x-kom hosting

Problemy ze szkodnikiem W32/Hidrag.a i innymi.

iwan59
utworzono
utworzono (edytowane)

HijackThis

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:28:24, on 2009-07-21Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\Dit.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\NEOSTR~1\TaskBarIcon.exeC:\Program Files\MultiKeyboard Driver\KbdDrv.exeC:\WINDOWS\DitExp.exeC:\WINDOWS\System32\FTRTSVC.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\MsiExec.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\macromed\flash\GetFlash.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeI:\Nowy folder\OTL.exeI:\Nowy folder\RSIT.exeI:\Nowy folder\PAT.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Dit] Dit.exeO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exeO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.htmlO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)--End of file - 5154 bytes

OTL

Extras.Txt

OTL Extras logfile created on: 2009-07-21 12:23:02 - Run 1OTL by OldTimer - Version 3.0.9.2     Folder = I:\Nowy folderWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd510,48 Mb Total Physical Memory | 241,78 Mb Available Physical Memory | 47,36% Memory free1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,78% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 0,78 Gb Free Space | 3,99% Space Free | Partition Type: NTFSDrive D: | 48,83 Gb Total Space | 10,48 Gb Free Space | 21,45% Space Free | Partition Type: NTFSDrive E: | 39,06 Gb Total Space | 21,86 Gb Free Space | 55,97% Space Free | Partition Type: NTFSDrive F: | 41,62 Gb Total Space | 30,73 Gb Free Space | 73,84% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedDrive I: | 3,72 Gb Total Space | 1,70 Gb Free Space | 45,54% Space Free | Partition Type: FAT32Computer Name: PATRYKCurrent User Name: PATLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"D:\womrsy\Worms Forts Under Siege\WF.exe" = D:\womrsy\Worms Forts Under Siege\WF.exe:*:Disabled:WF -- File not found"D:\womrsy\WORMS 4 MAYHEM.EXE" = D:\womrsy\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem -- File not found"D:\Paris Chase\ParisChase.exe" = D:\Paris Chase\ParisChase.exe:*:Disabled:ParisChase -- File not found"D:\heros\h3blade.exe" = D:\heros\h3blade.exe:*:Enabled:Heroes of Might and Magic III -- File not found"D:\gusanos-ded.exe" = D:\gusanos-ded.exe:*:Enabled:gusanos-ded -- File not found"D:\Serious Sam Pierwsze Starcie\Bin\SeriousSam.exe" = D:\Serious Sam Pierwsze Starcie\Bin\SeriousSam.exe:*:Enabled:SeriousSam -- File not found"D:\GRY\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = D:\GRY\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- File not found"D:\GRY\GameCenter\GameCenter.exe" = D:\GRY\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- File not found"D:\Program Files\GameSpy Arcade\Aphex.exe" = D:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade 1.0, Public Beta 7 -- File not found"D:\GRY\Space Empires IV Deluxe\se4.exe" = D:\GRY\Space Empires IV Deluxe\se4.exe:*:Enabled:Space Empires IV -- File not found"D:\GRY\Alien Arena 2008\crx.exe" = D:\GRY\Alien Arena 2008\crx.exe:*:Disabled:crx -- File not found"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{008E8741-8888-4BEE-89B6-5AECB5FB9611}" = NitroFamily"{0D70015A-EA6F-4C19-B116-E022C1256AD4}" = Alone in the Dark - Koszmar Powraca"{17145977-D875-4B1D-942F-9E5930823E02}_is1" = Gods - Kraina Nieskończoności"{1C36647E-F5BD-43E9-BA64-5F274B7F7050}_is1" = Paris Chase"{1F45C0EC-17A4-4EE9-874D-A88757BD6C09}" = CapMan"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11"{2DBA8C48-57A2-48F9-8CB5-CB794EACE9CC}" = Tank-o-box wersja CD"{337B5336-A953-4C81-95B5-B4F8DA7FA189}" = Mashed Demo"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools"{414D0241-EDC9-4EE6-8925-2D6A847FB212}" = Disciples II - Mroczne Proroctwo"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe? Photoshop? Album Starter Edition 3.0"{5265664F-6128-405C-9225-9782A85954FD}" = Plustek USB Scanner"{53B9A1FE-FF04-4431-B394-B110FE794200}" = Bad Boys 2"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: Drugie Starcie"{63D08574-EC96-44F1-8973-8BA847C2BB22}" = Moorhuhn Kart XS (PL)"{68F423B1-B08A-4EFC-8414-408455443322}" = Demo Tarzan"{6AAF923E-077E-4543-BA1C-42A75BB03677}" = Sąsiedzi z Piekła Rodem 1 i 2"{6E7B12B6-DA76-4167-BB65-491C18F8236B}" = Hotel Giant"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic"{75B4F73F-4EB1-4126-AE4B-639F3CE6E411}" = Sony Ericsson Mobile Phone Monitor"{7689CA7A-1270-425A-9959-EB4CB25EA29A}" = Sony Ericsson PC Suite 1.20.224"{797E03F8-C8A0-47ED-AA9F-D7076276E491}" = Ford Racing 2"{7F46E168-E0F4-45EA-81F5-80488334B609}" = USB Data Cable 1.12.27s"{819A6E18-2533-4434-AB91-E5D95F3549A2}" = WR2 Demo ATS"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.07"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTA III"{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: Angel Of Darkeness"{98B791BF-0F12-453A-A25D-FD4340703444}" = Podbój Rzymu"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9FAB01F2-8711-46D2-84B6-2D8A4AC9BF0A}" = Alladyn i Nowe Szaty Króla - dema"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03"{AC76BA86-7AD7-1045-7B44-A70000000000}" = Adobe Reader 7.0 - Polish"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master"{B196519A-A2AC-443E-84D1-F336B4E8F304}" = BIONICLE"{B489D5F8-D960-4399-9286-C59BF21991B5}" = Mój brat niedźwiedź"{C4598BAE-00C8-4582-BA38-82C24C07113F}" = Bumper Wars"{CF6C6176-3CAF-471D-B2AE-48E3F121B609}" = Warrior Kings"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader & Flash Disk"{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}" = Drome Racers"{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}" = GTA I"2007ver5.0_demo;_is1" = Encyklopedia Gier 2007 5.0 demo"Activision_H2UninstallKey" = Hexen II"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Alien Arena 2008_is1" = Alien Arena 2008 7.10"ALLPlayer V2.X" = ALLPlayer V2.X"Aqua Fish - Wersja Demo_is1" = Aqua Fish - Wersja Demo"AstroRaid v1.42_is1" = AstroRaid v1.42"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"Bongo Boogie" = Bongo Boogie"Bricks of Camelot Trial Version_is1" = Bricks of Camelot - Realore Trial Version 1.01"BSPlayer1" = BSPlayer"Captain Zoox & Pingy" = Captain Zoox & Pingy"Chicken Invaders 2 Christmas Edition demo_is1" = Chicken Invaders 2 Christmas Edition demo v2.60"Cleanse Uninstaller Pro 2008 " = Cleanse Uninstaller Pro 2008  "Cosgrove's Umbrella" = Cosgrove's Umbrella"CToolbar_UNINSTALL" = Crawler Toolbar"Dark Signs" = Dark Signs"Dark Signs Mission Editor 0.64" = Dark Signs Mission Editor 0.64"Democracy Player" = Democracy Player 0.9.5"Device Control" = Device Control"DieSlave" = DieSlave"Driver Magician_is1" = Driver Magician 3.4"DVD Audio Ripper 4" = DVD Audio Ripper 4"EAXSet" = Creative EAX Settings"El Airplane" = El Airplane"Enclave_is1" = Enclave"Far Gate" = Far Gate"Freeride Earth" = Freeride Earth"Froggy Castle" = Strzel sobie"GameSpy Arcade" = GameSpy Arcade"GangLand" = GangLand"Giana Worlds" = Giana Worlds 0.83 Preview"Gift" = Gift"gsle4" = LRC Editor 4.0 (remove only)"GTA2" = GTA2"HijackThis" = HijackThis 2.0.2"Icy Tower_is1" = Icy Tower v1.2 (11kHz)"InstallShield_{819A6E18-2533-4434-AB91-E5D95F3549A2}" = WR2 Demo ATS"InterActual Player" = InterActual Player"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)"kraken" = L'Oeil du Kraken / Eye of the Kraken"Krzyżówki dla Zerówki_is1" = Krzyżówki dla Zerówki 7"Mad Tracks Demo" = Mad Tracks Demo  "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0"Movavi VideoSuite 4.3" = Movavi VideoSuite 4.3"MUCHTRIX" = MUCHTRIX"Multimedia Keyboard Driver" = Multimedia Keyboard Driver"neostradatp.exe" = neostrada tp"NeroMultiInstaller!UninstallKey" = Nero Suite"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)"Nowe Gadu-Gadu" = Nowe Gadu-Gadu"NVIDIA Drivers" = NVIDIA Drivers"Pekka Kana 2" = Pekka Kana 2"Pet Racer" = Pet Racer"PetRacer" = Pet Racer"PowerDVD" = PowerDVD"Pro Pinball - Fantastic Journey" = Pro Pinball - Fantastic Journey"RealAlt_is1" = Real Alternative 1.27"RealChess_is1" = Real Chess"RealPlayer 6.0" = RealPlayer"Registry Shower 2007_is1" = Registry Shower 2007 2.70 PC Format"Sea Dogs" = Sea Dogs"Serious Sam Pierwsze Starcie" = Serious Sam Pierwsze Starcie"Solaris 104" = Solaris 104"SPEAKER" = Creative Speaker Settings"Speed Reader PL_is1" = Speed Reader PL"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy"Star Racing_is1" = Star Racing"StmAdsl" = ADSL Modem"Switchfire_Demo" = Switchfire V.1.0 Demo"Tennis Antics" = Tennis Antics"Tortuga_is1" = Piraci Nowego Świata"USB to Serial Cable Driver" = USB to Serial Cable Driver"Vulture" = Vulture"Wedkarz_is1" = Wędkarz 2.15"Winamp" = Winamp"Windows Media Format Runtime" = Windows Media Format Runtime"Windows Media Player" = Windows Media Player 10"WinRAR archiver" = WinRAR archiver"WMV9_VCM" = Microsoft Windows Media Video 9 VCM"xp-AntiSpy" = xp-AntiSpy 3.96-6"Zone Runner" = Zone Runner"Zone Runner 2" = Zone Runner 2========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"GP Vs Superbike" = GP Vs Superbike========== Last 10 Event Log Errors ==========[ Application Events ]Error - 2009-07-21 05:53:47 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:09 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:16 | Computer Name = PATRYK | Source = crypt32 | ID = 131080Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.  Error - 2009-07-21 20:09:20 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:31 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:43 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:55 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:09:57 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:10:17 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. Error - 2009-07-21 20:10:24 | Computer Name = PATRYK | Source = MsiInstaller | ID = 1013Description = Product: Sony Ericsson PC Suite 1.20.224 -- 1: The InstallScript engine on this machine is older than the version required to run this setup.  If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance. [ System Events ]Error - 2009-07-21 02:40:24 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi PCAMPR5 NDIS Protocol Driver z powodu następującego błędu:   %%2Error - 2009-07-21 02:45:42 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi PCAMPR5 NDIS Protocol Driver z powodu następującego błędu:   %%2Error - 2009-07-21 02:45:42 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi PCAMPR5 NDIS Protocol Driver z powodu następującego błędu:   %%2Error - 2009-07-21 03:55:44 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7034Description = Usługa Power Manager niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.Error - 2009-07-21 04:01:50 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi PCAMPR5 NDIS Protocol Driver z powodu następującego błędu:   %%2Error - 2009-07-21 04:01:50 | Computer Name = PATRYK | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi PCAMPR5 NDIS Protocol Driver z powodu następującego błędu:   %%2Error - 2009-07-21 05:35:06 | Computer Name = PATRYK | Source = i8042prt | ID = 327714Description = Przy próbie określenia liczby przycisków myszy wystąpił błąd.Error - 2009-07-21 05:35:06 | Computer Name = PATRYK | Source = i8042prt | ID = 327720Description = Wystąpił błąd podczas próby uzyskania identyfikatora urządzenia myszy.Error - 2009-07-21 05:35:09 | Computer Name = PATRYK | Source = i8042prt | ID = 327714Description = Przy próbie określenia liczby przycisków myszy wystąpił błąd.Error - 2009-07-21 05:43:30 | Computer Name = PATRYK | Source = sr | ID = 1Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'desktop.ini' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu.< End of report >

