michal24s utworzono 26 sierpnia 2009 utworzono 26 sierpnia 2009 Witam. Dzisiaj po włożeniu płyty AVG wykrył tego wirusa. Właśnie skanuję kompa, ale prosiłbym też o sprawdzenie logów: 1. HijackThis: Log do sprawdzenia Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:49:33, on 2009-08-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe D:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Michał i Grzesio\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1045 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5143 bytes 2. OtViewIt: Log do sprawdzenia OTViewIt Extras logfile created on: 2009-08-26 09:54:05 - Run 3OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\Internet Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 52,13% Memory free 2,98 Gb Paging File | 2,49 Gb Available in Paging File | 83,41% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,63 Gb Total Space | 5,58 Gb Free Space | 35,68% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 18,39 Gb Free Space | 62,76% Space Free | Partition Type: NTFS Drive E: | 29,60 Gb Total Space | 12,62 Gb Free Space | 42,63% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICHAŁ Current User Name: Michał i Grzesio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusOverride"=0 "FirewallOverride"=0 "UpdatesDisableNotify"=0 "FirewallDisableNotify"=0 "AntiVirusDisableNotify"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008-04-15 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008-04-15 14:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008-07-01 01:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe [2008-03-16 13:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe [2008-03-16 13:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008-04-15 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008-04-15 14:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008-07-01 01:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe [2008-03-16 13:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe [2008-03-16 13:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe [2009-02-09 21:39:20 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny [2007-03-07 12:27:12 | 00,567,384 | ---- | M] (www.sopcast.com) -- D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver [2008-04-30 10:32:48 | 01,892,352 | ---- | M] (www.sopcast.com) -- D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application [2009-08-15 21:18:02 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox [2009-02-15 15:38:15 | 03,330,048 | ---- | M] () -- E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare [2009-02-27 18:08:11 | 28,364,800 | ---- | M] (Sports Interactive) -- E:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 [2009-08-19 08:54:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe [2009-08-19 08:54:19 | 01,165,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe [2009-08-19 08:54:58 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe [2006-08-15 18:13:19 | 01,974,272 | ---- | M] () -- E:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s [2005-09-29 18:07:44 | 04,173,890 | ---- | M] (IGN Entertainment, Inc.) -- D:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade [2009-07-14 20:54:48 | 03,997,696 | ---- | M] () -- C:\Documents and Settings\Michał i Grzesio\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer [2009-07-27 17:42:10 | 10,719,848 | ---- | M] (GG Network S.A.) -- D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu [2009-08-18 19:07:37 | 07,933,248 | R--- | M] (THQ Canada Inc.) -- E:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [2002-05-23 21:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing] [2009-08-19 08:54:54 | 00,087,320 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) msdaipp: [HKLM - No CLSID value] [2002-05-23 21:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing] [2002-05-23 21:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{036FD544-AED6-3F33-856D-A2292D0CF471}"=Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty® 4 - Modern Warfare 1.3 Patch "{199E6632-EB28-4F73-AECB-3E192EB92D18}"=Company of Heroes "{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11 "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}"=OpenOffice.org 3.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare 1.4 Patch "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}"=DocProc "{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}"=Call of Duty® 4 - Modern Warfare 1.1 Patch "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}"=DJ_AIO_03_F4200_Software "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}"=Call of Duty® 2 Patch 1.3 "{7C77393F-8237-3825-A88A-AFAF3C69C072}"=Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}"=Zune Desktop Theme "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare 1.5 Patch "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare 1.6 Patch "{8F32C384-D237-4516-9F2B-223E8963A2FB}"=Lager "{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare 1.7 Patch "{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2 "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}"=WebReg "{BA12FD6C-169A-11D7-A6A9-00C026281E5B}"=PC DUAL SHOCK "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}"=DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}"=BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}"=HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}"=Scan "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1 "{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2 "{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare "{E5141379-B2D9-4BBC-BB2A-5805541571DD}"=Call of Duty® 4 - Modern Warfare 1.2 Patch "{E96B0085-6659-486b-A221-5042A042728D}"=Toolbox "{F31E509D-3597-324E-83CF-0C160B2320F0}"=Microsoft .NET Framework 3.5 Language Pack - plk "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}"=32 