05-21 22:33:50 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2007-12-21 09:21:06 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2007-06-08 15:18:00 | 23,233,576 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exePRC - [2007-12-18 03:02:34 | 00,471,040 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exePRC - [2007-11-14 12:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exePRC - [2004-10-13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exePRC - [2009-01-21 20:41:35 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2009-04-29 19:55:24 | 03,338,240 | ---- | M] (Electronic Arts) -- D:\Program Files\Electronic Arts\EADM\Core.exePRC - [2007-06-08 15:18:00 | 01,928,136 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exePRC - [2009-07-01 09:12:32 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exePRC - [2009-06-23 13:34:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-07-13 14:10:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009-07-11 20:55:35 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])SRV - [2009-07-11 20:55:35 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])SRV - [2007-03-06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2007-12-21 09:22:44 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])SRV - [2007-12-21 09:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])SRV - [2009-04-23 19:35:31 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2009-05-21 22:33:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2007-03-03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2004-09-21 13:53:18 | 02,278,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2007-12-21 09:19:54 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])DRV - [2007-12-21 09:20:14 | 00,030,216 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [system | Running])DRV - [2007-12-21 09:21:56 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])DRV - [2005-08-18 00:00:00 | 00,007,168 | ---- | M] () -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver [On_Demand | Stopped])DRV - [2009-07-01 09:12:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2003-07-18 03:58:20 | 00,036,992 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [boot | Running])DRV - [2003-03-25 11:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [boot | Running])DRV - [2002-10-17 09:14:46 | 00,049,024 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [boot | Running])DRV - [2002-07-10 17:39:34 | 00,032,256 | R--- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])DRV - [2002-08-20 11:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [boot | Running])DRV - [2004-09-03 07:43:00 | 00,046,464 | R--- | M] (Silicon Integrated Systems) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid [boot | Running])DRV - [2009-05-28 15:55:01 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2004-11-07 20:33:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])DRV - [2004-11-07 20:36:38 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])DRV - [2004-11-07 20:36:46 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])DRV - [2009-07-11 20:55:35 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])DRV - [2004-09-07 09:11:50 | 00,090,568 | R--- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC302 [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/IE - HKU\S-1-5-21-1547161642-813497703-839522115-1003\S-1-5-21-1547161642-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://wp.pl/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-21 22:33:50 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-05 16:27:37 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-23 13:34:57 | 00,000,000 | ---D | M][2009-03-10 18:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Extensions[2009-03-10 18:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2008-05-07 19:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\mozilla\Firefox\Profiles\90lteis8.default\extensions[2009-07-12 22:17:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-23 13:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009-05-21 22:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009-06-23 13:34:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-23 13:34:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2008-11-24 15:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll[2009-05-21 22:33:50 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009-06-23 13:34:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2008-03-24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O3 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe (HP)O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [uVS11 Preload] E:\wideo\uvPL.exe (InterVideo Digital Technology Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKU\S-1-5-21-1547161642-813497703-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]O7 - HKU\S-1-5-21-1547161642-813497703-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-06-25 22:34:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-04-07 01:26:40 | 00,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-12 22:45:39 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:50:43 | 09,193,984 | R--- | M] () - G:\autorun.dat -- [ UDF ]O32 - AutoRun File - [2008-09-09 01:35:58 | 00,000,136 | R--- | M] () - G:\autorun.inf -- [ UDF ]O33 - MountPoints2\{f0f88266-2381-11dc-9c3c-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{f0f88266-2381-11dc-9c3c-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008-09-09 01:50:45 | 00,410,888 | R--- | M] (Electronic Arts)O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[2009-07-13 18:42:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009-07-13 18:40:58 | 00,000,000 | ---D | C] -- C:\_OTL[2009-07-13 15:12:24 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job[2009-07-13 15:12:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474[2009-07-13 14:10:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe[2009-07-13 14:06:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF[2009-07-13 12:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Malwarebytes[2009-07-13 12:40:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2009-07-13 12:40:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-13 12:40:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-13 12:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-13 12:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-13 12:15:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin[2009-07-13 10:11:17 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe[2009-07-12 22:56:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\SWAT 4[2009-07-12 22:45:39 | 00,000,000 | RHSD | C] -- C:\autorun.inf[2009-07-12 21:26:08 | 00,000,000 | RHSD | C] -- C:\cmdcons[2009-07-12 02:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DrivingSpeed2[2009-07-12 02:05:39 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software[2009-07-11 17:57:50 | 00,906,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xaudioD2_3.dll[2009-07-11 17:57:49 | 00,286,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineD3_3.dll[2009-07-11 17:57:49 | 00,123,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFXD1_2.dll[2009-07-11 17:57:48 | 04,499,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3dx9d_40.dll[2009-07-11 17:57:48 | 00,360,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineA3_3.dll[2009-07-11 17:57:48 | 00,359,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8d.dll[2009-07-11 17:57:48 | 00,047,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudioD1_5.dll[2009-07-11 17:57:45 | 03,796,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9d_33.dll[2009-07-11 17:57:42 | 00,496,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX10d_40.dll[2009-07-11 17:57:41 | 03,084,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9d.dll[2009-07-11 17:57:41 | 00,349,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref9.dll[2009-07-11 17:54:38 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll[2009-07-11 17:54:38 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll[2009-07-11 17:54:37 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll[2009-07-11 17:54:36 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll[2009-07-11 17:54:36 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll[2009-07-11 17:54:35 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll[2009-07-11 17:54:35 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll[2009-07-11 17:54:34 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll[2009-07-11 17:54:34 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll[2009-07-11 17:54:33 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll[2009-07-11 17:54:33 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll[2009-07-11 17:54:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll[2009-07-11 17:54:32 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll[2009-07-11 17:50:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly[2009-07-11 17:49:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET[2009-07-11 17:48:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (November 2008)[2009-07-11 17:47:32 | 00,119,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe[2009-07-10 20:50:23 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-10 20:50:07 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-10 20:50:07 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-10 20:50:07 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009-07-10 20:50:07 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-10 20:50:07 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009-07-10 20:50:05 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009-07-10 20:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira[2009-07-10 19:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Moje dokumenty\Sports Interactive[2009-07-10 19:08:13 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Football Manager 2009.lnk[2009-07-10 17:31:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PSpad[2009-07-10 14:45:55 | 00,000,000 | ---D | C] -- C:\ATI[2009-07-10 14:09:52 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009-07-09 18:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Foxit[2009-07-09 18:25:32 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medi@Show.lnk[2009-07-09 18:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink[2009-07-09 18:14:54 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Firegraphic 9.lnk[2009-07-09 18:11:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Moje