OTL.Txt

OTL logfile created on: 2009-07-21 12:23:02 - Run 1OTL by OldTimer - Version 3.0.9.2     Folder = I:\Nowy folderWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd510,48 Mb Total Physical Memory | 241,78 Mb Available Physical Memory | 47,36% Memory free1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,78% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 0,78 Gb Free Space | 3,99% Space Free | Partition Type: NTFSDrive D: | 48,83 Gb Total Space | 10,48 Gb Free Space | 21,45% Space Free | Partition Type: NTFSDrive E: | 39,06 Gb Total Space | 21,86 Gb Free Space | 55,97% Space Free | Partition Type: NTFSDrive F: | 41,62 Gb Total Space | 30,73 Gb Free Space | 73,84% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedDrive I: | 3,72 Gb Total Space | 1,70 Gb Free Space | 45,54% Space Free | Partition Type: FAT32Computer Name: PATRYKCurrent User Name: PATLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2004-08-03 10:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2003-04-22 17:20:02 | 00,061,440 | ---- | M] () -- C:\WINDOWS\Dit.exePRC - [2005-10-26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exePRC - [2008-11-27 16:29:38 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2009-07-20 18:46:20 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2004-10-05 16:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exePRC - [2005-03-06 22:16:18 | 00,366,080 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exePRC - [2002-07-12 10:29:24 | 00,065,536 | ---- | M] () -- C:\WINDOWS\DitExp.exePRC - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exePRC - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exePRC - [2005-06-08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exePRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2005-08-10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exePRC - [2006-03-16 09:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exePRC - [2004-08-03 10:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exePRC - [2004-08-03 10:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXEPRC - [2003-12-08 13:58:22 | 00,094,208 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\macromed\flash\GetFlash.exePRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009-07-21 02:02:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- I:\Nowy folder\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])SRV - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe -- (FTRTSVC [Auto | Running])SRV - [2004-08-03 10:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])SRV - File not found --  -- (PowerManager [Auto | Stopped])SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2005-11-20 17:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Stopped])DRV - [2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])DRV - [2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])DRV - [2004-09-01 10:26:41 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temp\cel90xbe.sys -- (cel90xbe [On_Demand | Stopped])DRV - [2005-01-10 04:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2002-10-02 20:32:48 | 00,017,932 | R--- | M] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys -- (GT680xNT [On_Demand | Stopped])DRV - [2006-10-22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])DRV - [2005-01-10 04:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])DRV - [2007-06-14 20:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])DRV - [2003-08-04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])DRV - [2004-01-26 03:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [system | Running])DRV - [2004-01-26 03:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [boot | Running])DRV - [2003-09-06 00:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [boot | Running])DRV - [2001-08-17 08:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-07 11:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2005-11-09 17:45:36 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])DRV - [2009-03-26 14:37:13 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])DRV - [2003-12-01 03:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [boot | Running])DRV - [2005-12-12 07:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])DRV - [2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])DRV - [2005-11-09 15:45:14 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])DRV - [2006-05-25 05:28:44 | 00,684,265 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Stopped])DRV - [2004-02-01 05:53:20 | 00,026,166 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\DRIVERS\usbfilt.sys -- (Usbfilt [On_Demand | Stopped])DRV - [2006-03-13 16:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300bus.sys -- (w300bus [On_Demand | Stopped])DRV - [2006-03-13 16:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])DRV - [2006-03-13 16:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdm.sys -- (w300mdm [On_Demand | Stopped])DRV - [2006-03-13 16:50:06 | 00,087,824 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])DRV - [2006-03-13 16:50:08 | 00,085,696 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300obex.sys -- (w300obex [On_Demand | Stopped])DRV - [2005-11-10 05:45:32 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [system | Stopped])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\S-1-5-21-1614895754-1645522239-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-20 18:46:21 | 00,000,000 | ---D | M]O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll File not foundO4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()O4 - HKLM..\Run: [sony Ericsson PC Suite]  File not foundO4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not foundO4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)O4 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)O4 - Startup: C:\Documents and Settings\PAT\Menu Start\Programy\Autostart\MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html File not foundO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html File not foundO12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.209.70 10.36.0.1 217.30.137.200O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-08-29 05:05:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{07d67764-5701-11dd-b179-0013d3f1e3e3}\Shell\Open(&0)\command - "" = I:\Recycled\ctfmon.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\explore\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\open\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe -- File not foundO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found========== Files/Folders - Created Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][2009-07-20 20:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Malwarebytes[2009-07-20 20:22:18 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-20 20:22:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-20 20:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-20 20:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-20 20:18:27 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-20 20:06:28 | 00,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 20:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InsFiles[2009-07-20 20:02:01 | 00,006,091 | ---- | C] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE ZXDSL 852[2009-07-20 20:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AlertModule[2009-07-20 20:01:42 | 00,036,864 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\IfHelper.dll[2009-07-20 20:01:41 | 00,040,960 | ---- | C] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe[2009-07-20 19:52:07 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 19:51:53 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-20 19:51:53 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-20 19:51:53 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009-07-20 19:51:53 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-20 19:51:53 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira[2009-07-20 18:47:44 | 00,526,184 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll[2009-07-20 18:47:44 | 00,456,536 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL[2009-07-20 18:47:44 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin[2009-07-20 18:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician[2009-07-20 18:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Sun[2009-07-20 18:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\neostrada tp[2009-07-20 18:08:25 | 01,488,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll[2009-07-20 18:08:25 | 00,332,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe[2009-07-20 18:08:25 | 00,200,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll[2009-07-20 18:06:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\WinRAR[2009-07-20 18:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR[2009-07-20 18:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy[2009-07-20 17:57:14 | 53,535,1296 | -HS- | C] () -- C:\hiberfil.sys[2009-07-20 17:41:44 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-20 17:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Zards software[2009-07-19 09:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2009-07-19 09:11:20 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-19 09:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:10:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu[2009-07-18 21:41:13 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 21:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL[2009-07-18 13:29:16 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:51:18 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini[2009-07-18 09:51:17 | 00,102,400 | R--- | C] (STMicroelectronics              ) -- C:\WINDOWS\stmtrace.exe[2009-07-18 09:51:17 | 00,065,536 | R--- | C] (STMicroelectronics) -- C:\WINDOWS\DSLTest.exe[2009-07-18 09:51:17 | 00,000,902 | R--- | C] () -- C:\WINDOWS\System32\setup.ini[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTR.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShRx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShow.ico[2009-07-18 09:51:16 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys[2009-07-18 09:51:16 | 00,446,464 | R--- | C] (STMicroelectronics              ) -- C:\WINDOWS\System32\stmadsl.cpl[2009-07-18 09:51:16 | 00,060,255 | R--- | C] (STMicroelectronics              ) -- C:\WINDOWS\System32\drivers\stmatm.sys[2009-07-18 09:51:16 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe[2009-07-18 09:51:16 | 00,018,498 | R--- | C] () -- C:\WINDOWS\System32\CSALogo.bmp[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icStop.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icNoMo.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icInit.ico[2009-07-18 09:51:06 | 00,032,768 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\WooDial2000.dll[2009-07-18 09:48:49 | 00,425,984 | R--- | C] (STMicroelectronics              ) -- C:\WINDOWS\System32\stmcfg32.dll[2009-07-18 09:48:49 | 00,151,552 | R--- | C] (STMicroelectronics              ) -- C:\WINDOWS\System32\stmctrl.dll[2009-07-18 09:48:34 | 00,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32n50.dll[2009-07-18 09:48:34 | 00,016,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS[2009-07-18 09:48:06 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll[2009-07-18 09:48:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java[2009-07-04 20:08:21 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-05-29 18:53:18 | 00,000,468 | ---- | C] () -- C:\WINDOWS\gfscore.ini[2009-02-22 15:44:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009-01-24 11:59:21 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wininit.ini[2009-01-22 19:57:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009-01-16 18:18:11 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2009-01-16 18:18:11 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2008-11-28 15:53:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2008-11-28 15:53:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008-11-28 15:53:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008-11-28 15:53:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-11-28 15:53:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-11-27 16:30:46 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2008-11-23 09:05:20 | 00,000,092 | ---- | C] () -- C:\WINDOWS\galaxy.ini[2008-11-14 16:13:46 | 00,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI[2008-10-18 20:23:47 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI[2008-06-13 14:58:52 | 00,001,969 | ---- | C] () -- C:\WINDOWS\disney.ini[2008-06-13 14:58:38 | 00,000,182 | ---- | C] () -- C:\WINDOWS\disneysy.ini[2008-05-23 16:49:39 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008-04-15 09:11:58 | 00,167,936 | ---- | C] () -- C:\WINDOWS\Dit.DLL[2008-04-15 09:11:58 | 00,000,212 | ---- | C] () -- C:\WINDOWS\Dit.INI[2008-04-04 17:48:09 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2008-02-12 15:38:46 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI[2007-10-07 06:09:06 | 00,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI[2007-10-07 06:05:45 | 00,017,932 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\Gt680x.sys[2007-10-07 06:05:33 | 00,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll[2007-10-07 06:05:32 | 00,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini[2007-10-07 06:05:31 | 00,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI[2007-10-07 06:04:57 | 00,003,429 | ---- | C] () -- C:\WINDOWS\If42le.ini[2007-10-07 06:04:57 | 00,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI[2007-10-07 06:04:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll[2007-10-07 06:04:47 | 00,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini[2007-09-24 22:35:03 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2007-09-08 23:44:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2007-08-29 05:50:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007-08-29 05:30:22 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini[2007-08-29 05:30:22 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2007-08-29 05:27:58 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini[2006-10-22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll[2006-03-06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll[2006-01-20 10:46:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-06-14 21:20:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2005-06-14 21:20:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2005-06-14 21:20:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2005-06-14 21:20:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll[2005-06-14 21:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2005-06-14 21:20:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll[2005-05-03 05:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2004-08-03 10:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2003-10-02 04:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll[2002-04-10 19:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll[2002-04-01 10:29:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2002-04-01 10:16:30 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2002-04-01 10:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2002-04-01 10:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2002-03-26 07:18:28 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll[2002-02-21 04:41:20 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2002-01-20 00:26:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll[2001-10-25 02:53:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll[2001-07-21 09:16:20 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-21 09:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini[2001-06-21 23:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll[1997-06-13 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-21 12:08:28 | 00,088,230 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2009-07-21 12:08:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-21 12:08:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-21 12:08:08 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys[2009-07-20 20:26:35 | 00,006,091 | ---- | M] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:18:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:06:28 | 00,001,547 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 19:52:07 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 18:17:32 | 04,308,548 | -H-- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-20 17:41:44 | 00,000,901 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-19 09:11:20 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-18 21:41:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-18 21:41:13 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 13:29:16 | 00,000,022 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:32:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-04 20:08:21 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-07-04 20:08:10 | 00,003,429 | ---- | M] () -- C:\WINDOWS\If42le.ini[2009-06-24 18:03:25 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini========== LOP Check ==========[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji[2009-07-20 20:22:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2007-08-29 05:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead[2008-06-13 14:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive[2009-02-23 11:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Synetic[2008-06-05 16:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca[2008-03-15 08:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2007-08-29 05:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2007-08-29 05:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-07-20 20:22:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\PAT\Dane aplikacji[2008-02-21 07:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ahead[2008-04-09 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ascaron Entertainment[2007-10-07 06:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\InterTrust[2008-06-05 20:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Leadertech[2008-06-18 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\LEGO Media[2009-07-19 10:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2007-12-04 05:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Participatory Culture Foundation[2007-12-29 13:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\PCF-VLC[2009-02-22 17:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Summer Athletics 2008[2008-06-05 16:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Teleca[2001-07-21 09:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-21 12:08:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==========< End of report >