Bit HP CIO Components Installer "7-Zip"=7-Zip 4.64 "Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin "Any Video Converter_is1"=Any Video Converter 2.7.1 "AVG8Uninstall"=AVG 8.5 "CCleaner"=CCleaner (remove only) "C-Media Audio"=C-Media 3D Audio "Football Manager 2009"=Football Manager 2009 "GameSpy Arcade"=GameSpy Arcade "HijackThis"=HijackThis 2.0.2 "HPOCR"=OCR Software by I.R.I.S. 11.0 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty® 4 - Modern Warfare 1.3 Patch "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare 1.4 Patch "InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}"=Call of Duty® 4 - Modern Warfare 1.1 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare 1.7 Patch "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}"=Call of Duty® 4 - Modern Warfare 1.2 Patch "KLiteCodecPack_is1"=K-Lite Codec Pack 4.4.5 (Full) "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack - plk"=Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.2)"=Mozilla Firefox (3.5.2) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey"=Nero OEM "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "Nowe Gadu-Gadu"=Nowe Gadu-Gadu "NVIDIA Drivers"=NVIDIA Drivers "SopCast"=SopCast 3.0.3 "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent"=µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-07-20 05:02:14 | Computer Name = MICHAŁ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca PowerSoccer.exe, wersja 0.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-07-21 07:30:42 | Computer Name = MICHAŁ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca PowerSoccer.exe, wersja 0.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-07-24 05:09:49 | Computer Name = MICHAŁ | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 2009-08-01 14:18:42 | Computer Name = MICHAŁ | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 2009-08-07 09:31:11 | Computer Name = MICHAŁ | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 2009-08-14 13:16:57 | Computer Name = MICHAŁ | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. Error - 2009-08-19 03:06:25 | Computer Name = MICHAŁ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca soffice.bin, wersja 3.0.9357.500, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-08-19 03:09:54 | Computer Name = MICHAŁ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca soffice.bin, wersja 3.0.9357.500, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-08-19 08:16:50 | Computer Name = MICHAŁ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd reliccoh.exe, wersja 1.71.0.10609, moduł powodujący błąd reliccoh.exe, wersja 1.71.0.10609, adres błędu 0x00091b96. Error - 2009-08-19 08:17:23 | Computer Name = MICHAŁ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca BugReport.exe, wersja 0.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2009-08-24 01:37:43 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-24 02:11:11 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-24 02:17:16 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-24 11:59:10 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-24 12:23:13 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-25 14:08:00 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-25 14:21:29 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-25 14:24:59 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-26 02:29:35 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-08-26 03:45:31 | Computer Name = MICHAŁ | Source = Service Control Manager | ID = 7023 Description = Usługa Driver Image zakończyła działanie; wystąpił następujący błąd: %%126 < End of report > Log do sprawdzenia OTViewIt logfile created on: 2009-08-26 09:54:05 - Run 3OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\Internet Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,25 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 52,13% Memory free 2,98 Gb Paging File | 2,49 Gb Available in Paging File | 83,41% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,63 Gb Total Space | 5,58 Gb Free Space | 35,68% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 18,39 Gb Free Space | 62,76% Space Free | Partition Type: NTFS Drive E: | 29,60 Gb Total Space | 12,62 Gb Free Space | 42,63% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICHAŁ Current User Name: Michał i Grzesio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2006-11-03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe [2009-08-19 08:54:47 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-01-17 18:49:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2009-01-20 13:36:43 | 00,070,968 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe [2009-05-22 21:37:23 | 00,188,848 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe [2009-08-19 08:54:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe [2009-08-19 08:55:02 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2009-08-19 08:54:58 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe [2008-04-15 14:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2006-11-03 20:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe [2004-08-22 18:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- D:\Program Files\D-Tools\daemon.exe [2009-08-19 08:54:51 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2009-07-27 17:42:10 | 10,719,848 | ---- | M] (GG Network S.A.) -- D:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-08-19 08:55:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe [2009-07-27 16:39:44 | 00,077,824 | ---- | M] () -- D:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe [2008-10-16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2009-08-15 21:18:02 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe [2009-04-16 21:53:14 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\Internet\OTViewIt.exe ========== (O23) Win32 