Adwrond utworzono 15 sierpnia 2009 utworzono 15 sierpnia 2009 Witam! Komputer mi się restartuje zaraz po pojawieniu się napisu Windows XP. Żeby włączyć komputer muszę kopiować z płyty z windowsem plik ntfs.sys do katalogu C:\WINDOWS\system32\drivers. Po wywołaniu BSODa jest napisane: Informacje techniczne:*** STOP: 0x0000007E (0xC0000005,0x80686C9F,0xF7A2B538,0xF7A2B234) Wyskakują mi powiadomienia o wirusach: Oczywiście nie działa wybieranie DELETE ani żadnej innej z tych opcji. Usuwanie ręczne tych wirusów też nie pomaga. Oto log z HijackThis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:59, on 2009-08-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\msword98.exe C:\WINDOWS\system32\msword98.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programy\Gadu-Gadu\gg.exe C:\Documents and Settings\User\msword98.exe C:\Documents and Settings\User\msword98.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\braviax.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe D:\Programy\Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe O4 - HKCU\..\Run: [uruchamianie DeCe] C:\Program Files\DeCe\dc.exe -m O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\User\msword98.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing) O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 9660 bytes Proszę pomóżcie! Potrzebuję jeszcze działającego normalnie systemu przez miesiąc i nie mogę zrobić teraz formatu C.
Mateusz J. komentarz 15 sierpnia 2009 komentarz 15 sierpnia 2009 Masz rootkita, jest to duża infekcja, dlatego proszę Cię o loga z programu ComboFix: http://www.forumpc.pl/index.php?showtopic=120614 (na przyszłość: nie używaj tego programu bez wyraźnego zalecenia osoby sprawdzającej logi). 1
Adwrond komentarz 15 sierpnia 2009 Autor komentarz 15 sierpnia 2009 Dzięki za zainteresowanie. Niestety ComboFix się nie włącza. Zapisałem go na pulpicie i jak go uruchamiam to po prostu nic się nie dzieje...
dar55 komentarz 15 sierpnia 2009 komentarz 15 sierpnia 2009 combo zapisz jako -> blabla.exe podczas pobierania do speców ja się nie wtrącam
Adwrond komentarz 15 sierpnia 2009 Autor komentarz 15 sierpnia 2009 Dzięki. Mam loga: Log do sprawdzenia ComboFix 09-08-10.06 - User 2009-08-15 21:28.1.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.665 [GMT 2:00] Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk c:\documents and settings\User\Dane aplikacji\wiaserva.log c:\documents and settings\User\Menu Start\Programy\Autostart\ikowin32.exe c:\documents and settings\User\nowegg.exe c:\documents and settings\User\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\etiraqiti.lib C:\System c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\Data c:\windows\system32\dllcache\figaro.sys c:\windows\system32\wisdstr.exe Zainfekowana kopia c:\windows\system32\drivers\beep.sys została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{2423CA2A-2F2F-4B30-BBF5-4ECB9F1181EC}\RP27\A0012311.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Service_oreans32 ((((((((((((((((((((((((( Pliki utworzone od 2009-07-15 do 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 19:32 . 2009-08-15 19:38 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-15 19:32 . 2009-08-15 19:38 29184 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-14 11:14 . 2009-08-15 19:38 138 ----a-w- c:\documents and settings\User\delself.bat 2009-08-14 11:14 . 2009-08-15 19:38 606528 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-14 10:13 . 2009-08-14 10:13 27004 ----a-w- c:\windows\system32\msword98.exe 2009-08-14 10:13 . 2009-08-14 10:13 27004 ----a-w- c:\documents and settings\User\msword98.exe 2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi 2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi 2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2 2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense 2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird 2009-08-03 07:26 . 2009-08-15 16:15 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup 2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass 2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro 2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS 2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys 2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 19:38 . 2002-08-29 02:13 606528 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent 2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt 2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw 2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv 2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995 2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp 2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip 2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip 2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat 2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe 2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll . ------- Sigcheck ------- [-] 2009-08-15 19:38 29184 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\dllcache\beep.sys [-] 2009-08-15 19:38 29184 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\beep.sys [7] 2004-08-03 21:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-15 19:38 606528 C7D310BB29F691EB821E483B6E1A1986 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-15 19:38 606528 C7D310BB29F691EB821E483B6E1A1986 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792] "Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376] "msword98"="c:\documents and settings\User\msword98.exe" [2009-08-14 27004] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "msword98"="c:\windows\system32\msword98.exe" [2009-08-14 27004] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Programy\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitSpirit\\BitSpirit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15054:TCP"= 15054:TCP:BitComet 15054 TCP "15054:UDP"= 15054:UDP:BitComet 15054 UDP R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792] S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}] c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe . Zawartość folderu 'Zaplanowane zadania' . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Uruchamianie DeCe - c:\program files\DeCe\dc.exe HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe HKCU-Run-CTSyncU.exe - c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe HKLM-Run-Launch Ai Booster - c:\program files\ASUS\Ai Booster\OverClk.exe HKLM-Run-LanTalk.NET - c:\program files\CEZEO software\LanTalk NET\LanTalk.exe HKLM-Run-Anti-Blaxx Manager - c:\program files\Anti-Blaxx\Anti-Blaxx.exe HKLM-Run-Ai Nap - c:\program files\ASUS\Ai Nap\AiNap.exe HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe Notify-winrzf32 - winrzf32.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1;*.local IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 21:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\system32\wisdstr.exe 192158 bytes executable skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(808) c:\windows\system32\nvappfilter.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.virsys c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Executive Software\DiskeeperLite\DKService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe d:\programy\Gadu-Gadu\spellchecker_gg.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe . ************************************************************************** . Czas ukończenia: 2009-08-15 21:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-15 19:43 Przed: 1 607 729 152 bajtów wolnych Po: 1 500 569 600 bajtów wolnych 281 //na przyszłość , logi wstawiamy w tagi LOG //dar55