RSIT

info.txt

info.txt logfile of random's system information tool 1.06 2009-07-21 12:26:41======Uninstall list======-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL-->C:\WINDOWS\UNNMP.exe /UNINSTALL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Reader 7.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70000000000}Adobe? Photoshop? Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}ADSL Modem-->rundll32.exe stmcfg32.dll,UninstallAlien Arena 2008 7.10-->"d:\GRY\Alien Arena 2008\unins000.exe"Alladyn i Nowe Szaty Króla - dema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAB01F2-8711-46D2-84B6-2D8A4AC9BF0A}\setup.exe" -l0x15 ALLPlayer V2.X-->C:\Program Files\MarBit\ALLPlayer\UnGins.exe "C:\Program Files\MarBit\ALLPlayer\install.log"Alone in the Dark - Koszmar Powraca-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D70015A-EA6F-4C19-B116-E022C1256AD4}\setup.exe" -l0x15 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVEBad Boys 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53B9A1FE-FF04-4431-B394-B110FE794200}\setup.exe" -l0x9 Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\Setup.exe" -l0x9 BIONICLE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B196519A-A2AC-443E-84D1-F336B4E8F304}\setup.exe" -l0x9 Bongo Boogie-->D:\patrycj gry\Uninstal.exeBSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"Bumper Wars-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4598BAE-00C8-4582-BA38-82C24C07113F}\setup.exe" -l0x15 Captain Zoox & Pingy-->C:\WINDOWS\IsUninst.exe -fd:\gry\Uninst.isuCleanse Uninstaller Pro 2008  -->C:\Program Files\Zards software\Cleanse Uninstaller\uninst.exeCrawler Toolbar-->C:\PROGRA~1\Crawler\CToolbar.exe uninstCreative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9  /removeCreative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9  /removeDAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}Demo Tarzan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68F423B1-B08A-4EFC-8414-408455443322}\setup.exe" Demo TarzanDevice Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9  /removeDisciples II - Mroczne Proroctwo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{414D0241-EDC9-4EE6-8925-2D6A847FB212}\setup.exe" -l0x15 Driver Magician 3.4-->"C:\Program Files\Driver Magician\unins000.exe"Drome Racers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x7 Enclave-->"D:\GRY\Enclave\unins000.exe"Far Gate-->D:\PROGRA~1\FARGAT~1\UNWISE.EXE D:\PROGRA~1\FARGAT~1\INSTALL.LOGFord Racing 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797E03F8-C8A0-47ED-AA9F-D7076276E491}\setup.exe" Freeride Earth-->D:\gry taty\uninstall.exeGameSpy Arcade-->D:\PROGRA~1\GAMESP~1\UNWISE.EXE D:\PROGRA~1\GAMESP~1\INSTALL.LOGGiana Worlds 0.83 Preview-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Freeware Games\Giana Worlds 0.83 Preview\Uninst.isu"Gods - Kraina Nieskończoności-->"D:\Program Files\Gods\Uninstall Information\unins000.exe"Gothic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{758A4269-70E5-4B11-B419-F692882408A9}\setup.exe" -l0x15 GTA I-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}\setup.exe" -l0x15 GTA III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\setup.exe" -l0x15 GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9  -removeonlyGTA2-->C:\WINDOWS\IsUninst.exe -fd:\gry\Uninst.isuHeroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9 HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotel Giant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E7B12B6-DA76-4167-BB65-491C18F8236B}\setup.exe" -l0x15 Icy Tower v1.2 (11kHz)-->D:\GRY\icytower1.2\unins000.exeInterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exeJava 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" AnytextJava 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"Krzyżówki dla Zerówki 7-->"D:\GRY\coś tam\unins000.exe"L'Oeil du Kraken / Eye of the Kraken-->"D:\Uninstall.exe" "D:\install.log"LRC Editor 4.0 (remove only)-->"C:\Program Files\LRC Editor 4\uninst-gsle4.exe"Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"Mashed Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{337B5336-A953-4C81-95B5-B4F8DA7FA189}\Setup.exe" -l0x9 Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exeMicrosoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, UninstallMoorhuhn Kart XS (PL)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63D08574-EC96-44F1-8973-8BA847C2BB22}\Setup.exe" -l0x9 Mój brat niedźwiedź-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B489D5F8-D960-4399-9286-C59BF21991B5}\Setup.exe" -l0x15 Mój brat niedźwiedźMP3 Player Utilities 4.07-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}MUCHTRIX-->D:\uninstal.exeMulti-Card Reader & Flash Disk-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 Multimedia Keyboard Driver-->C:\PROGRA~1\MULTIK~1\UNWISE.EXE C:\PROGRA~1\MULTIK~1\INSTALL.LOGneostrada tp-->C:\PROGRA~1\NEOSTR~1\Uninstall.exeNero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Program Files\NimoCodec Pack\uninstall.exe"NitroFamily-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008E8741-8888-4BEE-89B6-5AECB5FB9611}\Setup.exe" -l0x9 Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exeNVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUIPekka Kana 2-->D:\GRY\Pekka Kana 2\Uninstal.exePet Racer-->C:\Program Files\Pet Racer\uninstall Pet Racer.exePlustek USB Scanner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5265664F-6128-405C-9225-9782A85954FD}\setup.exe" Podbój Rzymu-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98B791BF-0F12-453A-A25D-FD4340703444}\setup.exe" -l0x15 PowerDVD-->C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"Pro Pinball - Fantastic Journey-->D:\GRYTAT~1\UNWISE.EXE D:\GRYTAT~1\INSTALL.LOGPunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9 Real Alternative 1.27-->"C:\Program Files\Real Alternative\unins000.exe"Real Chess-->"D:\GRY\szachy\unins000.exe"RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0Registry Shower 2007 2.70 PC Format-->"C:\Program Files\Registry Shower 2007\unins000.exe"Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonlySamsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonlySąsiedzi z Piekła Rodem 1 i 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6AAF923E-077E-4543-BA1C-42A75BB03677}\setup.exe" -l0x15 Sea Dogs-->D:\STRATE~1\UNWISE.EXE D:\STRATE~1\INSTALL.LOGSerious Sam Pierwsze Starcie-->D:\GRY\SERIOU~1\UNWISE.EXE D:\GRY\SERIOU~1\INSTALL.LOGSerious Sam: Drugie Starcie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x15 Solaris 104-->D:\GRY\SOLARI~1\UNWISE.EXE D:\GRY\SOLARI~1\INSTALL.LOGSony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}Speed Reader PL-->"C:\Program Files\Speed Reader PL\unins000.exe"Sprint & FineReader 5.0 Office Try&Buy-->C:\WINDOWS\bitdein2.exe C:\PROGRA~1\SPRINT~1.0OF\bitdeins.iniStar Racing-->"D:\GRY\GameTop.com\Star Racing\unins000.exe"Strzel sobie-->D:\GRY\Strzel sobie\Uninstall.exeTennis Antics-->C:\WINDOWS\IsUninst.exe -fd:\tenis\Uninst.isuUSB Data Cable 1.12.27s-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F46E168-E0F4-45EA-81F5-80488334B609}\Setup.exe" -l0x9 USB to Serial Cable Driver-->C:\WINDOWS\unvise32.exe C:\Program Files\ArkMicro\uninstal.logVulture-->C:\WINDOWS\VLaunch.exe fWarrior Kings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF6C6176-3CAF-471D-B2AE-48E3F121B609}\setup.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe"Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /UninstallWinRAR archiver-->C:\Program Files\WinRAR\uninstall.exeWR2 Demo ATS-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{819A6E18-2533-4434-AB91-E5D95F3549A2} /l1033 xp-AntiSpy 3.96-6-->C:\Program Files\xp-AntiSpy\Uninstall.exe=====HijackThis Backups===== [2009-07-21]O4 - Global Startup: Disabled [2009-07-21]O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) [2009-07-21]O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) [2009-07-21]O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) [2009-07-21]======System event log======Computer Name: PATRYKEvent Code: 7036Message: Usługa iPodService weszła w stan uruchomienia.Record Number: 10820Source Name: Service Control ManagerTime Written: 20090528160833.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 7035Message: Do usługi Menedżer połączeń usługi Dostęp zdalny został pomyślnie wysłany kod sterowania uruchom.Record Number: 10819Source Name: Service Control ManagerTime Written: 20090528160832.000000-720Event Type: informacjeUser: PATRYK\PATComputer Name: PATRYKEvent Code: 7036Message: Usługa Telefonia weszła w stan uruchomienia.Record Number: 10818Source Name: Service Control ManagerTime Written: 20090528160832.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 7035Message: Do usługi iPodService został pomyślnie wysłany kod sterowania uruchom.Record Number: 10817Source Name: Service Control ManagerTime Written: 20090528160831.000000-720Event Type: informacjeUser: ZARZĄDZANIE NT\SYSTEMComputer Name: PATRYKEvent Code: 7036Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.Record Number: 10816Source Name: Service Control ManagerTime Written: 20090528160831.000000-720Event Type: informacjeUser: =====Application event log=====Computer Name: PATRYKEvent Code: 101Message: wuauclt (2384) Aparat bazy danych został zatrzymany.Record Number: 5Source Name: ESENTTime Written: 20090222163515.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 103Message: wuaueng.dll (2384) SUS20ClientDataStore: Aparat bazy danych zatrzymał wystąpienie (0).Record Number: 4Source Name: ESENTTime Written: 20090222163515.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 102Message: wuaueng.dll (2384) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0).Record Number: 3Source Name: ESENTTime Written: 20090222163012.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 100Message: wuauclt (2384) Aparat bazy danych 5.01.2600.2180 został uruchomiony.Record Number: 2Source Name: ESENTTime Written: 20090222163012.000000-720Event Type: informacjeUser: Computer Name: PATRYKEvent Code: 1800Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.Record Number: 1Source Name: SecurityCenterTime Written: 20090222162925.000000-720Event Type: informacjeUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=15"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel"PROCESSOR_REVISION"=0401"NUMBER_OF_PROCESSORS"=1"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"SamDir"=SINSTDIR"DEFAULT_CA_NR"=CA6"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip-----------------EOF-----------------