dokumenty\Firegraphic 9[2009-07-09 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Firegraphic[2009-07-09 10:30:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Sports Interactive[2009-07-09 10:19:12 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry[2009-07-09 09:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com[2009-07-06 13:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys[2009-07-05 13:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2009-07-05 13:54:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\NCH Swift Sound[2009-07-05 13:54:18 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software[2009-07-05 13:54:14 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Express Burn.lnk[2009-07-05 13:53:59 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\WavePad Sound Editor.lnk[2009-07-05 13:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound[2009-07-04 16:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\Axialis[2009-07-03 12:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\COWON[2009-07-03 12:54:09 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\jetAudio.lnk[2009-07-03 12:53:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON[2009-07-03 12:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\JetAudio[2009-07-02 23:17:19 | 00,520,976 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\setup11.exe[2009-07-02 23:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\NASA[2009-07-01 09:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC[2009-07-01 09:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Hamachi[2009-07-01 09:12:32 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys[2009-07-01 09:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi[2009-06-15 21:52:21 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx[2009-06-15 21:52:21 | 00,609,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx[2009-06-15 21:52:21 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx[2009-06-15 21:52:21 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Szczepan\Pulpit\Mp3 Knife.lnk[2009-06-15 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3 Knife[2009-06-05 15:13:08 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2009-06-05 15:13:08 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2009-06-05 15:13:08 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2009-06-05 15:13:08 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2009-06-05 15:13:07 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2009-06-05 15:13:07 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2009-05-28 15:55:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009-03-29 21:48:57 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\dirtysock.dll[2009-02-09 00:18:53 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI[2008-07-27 21:17:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2008-07-27 21:17:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008-07-27 21:17:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008-07-27 21:17:15 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2008-07-27 21:17:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-07-27 21:17:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-07-17 19:49:06 | 00,000,960 | ---- | C] () -- C:\WINDOWS\VPlayer.INI[2008-05-01 15:36:32 | 00,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini[2008-05-01 15:35:53 | 00,000,363 | ---- | C] () -- C:\WINDOWS\psnetwork.ini[2007-12-28 03:22:21 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2007-12-28 03:22:21 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9BBD5BF1E0.sys[2007-12-21 09:21:56 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys[2007-09-16 21:29:05 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL[2007-07-18 21:52:32 | 00,000,172 | ---- | C] () -- C:\WINDOWS\RtlRack.ini[2007-06-26 03:10:30 | 00,000,133 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2007-06-26 01:39:32 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll[2007-06-26 01:33:55 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini[2007-06-26 01:33:55 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini[2007-06-26 01:27:48 | 00,151,056 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL[2007-06-26 01:27:48 | 00,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21.DLL[2007-06-26 01:27:48 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\IYVU9.DLL[2007-06-26 01:27:48 | 00,018,384 | ---- | C] () -- C:\WINDOWS\System32\DCISVGA.DRV[2007-06-26 01:07:52 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2007-06-26 01:07:52 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2007-06-25 22:46:21 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll[2007-06-25 22:45:04 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini[2007-06-25 22:44:56 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll[2007-06-25 22:44:52 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2007-06-25 22:44:18 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2002-03-17 02:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL[2001-07-22 02:16:20 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini========== Files - Modified Within 30 Days ==========[2009-07-13 20:02:30 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job[2009-07-13 