Mateusz J. komentarz 15 sierpnia 2009 komentarz 15 sierpnia 2009 Do notatnika wklej: File::c:\windows\system32\msword98.exec:\documents and settings\User\msword98.exec:\windows\system32\dllcache\ntfs.sysc:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exec:\windows\system32\wisdstr.exeRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msword98"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msword98"=-[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}] Plik => zapisz jako pod nazwą CFScript.txt, następnie utworzony skrypt przeciągnij na ikonkę ComboFix. Pokaż nowy log po usuwaniu.
Adwrond komentarz 15 sierpnia 2009 Autor komentarz 15 sierpnia 2009 Ok, mam loga Log do sprawdzenia ComboFix 09-08-10.06 - User 2009-08-15 23:34.2.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.665 [GMT 2:00] Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe Użyto następujących komend :: c:\documents and settings\User\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: "c:\documents and settings\User\msword98.exe" "c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe" "c:\windows\system32\dllcache\ntfs.sys" "c:\windows\system32\msword98.exe" "c:\windows\system32\wisdstr.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\msword98.exe c:\documents and settings\User\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\ntfs.sys c:\windows\system32\msword98.exe Zainfekowana kopia c:\windows\system32\drivers\beep.sys została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{2423CA2A-2F2F-4B30-BBF5-4ECB9F1181EC}\RP27\A0012311.sys . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-15 do 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 21:39 . 2001-08-23 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-15 21:39 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-14 11:14 . 2009-08-15 20:19 138 ----a-w- c:\documents and settings\User\delself.bat 2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi 2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi 2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2 2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense 2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird 2009-08-03 07:26 . 2009-08-15 20:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup 2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass 2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro 2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS 2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys 2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent 2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt 2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw 2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv 2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995 2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp 2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip 2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip 2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat 2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe 2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_19.39.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-15 21:45 . 2009-08-15 21:45 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat + 2002-08-29 02:13 . 2002-08-29 02:13 561920 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792] "Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Programy\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitSpirit\\BitSpirit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15054:TCP"= 15054:TCP:BitComet 15054 TCP "15054:UDP"= 15054:UDP:BitComet 15054 UDP R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792] S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1;*.local IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 23:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(808) c:\windows\system32\nvappfilter.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Executive Software\DiskeeperLite\DKService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-08-15 23:49 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-15 21:49 ComboFix2.txt 2009-08-15 19:43 Przed: 1 487 417 344 bajtów wolnych Po: 1 437 044 736 bajtów wolnych 253
Mateusz J. komentarz 15 sierpnia 2009 komentarz 15 sierpnia 2009 Usuń folder c:\QooBox. Czy problem ustąpił? Przeskanuj komputer programem: http://www.forumpc.pl/index.php?showtopic=107753 (pamiętaj o: Jeśli będą zainfekowane pliki itp. to zaznaczamy i wciskamy "Usuń Zaznaczone" i jeśli będzie trzeba restartujemy komputer i dajemy raport na Forum) Proszę również o loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338 Temat przenoszę do subforum Logi do sprawdzenia
Adwrond komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 Wielkie dzięki! Komputer już się nie restartuje i z traya zniknęła ikona o infekcji. Aczkolwiek przy skanowaniu Malwarebytes' AviraAV wyrzuca mi jeszcze że np. w C:\System Volume Information są infekcje, m. in. rootkit. To się długo skanuje więc jeszcze nie mam efektu. A log z OTL wygląda tak: Log do sprawdzenia OTL logfile created on: 2009-08-16 09:12:35 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,48 Mb Total Physical Memory | 617,09 Mb Available Physical Memory | 60,35% Memory free 2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,37% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,87 Gb Total Space | 1,37 Gb Free Space | 6,88% Space Free | Partition Type: NTFS Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CENTRAL Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe PRC - [2004-12-14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running]) SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running]) SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running]) SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped]) SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running]) SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running]) DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running]) DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running]) DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running]) DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running]) DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running]) DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running]) DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped]) DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running]) DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running]) DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running]) DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running]) DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running]) DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running]) DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running]) DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running]) DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running]) DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped]) DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions [2009-08-15 12:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll [2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm () O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes [2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:02:40 | 00,050,013 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\beztytuulrs.png [2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:53:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys [2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys [2009-08-15 23:32:38 | 00,000,000 | --SD | C] -- C:\gnnnf [2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll [2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll [2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll [2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll [2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll [2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll [2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll [2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll [2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll [2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll [2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys [2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll [2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll [2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll [2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys [2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe [2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys [2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll [2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys [2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi [2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI [2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne [2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk [2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2 [2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw [2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense [2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup [2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird [2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass [2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro [2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS [2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys [2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk [2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB [2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker [2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox [2009-07-17 13:03:31 | 00,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk [2009-07-17 13:03:31 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk [2009-07-17 13:03:31 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk [2009-07-17 13:03:31 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk [2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini [2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI [2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI [2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll [2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI [2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI [2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI [2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll [2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini [2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini [2006-08-28 19:54:45 | 00,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll [2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll [2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL [2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2009-08-16 09:10:00 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-16 09:09:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-16 09:09:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:02:40 | 00,050,013 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\beztytuulrs.png [2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:45:15 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-08-15 23:32:15 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt [2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini [2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp [2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI [2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini [2009-08-11 11:40:39 | 00,000,223 | -HS- | M] () -- C:\boot.ini [2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw [2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk ========== LOP Check ========== [2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193} [2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81} [2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData [2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime [2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6 [2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995 [2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji [2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent [2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead [2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo [2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk [2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus [2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit [2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip [2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk [2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software [2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars [2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat [2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies [2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator [2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000 [2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon [2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader [2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston [2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6 [2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition [2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia [2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu [2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer [2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera [2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995 [2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM [2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software [2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity [2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg [2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2 [2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl [2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent [2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-08-16 09:09:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC < End of report >
Gość komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 Infekcja jakaś inna powróciła.! Wklej ponownie log z ComboFixa (najnowszy). .