log.txt

Logfile of random's system information tool 1.06 (written by random/random)Run by PAT at 2009-07-21 12:28:22Microsoft Windows XP Professional Dodatek Service Pack 2System drive C: has 798 MB (4%) free of 20 GBTotal RAM: 510 MB (41% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:28:24, on 2009-07-21Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\Dit.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\NEOSTR~1\TaskBarIcon.exeC:\Program Files\MultiKeyboard Driver\KbdDrv.exeC:\WINDOWS\DitExp.exeC:\WINDOWS\System32\FTRTSVC.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\MsiExec.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\macromed\flash\GetFlash.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeI:\Nowy folder\OTL.exeI:\Nowy folder\RSIT.exeI:\Nowy folder\PAT.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Dit] Dit.exeO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exeO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.htmlO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)--End of file - 5154 bytes======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-20 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-20 34816][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-20 73728][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]"nwiz"=nwiz.exe /install []"P17Helper"=Rundll32 P17.dll,P17Helper []"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-08 155648]"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]"Dit"=C:\WINDOWS\Dit.exe [2003-04-22 61440]"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-27 180269]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-20 136600]"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2004-08-23 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\GestMaj.exe [2004-10-14 32768][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-05-27 10486376]C:\Documents and Settings\PAT\Menu Start\Programy\AutostartMutiKeyboard Driver.lnk - C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=1"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=95000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""D:\womrsy\Worms Forts Under Siege\WF.exe"="D:\womrsy\Worms Forts Under Siege\WF.exe:*:Disabled:WF""D:\womrsy\WORMS 4 MAYHEM.EXE"="D:\womrsy\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem""D:\Paris Chase\ParisChase.exe"="D:\Paris Chase\ParisChase.exe:*:Disabled:ParisChase""D:\heros\h3blade.exe"="D:\heros\h3blade.exe:*:Enabled:Heroes of Might and Magic III""D:\gusanos-ded.exe"="D:\gusanos-ded.exe:*:Enabled:gusanos-ded""D:\Serious Sam Pierwsze Starcie\Bin\SeriousSam.exe"="D:\Serious Sam Pierwsze Starcie\Bin\SeriousSam.exe:*:Enabled:SeriousSam""D:\GRY\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="D:\GRY\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem""D:\GRY\GameCenter\GameCenter.exe"="D:\GRY\GameCenter\GameCenter.exe:*:Enabled:GameCenter""D:\Program Files\GameSpy Arcade\Aphex.exe"="D:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade 1.0, Public Beta 7""D:\GRY\Space Empires IV Deluxe\se4.exe"="D:\GRY\Space Empires IV Deluxe\se4.exe:*:Enabled:Space Empires IV""D:\GRY\Alien Arena 2008\crx.exe"="D:\GRY\Alien Arena 2008\crx.exe:*:Disabled:crx""C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]shell\AutoRun\command - C:\3o.exeshell\explore\command - C:\3o.exeshell\open\command - C:\3o.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]shell\AutoRun\command - G:\start.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d67764-5701-11dd-b179-0013d3f1e3e3}]shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exeshell\Open(&0)\command - I:\Recycled\ctfmon.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}]shell\AutoRun\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exeshell\open\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}]shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exeshell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}]shell\AutoRun\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exeshell\open\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe======List of files/folders created in the last 1 months======2009-07-21 12:26:35 ----D---- C:\rsit2009-07-20 20:24:10 ----A---- C:\WINDOWS\system32\OAMLogFile.txt2009-07-20 20:23:45 ----A---- C:\WINDOWS\system32\USBHubInfo.txt2009-07-20 20:22:21 ----D---- C:\Documents and Settings\PAT\Dane aplikacji\Malwarebytes2009-07-20 20:22:16 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes2009-07-20 20:22:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-07-20 20:18:27 ----D---- C:\Program Files\Trend Micro2009-07-20 20:02:47 ----D---- C:\WINDOWS\system32\InsFiles2009-07-20 20:02:01 ----D---- C:\Program Files\ZTE ZXDSL 8522009-07-20 20:01:52 ----D---- C:\WINDOWS\system32\AlertModule2009-07-20 20:01:42 ----A---- C:\WINDOWS\system32\IfHelper.dll2009-07-20 20:01:41 ----A---- C:\WINDOWS\system32\FTRTSVC.exe2009-07-20 19:51:50 ----D---- C:\Program Files\Avira2009-07-20 19:51:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira2009-07-20 18:47:44 ----A---- C:\WINDOWS\system32\XCEEDZIP.DLL2009-07-20 18:47:44 ----A---- C:\WINDOWS\system32\XceedCry.dll2009-07-20 18:47:43 ----D---- C:\Program Files\Driver Magician2009-07-20 18:46:43 ----A---- C:\WINDOWS\system32\javaws.exe2009-07-20 18:46:43 ----A---- C:\WINDOWS\system32\javaw.exe2009-07-20 18:46:43 ----A---- C:\WINDOWS\system32\java.exe2009-07-20 18:46:43 ----A---- C:\WINDOWS\system32\deploytk.dll2009-07-20 18:45:51 ----D---- C:\Documents and Settings\PAT\Dane aplikacji\Sun2009-07-20 18:14:55 ----D---- C:\Program Files\neostrada tp2009-07-20 18:08:25 ----A---- C:\WINDOWS\system32\WgaTray.exe2009-07-20 18:08:25 ----A---- C:\WINDOWS\system32\WgaLogon.dll2009-07-20 18:08:25 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll2009-07-20 18:06:55 ----D---- C:\Documents and Settings\PAT\Dane aplikacji\WinRAR2009-07-20 18:06:46 ----D---- C:\Program Files\WinRAR2009-07-20 18:03:47 ----D---- C:\Program Files\xp-AntiSpy2009-07-20 17:41:44 ----D---- C:\Program Files\Zards software2009-07-19 09:18:35 ----D---- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM2009-07-19 09:11:18 ----D---- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu2009-07-19 09:10:59 ----D---- C:\Program Files\Nowe Gadu-Gadu2009-07-18 21:40:06 ----D---- C:\Program Files\Metin2_PL2009-07-18 09:51:18 ----RA---- C:\WINDOWS\DSLSetup.ini2009-07-18 09:51:17 ----RA---- C:\WINDOWS\system32\setup.ini2009-07-18 09:51:17 ----RA---- C:\WINDOWS\stmtrace.exe2009-07-18 09:51:17 ----RA---- C:\WINDOWS\DSLTest.exe2009-07-18 09:51:16 ----RA---- C:\WINDOWS\system32\stmclean.exe2009-07-18 09:51:06 ----A---- C:\WINDOWS\system32\WooDial2000.dll2009-07-18 09:48:49 ----RA---- C:\WINDOWS\system32\stmctrl.dll2009-07-18 09:48:49 ----RA---- C:\WINDOWS\system32\stmcfg32.dll2009-07-18 09:48:34 ----A---- C:\WINDOWS\system32\W32n50.dll2009-07-18 09:48:06 ----N---- C:\WINDOWS\system32\ActPanel.dll2009-07-18 09:48:06 ----D---- C:\Program Files\Java======List of files/folders modified in the last 1 months======2009-07-21 12:14:24 ----SD---- C:\Documents and Settings\PAT\Dane aplikacji\Microsoft2009-07-21 12:10:28 ----SHD---- C:\WINDOWS\Installer2009-07-21 12:09:00 ----D---- C:\WINDOWS\Temp2009-07-21 12:08:57 ----D---- C:\WINDOWS\system32\CatRoot22009-07-20 21:54:10 ----A---- C:\WINDOWS\SchedLgU.Txt2009-07-20 21:39:49 ----D---- C:\WINDOWS\system322009-07-20 21:39:40 ----D---- C:\WINDOWS2009-07-20 21:35:59 ----D---- C:\Program Files\Windows Media Player2009-07-20 21:35:52 ----D---- C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy2009-07-20 21:35:52 ----D---- C:\Program Files\Speed Reader PL2009-07-20 21:35:46 ----D---- C:\Program Files\ScannerU2009-07-20 21:35:45 ----D---- C:\Program Files\Real Alternative2009-07-20 21:35:44 ----D---- C:\Program Files\MultiKeyboard Driver2009-07-20 21:35:41 ----D---- C:\Program Files\K-Lite Codec Pack2009-07-20 21:35:31 ----D---- C:\Program Files\Crawler2009-07-20 21:35:18 ----RD---- C:\Program Files2009-07-20 21:35:17 ----D---- C:\Drivers2009-07-20 20:31:52 ----D---- C:\WINDOWS\system32\drivers2009-07-20 19:52:00 ----HD---- C:\WINDOWS\inf2009-07-20 19:50:47 ----D---- C:\WINDOWS\WinSxS2009-07-20 18:05:42 ----D---- C:\Program Files\Messenger2009-07-20 17:54:58 ----A---- C:\WINDOWS\ntbtlog.txt2009-07-19 09:11:39 ----D---- C:\Program Files\Common Files\Microsoft Shared2009-07-18 21:41:45 ----A---- C:\WINDOWS\NeroDigital.ini2009-07-18 13:57:10 ----D---- C:\WINDOWS\Prefetch2009-07-18 09:48:06 ----HD---- C:\Program Files\InstallShield Installation Information2009-07-07 19:24:16 ----D---- C:\Program Files\Common Files\EasyInfo2009-07-04 20:08:10 ----A---- C:\WINDOWS\If42le.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-21 96104]R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40320]R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-11-10 14848]R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224]R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-21 28520]R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-21 55640]R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-11-09 9600]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-14 1127936]R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2005-11-09 20992]R3 StillCam;Sterownik szeregowego cyfrowego aparatu fotograficznego; C:\WINDOWS\system32\DRIVERS\serscan.sys [2005-11-09 6912]R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-11-10 31616]R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-11-09 26496]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []S1 wceusbsh;Sterownik hosta szeregowego USB Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-11-10 31872]S3 cel90xbe;cel90xbe; \??\C:\DOCUME~1\PAT\USTAWI~1\Temp\cel90xbe.sys []S3 GT680xNT;USB Scanner Driver; C:\WINDOWS\system32\drivers\gt680x.sys [2002-10-02 17932]S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 684265]S3 Usbfilt;UsbFilt; \??\C:\WINDOWS\SYSTEM32\DRIVERS\usbfilt.sys []S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-21 108289]R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-20 152984]R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]S2 PowerManager;Power Manager; C:\WINDOWS\svchost.exe []S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]-----------------EOF-----------------