20:00:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-13 20:00:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-13 20:00:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-13 18:28:37 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2009-07-13 18:28:36 | 00,984,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009-07-13 18:28:36 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009-07-13 18:28:36 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2009-07-13 18:28:36 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009-07-13 18:24:00 | 00,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009-07-13 15:12:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2009-07-13 14:10:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Szczepan\Pulpit\OTL.exe[2009-07-13 13:48:54 | 02,107,354 | -H-- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-13 12:40:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2009-07-13 12:15:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin[2009-07-13 09:32:21 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2009-07-12 21:30:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009-07-12 21:26:25 | 00,000,281 | RHS- | M] () -- C:\boot.ini[2009-07-12 02:46:13 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-07-11 20:55:35 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-11 17:47:32 | 00,119,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe[2009-07-10 20:50:23 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-10 19:08:13 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Football Manager 2009.lnk[2009-07-09 18:25:32 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medi@Show.lnk[2009-07-09 18:14:54 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Firegraphic 9.lnk[2009-07-05 13:54:14 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Express Burn.lnk[2009-07-05 13:53:59 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\WavePad Sound Editor.lnk[2009-07-03 12:54:09 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\jetAudio.lnk[2009-07-03 11:48:03 | 00,382,976 | ---- | M] () -- C:\WINDOWS\System32\dllcache\rstrui.exe[2009-07-02 23:17:52 | 00,520,976 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\setup11.exe[2009-07-01 10:27:28 | 00,025,256 | ---- | M] () -- C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2009-07-01 09:12:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys[2009-06-28 15:52:51 | 00,000,172 | ---- | M] () -- C:\WINDOWS\RtlRack.ini[2009-06-17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-06-17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-06-15 21:52:21 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Szczepan\Pulpit\Mp3 Knife.lnk========== LOP Check ==========[2009-07-13 12:40:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2009-05-28 15:57:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro[2009-07-12 02:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DrivingSpeed2[2009-04-13 00:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts[2008-01-03 15:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET[2009-06-05 15:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo[2008-12-14 21:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2009-07-06 13:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound[2007-12-21 14:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks[2009-03-30 01:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive[2009-06-05 15:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems[2007-06-26 00:22:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2009-07-10 20:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2007-06-25 22:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-07-13 12:40:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji[2008-11-21 01:30:18 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\.#[2009-07-03 12:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\COWON[2008-07-18 10:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Crystal Player[2009-05-28 15:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\DAEMON Tools Pro[2009-07-09 18:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Foxit[2007-06-25 23:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Gadu-Gadu[2009-07-13 20:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Hamachi[2008-12-14 21:51:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\ipla[2009-04-06 23:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Leadertech[2009-07-05 13:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\NCH Swift Sound[2008-11-27 16:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PowerChallenge[2008-05-01 15:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\PPMate[2008-05-01 15:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\ppStream[2008-07-26 16:48:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Samsung[2009-07-09 10:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Sports Interactive[2009-06-05 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Ulead Systems[2009-03-26 02:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Szczepan\Dane aplikacji\Uniblue[2001-07-22 02:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-13 20:00:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT[2009-07-13 20:02:30 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job========== Purity Check ==========< End of report >