Adwrond komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 Malwarebytes' w końcu zakończył skanowanie, usunął 16 infekcji i wyrzucił loga: Log do sprawdzenia Malwarebytes' Anti-Malware 1.40 Wersja bazy definicji: 2631 Windows 5.1.2600 Dodatek Service Pack 2 2009-08-16 19:06:03 mbam-log-2009-08-16 (19-06-03).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowane obiekty: 463609 Upłynęło: 8 hour(s), 8 minute(s), 18 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 2 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 4 Zainfekowane foldery: 1 Zainfekowane pliki: 8 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CURRENT_USER\SOFTWARE\ByteLinker (Pup.BitSpirit) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Zainfekowane pliki: C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully. D:\Instalki\Guitar Pro 4.10\keygen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. D:\Almost lost\Instalki\HDD Regenerator 1.51\crack\HDD Regenerator.exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully. D:\Almost lost\Instalki\Sonic Foundry Vegas Video 5 + DVD\Sony Vegas 5.0a (Build 134)\Vegas5_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\Almost lost\Instalki\Sony Vegas 6.0c\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\User\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. A nowy log z ComboFixa wygląda tak: Log do sprawdzenia ComboFix 09-08-10.06 - User 2009-08-16 19:11.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.652 [GMT 2:00] Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-16 do 2009-08-16 ))))))))))))))))))))))))))))))) . 2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes 2009-08-15 22:03 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-08-15 22:03 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-15 21:39 . 2001-08-23 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-15 21:39 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi 2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi 2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano 2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2 2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense 2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird 2009-08-03 07:26 . 2009-08-16 13:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup 2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird 2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass 2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro 2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS 2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys 2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee 2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB 2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker 2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent 2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt 2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw 2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv 2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995 2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp 2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip 2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip 2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat 2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe 2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Programy\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitSpirit\\BitSpirit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15054:TCP"= 15054:TCP:BitComet 15054 TCP "15054:UDP"= 15054:UDP:BitComet 15054 UDP R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792] S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1;*.local IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 19:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(812) c:\windows\system32\nvappfilter.dll . Czas ukończenia: 2009-08-16 19:17 ComboFix-quarantined-files.txt 2009-08-16 17:16 ComboFix2.txt 2009-08-15 21:49 Przed: 1 458 491 392 bajtów wolnych Po: 1 408 200 704 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn 211
Adwrond komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 (edytowane) Proszę Log do sprawdzenia OTL logfile created on: 2009-08-16 20:29:19 - Run 2 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,48 Mb Total Physical Memory | 512,12 Mb Available Physical Memory | 50,09% Memory free 2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,73% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,87 Gb Total Space | 1,35 Gb Free Space | 6,81% Space Free | Partition Type: NTFS Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CENTRAL Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-08-05 11:20:23 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe ========== Win32 Services (SafeList) ========== SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running]) SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running]) SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running]) SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped]) SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running]) SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running]) DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running]) DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running]) DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running]) DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running]) DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running]) DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running]) DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped]) DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running]) DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running]) DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running]) DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running]) DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running]) DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running]) DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running]) DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running]) DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running]) DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped]) DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions [2009-08-16 12:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll [2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm () O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-08-16 19:19:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-08-16 19:09:58 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-08-16 19:09:54 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-08-16 19:09:53 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-08-16 12:27:07 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\normy.doc [2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes [2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys [2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys [2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll [2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll [2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll [2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll [2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll [2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll [2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll [2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll [2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll [2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll [2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys [2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll [2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll [2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll [2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys [2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe [2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys [2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll [2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys [2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi [2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI [2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne [2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk [2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2 [2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw [2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense [2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup [2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird [2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass [2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro [2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS [2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys [2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk [2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB [2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker [2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox [2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini [2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI [2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI [2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll [2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI [2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI [2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI [2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll [2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini [2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini [2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll [2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll [2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL [2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2009-08-16 19:36:40 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-16 19:36:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-16 19:15:01 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-16 19:09:58 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-08-16 19:05:39 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009-08-16 12:27:46 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\normy.doc [2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt [2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini [2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp [2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI [2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini [2009-08-11 11:40:39 | 00,000,223 | ---- | M] () -- C:\Boot.bak [2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw [2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk ========== LOP Check ========== [2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193} [2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81} [2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData [2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime [2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6 [2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995 [2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji [2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent [2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead [2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo [2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk [2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus [2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit [2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip [2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk [2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software [2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars [2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat [2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies [2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator [2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000 [2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon [2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader [2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston [2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6 [2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition [2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia [2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu [2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer [2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera [2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995 [2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM [2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software [2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity [2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg [2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2 [2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl [2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent [2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC < End of report >
Gość komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 [2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr To mi wygląda na jakieś trojany (robaki) mają dziwnę nazwę + powstały w tej samej sekundzie, korci żeby to usunąć, lecz narazie nie dam usuwania. C:\WINDOWS\efejoxivax.dl Sprawdź go na ---> VIRUSSCAN. Albo na --> VIRUSTOTAL. Lub na --> VIRSCAN. .
Adwrond komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 Przeskanowałem go i jeszcze kilka z tych plików i nic nie znalazło. Poza tym w sumie się nic na kompie chyba nie działo od ostatniego przejechania ComboFixem i po usuwaniu Malwarebytesem więc może już nic nie wyskoczy... Komputer działa i mogę kończyć swoją pracę. Tak czy inaczej wielkie dzięki Jesiona za nieocenioną pomoc KamilJB za ostatnie posty!