MarekM25
komentarz
komentarz

Przejrzałem tylko log, bo znalazłem zagrożenie, więc na razie pozostałe rzeczy trzeba odłożyć na później.

Jest tutaj wirus popularnie nazywany Jeefo (albo był, bo piszę fille missing jednak i tak w razie czego trzeba wykonać kroki zapobiegawcze).

http://www.sophos.com/support/disinfection/jeefoa.html -tu masz szczepionkę na Jeffo

Można też usunąć Jeefo za pomocą avengera lub otl, ale lepiej przelecieć tą szczepionką by nic nie zostało.

Po szczepionce następny log z otl.

PS: na przyszłość nie musisz używać hijackthis jak dajesz loga z otl i rsit, opisuj problem dokładnie i nie mów, że avast znajduje jakiegoś wirusa i inne musisz dokładnie wszystkie wymienić

iwan59
komentarz
komentarz

Log po skanowaniu Resolve for W32/Jeefo

resolve.log

RESOLVE Version 1.04Copyright © 2003, Sophos Plc, www.sophos.comSystem disinfection for W32/Jeefo Data Version 1.00, Plugin Version 1.01System scan started at 13:09 on 21 July 2009Checking for W32/Jeefo in memoryW32/Jeefo was not found active in memoryChecking for files affected by W32/JeefoScanning C:Scanning D:Scanning E:Scanning F:Scanning C:Scanning D:>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\ef_1.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\ef_2.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\ef_3.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\ef_4.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\gm_1.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\gm_2.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\gm_3.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\gm_4.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\pol_1.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\pol_2.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\pol_3.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\pol_4.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\run_1.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\run_2.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\run_3.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\run_4.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\tr_1.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\tr_2.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\tr_3.exeFile disinfected>>>Virus 'W32/Jeefo-A' found in file D:\tapety\tapety z płyt\tr_4.exeFile disinfectedScanning E:>>>Virus 'W32/Jeefo-A' found in file E:\aaaaa\SB24_VTDRV_LB_1_04_0077.exeFile disinfectedScanning F:System scan finished at 13:11 on 21 July 2009	Infected processes found			: 0	Processes terminated or disinfected : 0	Infected files found				: 21	Infected files deleted			  : 0	Infected files disinfected		  : 21

OTL

OTL.txt

OTL logfile created on: 2009-07-21 13:19:43 - Run 2OTL by OldTimer - Version 3.0.9.2	 Folder = I:\Nowy folderWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd510,48 Mb Total Physical Memory | 173,50 Mb Available Physical Memory | 33,99% Memory free1,22 Gb Paging File | 0,83 Gb Available in Paging File | 68,19% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 0,70 Gb Free Space | 3,57% Space Free | Partition Type: NTFSDrive D: | 48,83 Gb Total Space | 10,48 Gb Free Space | 21,46% Space Free | Partition Type: NTFSDrive E: | 39,06 Gb Total Space | 21,86 Gb Free Space | 55,97% Space Free | Partition Type: NTFSDrive F: | 41,62 Gb Total Space | 30,73 Gb Free Space | 73,84% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedDrive I: | 3,72 Gb Total Space | 1,69 Gb Free Space | 45,51% Space Free | Partition Type: FAT32Computer Name: PATRYKCurrent User Name: PATLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2004-08-03 10:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2003-04-22 17:20:02 | 00,061,440 | ---- | M] () -- C:\WINDOWS\Dit.exePRC - [2005-10-26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exePRC - [2008-11-27 16:29:38 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2009-07-20 18:46:20 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2004-10-05 16:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exePRC - [2005-03-06 22:16:18 | 00,366,080 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exePRC - [2002-07-12 10:29:24 | 00,065,536 | ---- | M] () -- C:\WINDOWS\DitExp.exePRC - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exePRC - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exePRC - [2005-06-08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exePRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2005-08-10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exePRC - [2006-03-16 09:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exePRC - [2004-08-03 10:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exePRC - [2004-08-03 10:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXEPRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009-07-21 13:08:56 | 00,075,776 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KXMVGHQN\jeefogui[1].comPRC - [2009-07-21 02:02:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- I:\Nowy folder\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])SRV - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe -- (FTRTSVC [Auto | Running])SRV - [2004-08-03 10:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])SRV - File not found --  -- (PowerManager [Auto | Stopped])SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2005-11-20 17:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Stopped])DRV - [2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])DRV - [2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])DRV - [2004-09-01 10:26:41 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temp\cel90xbe.sys -- (cel90xbe [On_Demand | Stopped])DRV - [2005-01-10 04:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2002-10-02 20:32:48 | 00,017,932 | R--- | M] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys -- (GT680xNT [On_Demand | Stopped])DRV - [2006-10-22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])DRV - [2005-01-10 04:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])DRV - [2007-06-14 20:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])DRV - [2003-08-04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])DRV - [2004-01-26 03:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [system | Running])DRV - [2004-01-26 03:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [boot | Running])DRV - [2003-09-06 00:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [boot | Running])DRV - [2001-08-17 08:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-07 11:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2005-11-09 17:45:36 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])DRV - [2009-03-26 14:37:13 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])DRV - [2003-12-01 03:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [boot | Running])DRV - [2005-12-12 07:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])DRV - [2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])DRV - [2005-11-09 15:45:14 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])DRV - [2006-05-25 05:28:44 | 00,684,265 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Stopped])DRV - [2004-02-01 05:53:20 | 00,026,166 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\DRIVERS\usbfilt.sys -- (Usbfilt [On_Demand | Stopped])DRV - [2006-03-13 16:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300bus.sys -- (w300bus [On_Demand | Stopped])DRV - [2006-03-13 16:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])DRV - [2006-03-13 16:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdm.sys -- (w300mdm [On_Demand | Stopped])DRV - [2006-03-13 16:50:06 | 00,087,824 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])DRV - [2006-03-13 16:50:08 | 00,085,696 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300obex.sys -- (w300obex [On_Demand | Stopped])DRV - [2005-11-10 05:45:32 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [system | Stopped])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\S-1-5-21-1614895754-1645522239-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-20 18:46:21 | 00,000,000 | ---D | M]O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1	   localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll File not foundO4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()O4 - HKLM..\Run: [sony Ericsson PC Suite]  File not foundO4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not foundO4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)O4 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)O4 - Startup: C:\Documents and Settings\PAT\Menu Start\Programy\Autostart\MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html File not foundO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html File not foundO12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.209.70 10.36.0.1 217.30.137.200O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-08-29 05:05:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{07d67764-5701-11dd-b179-0013d3f1e3e3}\Shell\Open(&0)\command - "" = I:\Recycled\ctfmon.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\explore\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\open\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe -- File not foundO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found========== Files/Folders - Created Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][2009-07-21 12:26:35 | 00,000,000 | ---D | C] -- C:\rsit[2009-07-20 20:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Malwarebytes[2009-07-20 20:22:18 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-20 20:22:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-20 20:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-20 20:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-20 20:18:27 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-20 20:06:28 | 00,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 20:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InsFiles[2009-07-20 20:02:01 | 00,006,091 | ---- | C] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE ZXDSL 852[2009-07-20 20:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AlertModule[2009-07-20 20:01:42 | 00,036,864 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\IfHelper.dll[2009-07-20 20:01:41 | 00,040,960 | ---- | C] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe[2009-07-20 19:52:07 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 19:51:53 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-20 19:51:53 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-20 19:51:53 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009-07-20 19:51:53 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-20 19:51:53 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira[2009-07-20 18:47:44 | 00,526,184 | ---- | C] (Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll[2009-07-20 18:47:44 | 00,456,536 | ---- | C] (Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL[2009-07-20 18:47:44 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin[2009-07-20 18:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician[2009-07-20 18:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Sun[2009-07-20 18:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\neostrada tp[2009-07-20 18:08:25 | 01,488,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll[2009-07-20 18:08:25 | 00,332,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe[2009-07-20 18:08:25 | 00,200,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll[2009-07-20 18:06:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\WinRAR[2009-07-20 18:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR[2009-07-20 18:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy[2009-07-20 17:57:14 | 53,535,1296 | -HS- | C] () -- C:\hiberfil.sys[2009-07-20 17:41:44 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-20 17:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Zards software[2009-07-19 09:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2009-07-19 09:11:20 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-19 09:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:10:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu[2009-07-18 21:41:13 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 21:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL[2009-07-18 13:29:16 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:51:18 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini[2009-07-18 09:51:17 | 00,102,400 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\stmtrace.exe[2009-07-18 09:51:17 | 00,065,536 | R--- | C] (STMicroelectronics) -- C:\WINDOWS\DSLTest.exe[2009-07-18 09:51:17 | 00,000,902 | R--- | C] () -- C:\WINDOWS\System32\setup.ini[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTR.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShRx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShow.ico[2009-07-18 09:51:16 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys[2009-07-18 09:51:16 | 00,446,464 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmadsl.cpl[2009-07-18 09:51:16 | 00,060,255 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\drivers\stmatm.sys[2009-07-18 09:51:16 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe[2009-07-18 09:51:16 | 00,018,498 | R--- | C] () -- C:\WINDOWS\System32\CSALogo.bmp[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icStop.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icNoMo.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icInit.ico[2009-07-18 09:51:06 | 00,032,768 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\WooDial2000.dll[2009-07-18 09:48:49 | 00,425,984 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmcfg32.dll[2009-07-18 09:48:49 | 00,151,552 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmctrl.dll[2009-07-18 09:48:34 | 00,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32n50.dll[2009-07-18 09:48:34 | 00,016,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS[2009-07-18 09:48:06 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll[2009-07-18 09:48:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java[2009-07-04 20:08:21 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-05-29 18:53:18 | 00,000,468 | ---- | C] () -- C:\WINDOWS\gfscore.ini[2009-02-22 15:44:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009-01-24 11:59:21 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wininit.ini[2009-01-22 19:57:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009-01-16 18:18:11 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2009-01-16 18:18:11 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2008-11-28 15:53:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2008-11-28 15:53:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008-11-28 15:53:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008-11-28 15:53:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-11-28 15:53:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-11-27 16:30:46 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2008-11-23 09:05:20 | 00,000,092 | ---- | C] () -- C:\WINDOWS\galaxy.ini[2008-11-14 16:13:46 | 00,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI[2008-10-18 20:23:47 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI[2008-06-13 14:58:52 | 00,001,969 | ---- | C] () -- C:\WINDOWS\disney.ini[2008-06-13 14:58:38 | 00,000,182 | ---- | C] () -- C:\WINDOWS\disneysy.ini[2008-05-23 16:49:39 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008-04-15 09:11:58 | 00,167,936 | ---- | C] () -- C:\WINDOWS\Dit.DLL[2008-04-15 09:11:58 | 00,000,212 | ---- | C] () -- C:\WINDOWS\Dit.INI[2008-04-04 17:48:09 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2008-02-12 15:38:46 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI[2007-10-07 06:09:06 | 00,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI[2007-10-07 06:05:45 | 00,017,932 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\Gt680x.sys[2007-10-07 06:05:33 | 00,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll[2007-10-07 06:05:32 | 00,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini[2007-10-07 06:05:31 | 00,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI[2007-10-07 06:04:57 | 00,003,429 | ---- | C] () -- C:\WINDOWS\If42le.ini[2007-10-07 06:04:57 | 00,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI[2007-10-07 06:04:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll[2007-10-07 06:04:47 | 00,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini[2007-09-24 22:35:03 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2007-09-08 23:44:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2007-08-29 05:50:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007-08-29 05:30:22 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini[2007-08-29 05:30:22 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2007-08-29 05:27:58 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini[2006-10-22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll[2006-03-06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll[2006-01-20 10:46:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-06-14 21:20:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2005-06-14 21:20:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2005-06-14 21:20:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2005-06-14 21:20:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll[2005-06-14 21:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2005-06-14 21:20:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll[2005-05-03 05:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2004-08-03 10:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2003-10-02 04:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll[2002-04-10 19:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll[2002-04-01 10:29:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2002-04-01 10:16:30 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2002-04-01 10:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2002-04-01 10:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2002-03-26 07:18:28 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll[2002-02-21 04:41:20 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2002-01-20 00:26:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll[2001-10-25 02:53:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll[2001-07-21 09:16:20 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-21 09:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini[2001-06-21 23:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll[1997-06-13 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-21 12:08:28 | 00,088,230 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2009-07-21 12:08:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-21 12:08:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-21 12:08:08 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys[2009-07-20 20:26:35 | 00,006,091 | ---- | M] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:18:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:06:28 | 00,001,547 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 19:52:07 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 18:17:32 | 04,308,548 | -H-- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-20 17:41:44 | 00,000,901 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-19 09:11:20 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-18 21:41:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-18 21:41:13 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 13:29:16 | 00,000,022 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:32:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-04 20:08:21 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-07-04 20:08:10 | 00,003,429 | ---- | M] () -- C:\WINDOWS\If42le.ini[2009-06-24 18:03:25 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini========== LOP Check ==========[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji[2009-07-20 20:22:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2007-08-29 05:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead[2008-06-13 14:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive[2009-02-23 11:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Synetic[2008-06-05 16:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca[2008-03-15 08:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2007-08-29 05:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2007-08-29 05:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-07-20 20:22:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\PAT\Dane aplikacji[2008-02-21 07:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ahead[2008-04-09 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ascaron Entertainment[2007-10-07 06:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\InterTrust[2008-06-05 20:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Leadertech[2008-06-18 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\LEGO Media[2009-07-19 10:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2007-12-04 05:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Participatory Culture Foundation[2007-12-29 13:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\PCF-VLC[2009-02-22 17:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Summer Athletics 2008[2008-06-05 16:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Teleca[2001-07-21 09:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-21 12:08:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==========< End of report >
MarekM25
komentarz
komentarz