Services ========== [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2009-08-19 08:54:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) [2009-08-19 08:54:47 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running]) [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) [2009-01-17 18:49:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008-12-26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2009-01-20 13:36:43 | 00,070,968 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) [2009-05-22 21:37:23 | 00,188,848 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running]) [2006-11-03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running]) [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008-04-15 14:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running]) [2009-02-23 15:50:44 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running]) [2009-08-19 08:55:02 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) [2009-08-19 08:55:02 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) [2009-05-04 14:53:28 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [system | Running]) [2003-10-17 05:52:06 | 00,754,560 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running]) [2004-08-22 17:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [boot | Running]) [2004-08-22 17:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [boot | Running]) [2008-04-14 02:06:42 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\GAGP30KX.SYS -- (gagp30kx [boot | Running]) [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running]) [2008-01-24 23:22:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) [2008-01-24 23:22:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) [2008-01-24 23:22:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) [2009-02-23 15:50:43 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running]) [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) [2008-12-26 01:08:00 | 06,301,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2008-04-15 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008-04-15 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04 [boot | Running]) [2008-04-14 00:05:40 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Running]) [2009-02-10 18:17:59 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running]) [2001-08-17 22:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} (HKLM) -- C:\Documents and Settings\Michał i Grzesio\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) ========== (O3) Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found "DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" -lang 1045 (DAEMON'S HOME) "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) "nwiz"=nwiz.exe /install () "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="D:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.) ========== (O4) Startup Folders ========== ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008-04-15 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 23:51:32 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 23:51:32 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-15 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 23:51:32 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11 ========== (O17) DNS Name Servers ========== {C7AA7B83-10E1-4732-8479-B6FE0BE3B5E6} (Servers: | Description: Karta PCI Fast Ethernet oparta na SiS 900) ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2009-01-15 19:07:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd05930e-2aab-11de-9626-000b6a417ef2}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd05930e-2aab-11de-9626-000b6a417ef2}\Shell\AutoRun\command] ""=C:\WINDOWS\system32\shell32.dll -- [2008-06-17 21:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\*.tmp files] [2009-08-24 07:56:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009-08-23 16:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał i Grzesio\Pulpit\allegro ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-08-26 09:48:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009-08-26 09:45:19 | 00,206,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-26 09:44:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-26 09:44:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-26 08:40:26 | 40,158,011 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009-08-26 08:40:26 | 00,068,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009-08-25 20:07:20 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-08-24 18:08:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-08-24 08:10:44 | 00,016,504 | ---- | M] () -- C:\Documents and Settings\Michał i Grzesio\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-24 08:10:08 | 00,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-08-24 08:02:48 | 01,042,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-24 08:02:48 | 00,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-24 08:02:48 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-24 08:02:48 | 00,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-24 08:02:48 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-23 18:30:45 | 05,860,068 | -H-- | M] () -- C:\Documents and Settings\Michał i Grzesio\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-19 08:55:02 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009-08-19 08:55:02 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009-08-19 08:55:02 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-08-02 09:10:52 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Michał i Grzesio\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-07-28 00:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx http://www.fotosik.pl/pokaz_obrazek/peln...08ef4.html Tu jest screen z AVG ze ścieżką do pliku.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.