Gość komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 Czyli końcówka: 1. Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not foundO16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not foundO3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.:Commands[emptytemp][start explorer][Reboot] Klikasz w Run Fix i zatwierdzasz restart komputera. 2. Po restarcie odpalasz ponowie OTL i tym razem wywołujesz go z opcji CleanUp, zgadzasz się na czyszczenie + na kolejny restart komputera. 3. Przeskanuj obszar ,,Mój Komputer" http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
Adwrond komentarz 17 sierpnia 2009 Autor komentarz 17 sierpnia 2009 (edytowane) Pierwsze dwa kroki wykonałem ale skanowania Kasperskym nie bo Klucz utracił ważność czy coś takiego. Za to log z OTL jaki się pojawił wygląda tak: Log do sprawdzenia OTL logfile created on: 2009-08-16 20:29:19 - Run 2 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,48 Mb Total Physical Memory | 512,12 Mb Available Physical Memory | 50,09% Memory free 2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,73% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,87 Gb Total Space | 1,35 Gb Free Space | 6,81% Space Free | Partition Type: NTFS Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CENTRAL Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-08-05 11:20:23 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe ========== Win32 Services (SafeList) ========== SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running]) SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running]) SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running]) SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped]) SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running]) SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running]) DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running]) DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running]) DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running]) DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running]) DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running]) DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running]) DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped]) DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running]) DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running]) DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running]) DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running]) DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running]) DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running]) DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running]) DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running]) DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running]) DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped]) DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions [2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions [2009-08-16 12:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll [2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm () O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-08-16 19:19:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-08-16 19:09:58 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-08-16 19:09:54 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-08-16 19:09:53 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-08-16 12:27:07 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\normy.doc [2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes [2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys [2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys [2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys [2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll [2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll [2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll [2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll [2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll [2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll [2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll [2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll [2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll [2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll [2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys [2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll [2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll [2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll [2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys [2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe [2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys [2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll [2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys [2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi [2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI [2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne [2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk [2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2 [2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw [2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense [2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup [2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird [2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass [2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro [2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS [2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys [2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee [2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk [2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB [2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker [2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox [2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini [2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI [2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI [2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll [2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI [2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI [2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI [2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll [2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini [2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini [2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini [2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll [2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll [2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL [2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2009-08-16 19:36:40 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-16 19:36:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-16 19:15:01 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-16 19:09:58 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-08-16 19:05:39 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009-08-16 12:27:46 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\normy.doc [2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe [2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe [2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe [2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr [2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat [2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg [2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg [2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl [2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy [2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf [2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib [2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs [2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif [2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg [2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf [2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs [2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com [2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy [2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll [2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib [2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr [2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif [2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com [2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl [2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com [2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif [2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db [2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe [2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr [2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg [2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG [2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg [2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg [2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk [2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt [2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini [2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp [2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys [2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk [2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI [2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini [2009-08-11 11:40:39 | 00,000,223 | ---- | M] () -- C:\Boot.bak [2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu [2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw [2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk [2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk ========== LOP Check ========== [2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193} [2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81} [2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData [2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano [2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime [2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6 [2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995 [2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee [2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji [2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent [2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead [2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo [2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk [2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus [2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit [2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip [2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk [2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software [2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars [2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat [2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies [2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator [2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000 [2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi [2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon [2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader [2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston [2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime [2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6 [2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition [2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia [2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu [2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer [2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera [2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995 [2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee [2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM [2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software [2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity [2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg [2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2 [2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird [2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl [2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent [2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC < End of report > W każdym razie na razie żadnych problemów nie mam z komputerem.
Gość komentarz 17 sierpnia 2009 komentarz 17 sierpnia 2009 Nic się nie usuneło. Pokaż log z HijackThis. .
Adwrond komentarz 17 sierpnia 2009 Autor komentarz 17 sierpnia 2009 Proszę Log do sprawdzenia Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:47:28, on 2009-08-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\Gadu-Gadu\spellchecker_gg.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8167 bytes
Gość komentarz 17 sierpnia 2009 komentarz 17 sierpnia 2009 Jest OK. Scan programem: http://www.forumpc.pl/index.php?showtopic=104994&st=0&p=733361&fromsearch=1entry733361 .
Adwrond komentarz 19 sierpnia 2009 Autor komentarz 19 sierpnia 2009 Dr.Web coś tam jeszcze znalazł i pousuwał no i chyba wszystko jest ok. Komp działa dobrze w każdym razie. Thx 4 all!!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.