Pobierz Avenger. W polu Input script here wklej taki tekst: (bez frazy kod):

Kod:

Files to delete:C:\WINDOWS\svchost.exeDrivers to delete:PowerManager

Kliknij Execute. Komputer uruchomi się ponownie. Po restarcie pokazujesz raport z avengera. Potem skanujesz komputer programem http://www.freedrweb.com/cureit/

Powinno już nie być tego Jeefo, a więc jak Go nie będzie to się zajmiemy resztą.

iwan59
komentarz
komentarz

Aveneger

Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error:  file "C:\WINDOWS\svchost.exe" not found!Deletion of file "C:\WINDOWS\svchost.exe" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existDriver "PowerManager" deleted successfully.Completed script processing.*******************Finished!  Terminate.

Dr.Web CureIt

Nic nie wykrył i nie pokazał loga.

Gość
komentarz
komentarz

Wybrałeś "Pełne Skanowanie"?!

.

iwan59
komentarz
komentarz

Przy włączaniu nie było takiej opcji. Teraz jest do wyboru. Już uruchamiam skanowanie.

MarekM25
komentarz
komentarz

ok dobra usługa skasowana. Daj ponownie loga z otl i bierzemy się za resztę (mógłbym na podstawie starego loga, ale najlepiej mieć aktualny)

iwan59
komentarz
komentarz

CureIt jeszcze się skanuje. Log z OTL podaję. Wieczorem wykonam następne kroki, ponieważ muszę wyjść