Gość komentarz 13 lipca 2009 komentarz 13 lipca 2009 1. Do poczytania i wykonania: Usuwanie infekcji z dysków przenośnych. 2. Te logi są dla mnie jakieś ,,dzikie". Poproszę o log z ComboFixa. .
CR7777 komentarz 13 lipca 2009 Autor komentarz 13 lipca 2009 (edytowane) . /wow section - STAGE 41((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Szczepan\USTAWI~1\Temp\catchme.dllc:\documents and settings\Szczepan\Dane aplikacji\.#c:\documents and settings\Szczepan\Ustawienia lokalne\temp\catchme.dllc:\program files\Common Files\Microsoft Shared\mhlclyg.infc:\program files\Common Files\System\mhlclyg.infc:\windows\Installer\2c6015.msic:\windows\Installer\2c6019.msi.((((((((((((((((((((((((( Pliki utworzone od 2009-06-13 do 2009-07-13 ))))))))))))))))))))))))))))))).2009-07-13 16:40 . 2009-07-13 16:40 -------- d-----w- C:\_OTL2009-07-13 13:12 . 2009-07-13 13:12 -------- d-----w- c:\windows\system32\KB9054742009-07-13 13:12 . 2009-03-10 20:26 1436544 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe2009-07-13 13:12 . 2009-03-10 20:18 455048 ----a-w- c:\windows\system32\KB905474\wgasetup.exe2009-07-13 12:06 . 2009-07-13 12:06 -------- d--h--w- c:\windows\PIF2009-07-13 10:40 . 2009-07-13 10:40 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Malwarebytes2009-07-13 10:40 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-07-13 10:40 . 2009-07-13 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-07-13 10:40 . 2009-07-13 10:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-07-13 10:40 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-07-13 10:15 . 2009-07-13 10:15 0 ----a-w- c:\windows\ativpsrm.bin2009-07-13 08:11 . 2009-02-25 13:15 593920 ------w- c:\windows\system32\ati2sgag.exe2009-07-12 20:56 . 2009-07-12 20:56 -------- d-----w- c:\windows\SWAT 42009-07-12 00:10 . 2009-07-12 00:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DrivingSpeed22009-07-12 00:05 . 2009-07-12 00:05 -------- d-----w- c:\program files\Foxit Software2009-07-11 15:57 . 2008-10-27 17:37 906576 ----a-w- c:\windows\system32\xaudioD2_3.dll2009-07-11 15:57 . 2008-10-27 17:39 286032 ----a-w- c:\windows\system32\XactEngineD3_3.dll2009-07-11 15:57 . 2008-10-27 17:39 123216 ----a-w- c:\windows\system32\XAPOFXD1_2.dll2009-07-11 15:57 . 2008-10-27 17:39 360784 ----a-w- c:\windows\system32\XactEngineA3_3.dll2009-07-11 15:57 . 2008-10-27 17:39 359760 ----a-w- c:\windows\system32\dinput8d.dll2009-07-11 15:57 . 2008-10-27 17:38 47440 ----a-w- c:\windows\system32\X3DAudioD1_5.dll2009-07-11 15:57 . 2008-10-27 17:37 4499280 ----a-w- c:\windows\system32\D3dx9d_40.dll2009-07-11 15:57 . 2008-10-27 17:37 3796816 ----a-w- c:\windows\system32\d3dx9d_33.dll2009-07-11 15:57 . 2008-10-27 17:36 496464 ----a-w- c:\windows\system32\D3DX10d_40.dll2009-07-11 15:57 . 2008-10-27 17:39 349520 ----a-w- c:\windows\system32\d3dref9.dll2009-07-11 15:57 . 2008-10-27 17:37 3084624 ----a-w- c:\windows\system32\d3d9d.dll2009-07-11 15:48 . 2009-07-11 15:57 -------- d-----w- c:\program files\Microsoft DirectX SDK (November 2008)2009-07-11 15:47 . 2009-07-11 15:47 119120 ----a-w- c:\windows\dxsdkuninst.exe2009-07-10 18:50 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys2009-07-10 18:50 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-07-10 18:50 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2009-07-10 18:50 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2009-07-10 18:50 . 2009-07-10 18:50 -------- d-----w- c:\program files\Avira2009-07-10 18:50 . 2009-07-10 18:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira2009-07-10 15:31 . 2009-07-10 15:31 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\PSpad2009-07-10 12:45 . 2009-07-10 12:45 -------- d-----w- C:\ATI2009-07-10 12:09 . 2009-07-13 07:32 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-07-09 16:54 . 2009-07-09 16:54 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Foxit2009-07-09 16:25 . 2009-07-09 16:25 -------- d-----w- c:\program files\CyberLink2009-07-09 16:11 . 2009-07-09 16:11 -------- d-----w- c:\program files\Firegraphic2009-07-09 08:19 . 2009-07-09 08:23 -------- d--h--w- c:\program files\Zero G Registry2009-07-09 07:49 . 2009-07-09 07:55 -------- d-----w- c:\program files\GameTop.com2009-07-06 11:27 . 2009-07-06 11:27 -------- d-----w- c:\program files\Lavalys2009-07-05 11:54 . 2009-07-06 11:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound2009-07-05 11:54 . 2009-07-05 11:54 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\NCH Swift Sound2009-07-05 11:54 . 2009-07-05 11:54 -------- d-----w- c:\program files\NCH Software2009-07-05 11:53 . 2009-07-05 11:54 -------- d-----w- c:\program files\NCH Swift Sound2009-07-04 14:45 . 2009-07-04 14:48 -------- d-----w- c:\documents and settings\Szczepan\Ustawienia lokalne\Dane aplikacji\Axialis2009-07-03 10:55 . 2009-07-03 10:55 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\COWON2009-07-03 10:53 . 2009-07-03 10:54 -------- d-----w- c:\program files\Common Files\COWON2009-07-03 10:53 . 2009-07-10 14:53 -------- d-----w- c:\program files\JetAudio2009-07-02 21:16 . 2009-07-02 21:16 -------- d-----w- c:\program files\NASA2009-07-01 07:15 . 2009-07-01 07:15 -------- d-----w- c:\program files\RealVNC2009-07-01 07:12 . 