otl.txt

OTL logfile created on: 2009-07-21 14:03:52 - Run 3OTL by OldTimer - Version 3.0.9.2	 Folder = I:\Nowy folderWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd510,48 Mb Total Physical Memory | 169,99 Mb Available Physical Memory | 33,30% Memory free1,22 Gb Paging File | 0,90 Gb Available in Paging File | 74,33% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 0,67 Gb Free Space | 3,44% Space Free | Partition Type: NTFSDrive D: | 48,83 Gb Total Space | 10,48 Gb Free Space | 21,46% Space Free | Partition Type: NTFSDrive E: | 39,06 Gb Total Space | 21,86 Gb Free Space | 55,97% Space Free | Partition Type: NTFSDrive F: | 41,62 Gb Total Space | 30,73 Gb Free Space | 73,84% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedDrive I: | 3,72 Gb Total Space | 1,68 Gb Free Space | 45,11% Space Free | Partition Type: FAT32Computer Name: PATRYKCurrent User Name: PATLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2003-04-22 17:20:02 | 00,061,440 | ---- | M] () -- C:\WINDOWS\Dit.exePRC - [2005-10-26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exePRC - [2008-11-27 16:29:38 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2009-07-20 18:46:20 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2005-03-06 22:16:18 | 00,366,080 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exePRC - [2004-10-05 16:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exePRC - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exePRC - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exePRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2002-07-12 10:29:24 | 00,065,536 | ---- | M] () -- C:\WINDOWS\DitExp.exePRC - [2005-06-08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exePRC - [2005-08-10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exePRC - [2006-03-16 09:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exePRC - [2004-08-03 10:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exePRC - [2009-07-21 13:37:28 | 14,991,656 | ---- | M] (Doctor Web, Ltd.) -- I:\Nowy folder\Nowy folder\ukcdl2wl.exePRC - [2008-09-15 14:31:56 | 00,116,024 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temp\RarSFX0\238fq3.exePRC - [2009-06-30 16:54:00 | 02,094,320 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temp\RarSFX0\7t8ms.exePRC - [2004-08-03 10:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-08-03 10:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exePRC - [2009-07-21 02:02:12 | 00,513,536 | ---- | M] (OldTimer Tools) -- I:\Nowy folder\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009-07-21 12:16:15 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])SRV - [2009-07-21 12:16:15 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe -- (FTRTSVC [Auto | Running])SRV - [2004-08-03 10:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2009-07-20 18:46:20 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2005-11-20 17:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])DRV - [2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])DRV - [2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])DRV - [2004-09-01 10:26:41 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Temp\cel90xbe.sys -- (cel90xbe [On_Demand | Stopped])DRV - [2005-01-10 04:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2002-10-02 20:32:48 | 00,017,932 | R--- | M] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys -- (GT680xNT [On_Demand | Stopped])DRV - [2006-10-22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])DRV - [2005-01-10 04:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])DRV - [2007-06-14 20:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])DRV - [2003-08-04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])DRV - [2004-01-26 03:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [system | Running])DRV - [2004-01-26 03:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [boot | Running])DRV - [2003-09-06 00:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [boot | Running])DRV - [2001-08-17 08:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-07 11:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2005-11-09 17:45:36 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])DRV - [2009-03-26 14:37:13 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])DRV - [2003-12-01 03:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [boot | Running])DRV - [2005-12-12 07:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])DRV - [2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])DRV - [2005-11-09 15:45:14 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])DRV - [2006-05-25 05:28:44 | 00,684,265 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Stopped])DRV - [2004-02-01 05:53:20 | 00,026,166 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\DRIVERS\usbfilt.sys -- (Usbfilt [On_Demand | Stopped])DRV - [2006-03-13 16:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300bus.sys -- (w300bus [On_Demand | Stopped])DRV - [2006-03-13 16:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])DRV - [2006-03-13 16:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mdm.sys -- (w300mdm [On_Demand | Stopped])DRV - [2006-03-13 16:50:06 | 00,087,824 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])DRV - [2006-03-13 16:50:08 | 00,085,696 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w300obex.sys -- (w300obex [On_Demand | Stopped])DRV - [2005-11-10 05:45:32 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [system | Stopped])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()IE - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\S-1-5-21-1614895754-1645522239-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-20 18:46:21 | 00,000,000 | ---D | M]O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1	   localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll File not foundO4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()O4 - HKLM..\Run: [sony Ericsson PC Suite]  File not foundO4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not foundO4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)O4 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)O4 - Startup: C:\Documents and Settings\PAT\Menu Start\Programy\Autostart\MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36O7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]O7 - HKU\S-1-5-21-1614895754-1645522239-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614895754-1645522239-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1614895754-1645522239-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html File not foundO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html File not foundO12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.209.70 10.36.0.1 217.30.137.200O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-08-29 05:05:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009-07-21 13:39:46 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-21 13:39:46 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-21 13:39:46 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-21 13:39:46 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-07-21 13:39:48 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT32 ]O33 - MountPoints2\{07d67764-5701-11dd-b179-0013d3f1e3e3}\Shell\Open(&0)\command - "" = I:\Recycled\ctfmon.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{0a68a6c5-4eb8-11dd-b164-0013d3f1e3e3}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{96995c30-507d-11dd-b16d-0013d3f1e3e3}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{f13f0c9c-ae16-11dd-b207-0013d3f1e3e3}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\explore\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\C\Shell\open\Command - "" = C:\3o.exe -- File not foundO33 - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe -- File not foundO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found========== Files/Folders - Created Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][2009-07-21 13:59:33 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Internet.lnk[2009-07-21 13:42:10 | 00,000,000 | ---D | C] -- C:\Avenger[2009-07-21 13:39:46 | 00,000,000 | RHSD | C] -- C:\autorun.inf[2009-07-21 13:39:06 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Flash_Disinfector.exe[2009-07-21 12:26:35 | 00,000,000 | ---D | C] -- C:\rsit[2009-07-20 20:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Malwarebytes[2009-07-20 20:22:18 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-20 20:22:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-20 20:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-20 20:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-20 20:18:27 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-20 20:06:28 | 00,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 20:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InsFiles[2009-07-20 20:02:01 | 00,006,091 | ---- | C] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE ZXDSL 852[2009-07-20 20:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AlertModule[2009-07-20 20:01:42 | 00,036,864 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\IfHelper.dll[2009-07-20 20:01:41 | 00,040,960 | ---- | C] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe[2009-07-20 19:52:07 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 19:51:53 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-20 19:51:53 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-20 19:51:53 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009-07-20 19:51:53 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-20 19:51:53 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009-07-20 19:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira[2009-07-20 18:47:44 | 00,526,184 | ---- | C] (Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll[2009-07-20 18:47:44 | 00,456,536 | ---- | C] (Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL[2009-07-20 18:47:44 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin[2009-07-20 18:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician[2009-07-20 18:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Sun[2009-07-20 18:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\neostrada tp[2009-07-20 18:08:25 | 01,488,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.dll[2009-07-20 18:08:25 | 00,332,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe[2009-07-20 18:08:25 | 00,200,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll[2009-07-20 18:06:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\WinRAR[2009-07-20 18:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR[2009-07-20 18:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy[2009-07-20 17:57:14 | 53,535,1296 | -HS- | C] () -- C:\hiberfil.sys[2009-07-20 17:41:44 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-20 17:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Zards software[2009-07-19 09:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2009-07-19 09:11:20 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-19 09:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:10:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu[2009-07-18 21:41:13 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 21:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL[2009-07-18 13:29:16 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:51:18 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini[2009-07-18 09:51:17 | 00,102,400 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\stmtrace.exe[2009-07-18 09:51:17 | 00,065,536 | R--- | C] (STMicroelectronics) -- C:\WINDOWS\DSLTest.exe[2009-07-18 09:51:17 | 00,000,902 | R--- | C] () -- C:\WINDOWS\System32\setup.ini[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTR.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShRx.ico[2009-07-18 09:51:17 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShow.ico[2009-07-18 09:51:16 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys[2009-07-18 09:51:16 | 00,446,464 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmadsl.cpl[2009-07-18 09:51:16 | 00,060,255 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\drivers\stmatm.sys[2009-07-18 09:51:16 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe[2009-07-18 09:51:16 | 00,018,498 | R--- | C] () -- C:\WINDOWS\System32\CSALogo.bmp[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icStop.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icNoMo.ico[2009-07-18 09:51:16 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icInit.ico[2009-07-18 09:51:06 | 00,032,768 | ---- | C] (France Télécom R&D) -- C:\WINDOWS\System32\WooDial2000.dll[2009-07-18 09:48:49 | 00,425,984 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmcfg32.dll[2009-07-18 09:48:49 | 00,151,552 | R--- | C] (STMicroelectronics			  ) -- C:\WINDOWS\System32\stmctrl.dll[2009-07-18 09:48:34 | 00,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32n50.dll[2009-07-18 09:48:34 | 00,016,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS[2009-07-18 09:48:06 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll[2009-07-18 09:48:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java[2009-07-04 20:08:21 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-05-29 18:53:18 | 00,000,468 | ---- | C] () -- C:\WINDOWS\gfscore.ini[2009-02-22 15:44:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2009-01-24 11:59:21 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wininit.ini[2009-01-22 19:57:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI[2009-01-16 18:18:11 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2009-01-16 18:18:11 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2008-11-28 15:53:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2008-11-28 15:53:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008-11-28 15:53:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008-11-28 15:53:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-11-28 15:53:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-11-27 16:30:46 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini[2008-11-23 09:05:20 | 00,000,092 | ---- | C] () -- C:\WINDOWS\galaxy.ini[2008-11-14 16:13:46 | 00,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI[2008-10-18 20:23:47 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI[2008-06-13 14:58:52 | 00,001,969 | ---- | C] () -- C:\WINDOWS\disney.ini[2008-06-13 14:58:38 | 00,000,182 | ---- | C] () -- C:\WINDOWS\disneysy.ini[2008-05-23 16:49:39 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008-04-15 09:11:58 | 00,167,936 | ---- | C] () -- C:\WINDOWS\Dit.DLL[2008-04-15 09:11:58 | 00,000,212 | ---- | C] () -- C:\WINDOWS\Dit.INI[2008-04-04 17:48:09 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2008-02-12 15:38:46 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI[2007-10-07 06:09:06 | 00,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI[2007-10-07 06:05:45 | 00,017,932 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\Gt680x.sys[2007-10-07 06:05:33 | 00,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll[2007-10-07 06:05:32 | 00,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini[2007-10-07 06:05:31 | 00,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI[2007-10-07 06:04:57 | 00,003,429 | ---- | C] () -- C:\WINDOWS\If42le.ini[2007-10-07 06:04:57 | 00,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI[2007-10-07 06:04:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll[2007-10-07 06:04:47 | 00,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini[2007-09-24 22:35:03 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2007-09-08 23:44:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2007-08-29 05:50:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007-08-29 05:30:22 | 00,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini[2007-08-29 05:30:22 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2007-08-29 05:27:58 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini[2006-10-22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll[2006-03-06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll[2006-01-20 10:46:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-06-14 21:20:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2005-06-14 21:20:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2005-06-14 21:20:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2005-06-14 21:20:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll[2005-06-14 21:20:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2005-06-14 21:20:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll[2005-05-03 05:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2004-08-03 10:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2003-10-02 04:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll[2002-04-10 19:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll[2002-04-01 10:29:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2002-04-01 10:16:30 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2002-04-01 10:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2002-04-01 10:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2002-03-26 07:18:28 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll[2002-02-21 04:41:20 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2002-01-20 00:26:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll[2001-10-25 02:53:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll[2001-07-21 09:16:20 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-21 09:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini[2001-06-21 23:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll[1997-06-13 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-21 13:59:34 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Internet.lnk[2009-07-21 13:42:55 | 00,088,230 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2009-07-21 13:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-21 13:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-21 13:42:33 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys[2009-07-21 13:39:27 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Flash_Disinfector.exe[2009-07-21 12:16:15 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009-07-21 12:16:15 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys[2009-07-21 12:16:15 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009-07-20 20:26:35 | 00,006,091 | ---- | M] () -- C:\WINDOWS\stsetup.htm[2009-07-20 20:18:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\HijackThis.lnk[2009-07-20 20:06:28 | 00,001,547 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk[2009-07-20 19:52:07 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk[2009-07-20 18:17:32 | 04,308,548 | -H-- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-20 17:41:44 | 00,000,901 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Cleanse Uninstaller.lnk[2009-07-19 09:11:20 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk[2009-07-18 21:41:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-18 21:41:13 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Metin2 PL.lnk[2009-07-18 13:29:16 | 00,000,022 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Folder skompresowany (zip).zip[2009-07-18 09:32:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-04 20:08:21 | 00,000,058 | ---- | M] () -- C:\Documents and Settings\PAT\Pulpit\Nowy Winamp media file.wav[2009-07-04 20:08:10 | 00,003,429 | ---- | M] () -- C:\WINDOWS\If42le.ini[2009-06-24 18:03:25 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\PAT\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini========== LOP Check ==========[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji[2009-07-20 20:22:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2007-08-29 05:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead[2008-06-13 14:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive[2009-02-23 11:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Synetic[2008-06-05 16:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca[2008-03-15 08:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2007-08-29 06:54:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2007-08-29 05:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2007-08-29 05:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-07-20 20:22:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\PAT\Dane aplikacji[2008-02-21 07:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ahead[2008-04-09 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Ascaron Entertainment[2007-10-07 06:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\InterTrust[2008-06-05 20:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Leadertech[2008-06-18 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\LEGO Media[2009-07-19 10:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Nowe Gadu-Gadu[2009-07-19 09:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\OpenFM[2007-12-04 05:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Participatory Culture Foundation[2007-12-29 13:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\PCF-VLC[2009-02-22 17:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Summer Athletics 2008[2008-06-05 16:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PAT\Dane aplikacji\Teleca[2001-07-21 09:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-21 13:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==========< End of report >
MarekM25
komentarz
komentarz

Wykonaj loga z combofix, bo widzę, że tu jeszcze siedzi coś z czym otl może sobie nie poradzić

iwan59
komentarz
komentarz

Wynik skanowania Dr Web CureIt

dw8a4y.jpg

skanuje combofix

MarekM25
komentarz
komentarz

Log z dr weba wygląda dobrze.

Wszystkie te system volume information są nieszkodliwe i wystarczy tu wyłączyć i włączyć przywracanie systemu (Mój komputer->PPM->Właściwości->Przywracanie systemu-> Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach i potem jeżeli chcesz odznaczasz)

Pozostałe programy są od narzędzi generujących loga. Wywal je.

iwan59
komentarz
komentarz

ComboFix

log.txt

ComboFix 09-07-20.05 - PAT 2009-07-21 21:14.1.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.510.280 [GMT -12:00]Uruchomiony z: i:\nowy folder\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\recycled\Recycledc:\windows\Installer\145d87.msic:\windows\system32\Datac:\windows\system32\setup.ini.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER(((((((((((((((((((((((((   Pliki utworzone od 2009-06-22 do 2009-07-22  ))))))))))))))))))))))))))))))).2009-07-22 02:07 . 2009-07-21 13:58	517830	----a-w-	C:\HaxFix.exe2009-07-22 02:07 . 2009-07-22 02:07	--------	d-----w-	C:\HaxFix2009-07-22 01:45 . 2009-07-22 04:27	--------	d-----w-	c:\documents and settings\PAT\DoctorWeb2009-07-22 00:26 . 2009-07-22 00:29	--------	d-----w-	C:\rsit2009-07-22 00:15 . 2009-07-22 00:15	152576	----a-w-	c:\documents and settings\PAT\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll2009-07-21 08:22 . 2009-07-21 08:22	--------	d-----w-	c:\documents and settings\PAT\Dane aplikacji\Malwarebytes2009-07-21 08:22 . 2009-05-27 01:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys2009-07-21 08:22 . 2009-07-21 08:22	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-07-21 08:22 . 2009-05-27 01:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys2009-07-21 08:22 . 2009-07-21 08:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware2009-07-21 08:18 . 2009-07-21 08:18	--------	d-----w-	c:\program files\Trend Micro2009-07-21 08:02 . 2009-07-21 08:02	--------	d-----w-	c:\windows\system32\InsFiles2009-07-21 08:02 . 2009-07-21 08:02	--------	d-----w-	c:\program files\ZTE ZXDSL 8522009-07-21 08:01 . 2009-07-21 08:01	--------	d-----w-	c:\windows\system32\AlertModule2009-07-21 08:01 . 2005-10-07 02:55	36864	----a-w-	c:\windows\system32\IfHelper.dll2009-07-21 08:01 . 2004-08-24 01:49	40960	----a-w-	c:\windows\system32\FTRTSVC.exe2009-07-21 07:51 . 2009-07-22 00:16	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys2009-07-21 07:51 . 2009-07-22 00:16	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys2009-07-21 07:51 . 2009-02-13 23:29	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys2009-07-21 07:51 . 2009-02-13 23:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys2009-07-21 07:51 . 2009-07-21 07:51	--------	d-----w-	c:\program files\Avira2009-07-21 07:51 . 2009-07-21 07:51	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira2009-07-21 06:47 . 2005-01-12 23:19	456536	----a-w-	c:\windows\system32\XCEEDZIP.DLL2009-07-21 06:47 . 2004-09-28 23:13	526184	----a-w-	c:\windows\system32\XceedCry.dll2009-07-21 06:47 . 2004-08-12 03:55	110602	----a-w-	c:\windows\system32\xcdsfx32.bin2009-07-21 06:47 . 2009-07-21 09:35	--------	d-----w-	c:\program files\Driver Magician2009-07-21 06:46 . 2009-07-21 06:46	410984	----a-w-	c:\windows\system32\deploytk.dll2009-07-21 06:14 . 2009-07-22 09:20	--------	d-----w-	c:\program files\neostrada tp2009-07-21 06:03 . 2009-07-21 06:03	--------	d-----w-	c:\program files\xp-AntiSpy2009-07-21 05:41 . 2009-07-21 05:41	--------	d-----w-	c:\program files\Zards software2009-07-19 21:18 . 2009-07-19 21:18	--------	d-----w-	c:\documents and settings\PAT\Dane aplikacji\OpenFM2009-07-19 21:11 . 2009-07-19 22:51	--------	d-----w-	c:\documents and settings\PAT\Dane aplikacji\Nowe Gadu-Gadu2009-07-19 21:10 . 2009-07-21 09:35	--------	d-----w-	c:\program files\Nowe Gadu-Gadu2009-07-19 09:40 . 2009-07-21 09:35	--------	d-----w-	c:\program files\Metin2_PL2009-07-18 21:51 . 2006-06-06 17:20	102400	----a-r-	c:\windows\stmtrace.exe2009-07-18 21:51 . 2005-07-07 19:02	65536	----a-r-	c:\windows\DSLTest.exe2009-07-18 21:51 . 2006-05-25 17:28	684265	----a-r-	c:\windows\system32\drivers\torususb.sys2009-07-18 21:51 . 2004-07-27 20:18	36864	----a-r-	c:\windows\system32\stmclean.exe2009-07-18 21:51 . 2003-08-12 16:51	60255	----a-r-	c:\windows\system32\drivers\stmatm.sys2009-07-18 21:51 . 2004-08-24 01:50	32768	----a-w-	c:\windows\system32\WooDial2000.dll2009-07-18 21:48 . 2006-06-02 20:38	425984	----a-r-	c:\windows\system32\stmcfg32.dll2009-07-18 21:48 . 2006-06-02 13:01	151552	----a-r-	c:\windows\system32\stmctrl.dll2009-07-18 21:48 . 2003-08-05 01:22	94208	----a-w-	c:\windows\system32\W32n50.dll2009-07-18 21:48 . 2003-08-05 01:22	16128	------w-	c:\windows\system32\PCANDIS5.SYS2009-07-18 21:48 . 2009-07-21 06:46	--------	d-----w-	c:\program files\Java2009-07-18 21:48 . 2002-11-02 08:15	41068	------w-	c:\windows\system32\ActPanel.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-21 09:35 . 2008-05-24 04:32	--------	d-----w-	c:\program files\USB Data Cable 1.12.27s2009-07-21 09:35 . 2008-01-23 04:19	--------	d-----w-	c:\program files\Speed Reader PL2009-07-21 09:35 . 2007-10-07 18:07	--------	d-----w-	c:\program files\Sprint & FineReader 5.0 Office Try&Buy2009-07-21 09:35 . 2007-10-07 18:04	--------	d-----w-	c:\program files\ScannerU2009-07-21 09:35 . 2008-03-27 06:23	--------	d-----w-	c:\program files\Registry Shower 20072009-07-21 09:35 . 2007-08-29 17:21	--------	d-----w-	c:\program files\Real Alternative2009-07-21 09:35 . 2008-04-13 02:31	--------	d-----w-	c:\program files\MultiKeyboard Driver2009-07-21 09:35 . 2008-11-15 04:16	--------	d-----w-	c:\program files\Media Player Classic2009-07-21 09:35 . 2008-02-27 01:27	--------	d-----w-	c:\program files\LRC Editor 42009-07-21 09:35 . 2008-11-29 03:53	--------	d-----w-	c:\program files\K-Lite Codec Pack2009-07-21 09:35 . 2008-11-23 21:05	--------	d-----w-	c:\program files\Crawler2009-07-18 21:48 . 2007-08-29 17:30	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-07-08 07:24 . 2008-02-27 02:27	--------	d-----w-	c:\program files\Common Files\EasyInfo2009-06-05 05:13 . 2009-02-23 04:55	--------	d-----w-	c:\program files\Summer Athletics2009-06-05 05:03 . 2008-11-28 04:49	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple Computer2009-06-02 08:36 . 2007-08-29 17:16	18656	----a-w-	c:\documents and settings\PAT\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-30 07:01 . 2009-05-30 07:01	--------	d-----w-	c:\program files\Freeware Games2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\PAT\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-23 7700480]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-23 86016]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 159744]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-28 180269]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 136600]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-03 209153]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-24 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-15 32768]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-23 1622016]"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]"Dit"="Dit.exe" - c:\windows\Dit.exe [2003-04-23 61440][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\PAT\Menu Start\Programy\Autostart\MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2008-4-12 366080][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"=R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-20 108289]S3 cel90xbe;cel90xbe;\??\c:\docume~1\PAT\USTAWI~1\Temp\cel90xbe.sys --> c:\docume~1\PAT\USTAWI~1\Temp\cel90xbe.sys [?]S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [2007-10-07 17932]S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-07-18 684265]S3 Usbfilt;UsbFilt;c:\windows\system32\drivers\usbfilt.sys [2008-04-12 26166]S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-06-07 87824]S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-06-07 85696]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.07\AMVConverter\grab.htmlIE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.07\MediaManager\grab.html.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-21 21:21Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1614895754-1645522239-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(3244)c:\progra~1\WINDOW~2\wmpband.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\progra~1\NEOSTR~1\TaskBarIcon.exec:\program files\Common Files\Teleca Shared\CapabilityManager.exec:\windows\DitExp.exec:\program files\Nowe Gadu-Gadu\spellchecker_gg.exec:\program files\Common Files\Teleca Shared\Generic.exec:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\windows\system32\FTRTSVC.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\wdfmgr.exec:\windows\system32\wscntfy.exec:\windows\system32\msiexec.exec:\windows\system32\msiexec.exe.**************************************************************************.Czas ukończenia: 2009-07-22 21:24 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-22 09:24Przed: 670 625 792 bajtów wolnychPo: 1 980 858 368 bajtów wolnych173
Gość
komentarz
komentarz

Log jest czysty.

1. Start>>>Uruchom>>>cmd>>>Wklep to:

SC DELETE cel90xbe

ENTER.

2. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera.

3. Użyj programu Malwarebytes.

Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok.

Wrzuć wygenerowany raport po usuwaniu MBAMem.

4. Przeskanuj obszar "Mój Komputer" http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

MarekM25
komentarz
komentarz (edytowane)

W celach zapobiegawczych bym jeszcze raz przeleciał szczepionkami:

http://www.sophos.com/support/disinfection/jeefoa.html

skan antywirusem jakiego masz na kompie + skan skanerem online

sory kamil pierwszy;) kasuje mój skrypt:P

iwan59
komentarz
komentarz

Dzięki Panowie za pomoc, ale sobie odpuszczam. Zadużo czasu mi to zajmuje. Formatuje dysk twardy. Pozdrawiam ;)

MarekM25
komentarz
komentarz

ale to już koniec:D przecież już nie ma Jeefo

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.