2009-07-13 19:22 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Hamachi2009-07-01 07:12 . 2009-07-01 07:12 -------- d-----w- c:\program files\Hamachi2009-07-01 07:12 . 2009-07-01 07:12 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys2009-06-15 19:52 . 2009-06-15 19:52 -------- d-----w- c:\program files\Mp3 Knife.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-13 19:22 . 2007-06-25 21:48 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Skype2009-07-13 16:28 . 2001-10-26 18:15 448004 ----a-w- c:\windows\system32\perfh015.dat2009-07-13 16:28 . 2001-10-26 18:15 74230 ----a-w- c:\windows\system32\perfc015.dat2009-07-13 08:10 . 2007-06-25 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information2009-07-10 14:53 . 2009-05-28 10:59 -------- d-----w- c:\program files\Graffiti Studio 2.02009-07-10 14:53 . 2007-06-25 23:44 -------- d-----w- c:\program files\hp deskjet 920c series2009-07-10 14:42 . 2007-06-25 21:48 -------- d-----w- c:\program files\Google2009-07-09 08:30 . 2009-03-29 23:12 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Sports Interactive2009-07-01 08:27 . 2007-06-25 20:40 25256 ----a-w- c:\documents and settings\Szczepan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-05 14:57 . 2009-06-05 13:14 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\Ulead Systems2009-06-05 13:14 . 2009-06-05 13:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ulead Systems2009-06-05 13:13 . 2009-06-05 13:13 -------- d-----w- c:\program files\Common Files\InterVideo2009-06-05 13:13 . 2009-06-05 13:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\InterVideo2009-06-05 13:12 . 2009-06-05 13:12 -------- d-----w- c:\program files\Windows Media Components2009-06-05 13:12 . 2009-06-05 13:11 -------- d-----w- c:\program files\Common Files\Ulead Systems2009-06-01 02:12 . 2009-05-24 01:29 -------- d-----w- c:\program files\INTERIAPL2009-06-01 02:07 . 2007-06-25 21:29 -------- d-----w- c:\program files\Gadu-Gadu2009-05-28 13:57 . 2009-05-28 13:57 -------- d-----w- c:\program files\DAEMON Tools Pro2009-05-28 13:57 . 2009-05-28 13:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro2009-05-28 13:55 . 2009-05-28 13:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-05-28 13:54 . 2009-05-28 13:54 -------- d-----w- c:\documents and settings\Szczepan\Dane aplikacji\DAEMON Tools Pro2009-05-21 20:33 . 2009-05-21 20:34 410984 ----a-w- c:\windows\system32\deploytk.dll2009-05-21 20:33 . 2007-12-22 15:53 -------- d-----w- c:\program files\Java2009-05-21 20:32 . 2009-05-21 20:32 152576 ----a-w- c:\documents and settings\Szczepan\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-05-21 20:30 . 2009-05-21 19:32 -------- d-----w- c:\program files\ICeQ2009-05-07 15:44 . 2004-08-03 22:44 346112 ----a-w- c:\windows\system32\localspl.dll2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr2009-04-29 04:47 . 2004-08-03 22:44 827392 ----a-w- c:\windows\system32\wininet.dll2009-04-29 04:47 . 2004-08-03 22:44 78336 ----a-w- c:\windows\system32\ieencode.dll2009-04-19 20:11 . 2004-08-03 22:37 1846912 ----a-w- c:\windows\system32\win32k.sys2009-04-15 15:18 . 2004-08-03 22:44 584192 ----a-w- c:\windows\system32\rpcrt4.dll2009-06-23 11:34 . 2009-05-21 20:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll2007-12-28 01:22 . 2007-12-28 01:22 8 --sh--r- c:\windows\system32\9BBD5BF1E0.sys2007-12-28 01:23 . 2007-12-28 01:22 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-06-08 23233576]"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 471040]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]"EA Core"="d:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]"UVS11 Preload"="e:\wideo\uvPL.exe" [2007-09-12 340136]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Hamachi\\hamachi.exe"="c:\\games\\zombiepox\\zombiepox.exe"="d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-10 108289]R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2008-01-07 90568]S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168].Zawartość folderu 'Zaplanowane zadania'2009-07-13 c:\windows\Tasks\WGASetup.job- c:\windows\system32\KB905474\wgasetup.exe [2009-07-13 20:18]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Winamp Toolbar Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.minigry.pl/applet/PowerLoader.cabFF - ProfilePath - c:\documents and settings\Szczepan\Dane aplikacji\Mozilla\Firefox\Profiles\90lteis8.default\FF - prefs.js: browser.startup.homepage - hxxp://wp.pl/FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-13 21:32Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(624)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2009-07-13 21:37ComboFix-quarantined-files.txt 2009-07-13 19:36ComboFix2.txt 2009-07-12 19:34Przed: 6 110 175 232 bajtów wolnychPo: 6 099 308 544 bajtów wolnych199 --- E O F --- 2009-07-13 13:12 Jeszcze takie pytanie. Przeniosę coś do kosza i to po pewnym czasie samo się z niego usuwa. Pliki te są na prawdę małe i bez problemu się w koszu pomieszczą.
Gość komentarz 14 lipca 2009 komentarz 14 lipca 2009 Log jest czysty.! Wirusów już nie masz. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera. To na tyle. Co w sprawie tego usuwania plików z kosza to napisz tutaj: http://www.forumpc.pl/index.php?showforum=87 .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.