asmodeuszz utworzono 7 września 2009 utworzono 7 września 2009 Witam, proszę o sprawdzenie... Wypadek przypadek... Pojawiły mi się nowe procesy, wywaliłem je z autostartu za pomocą msconfiga ( usługi również ), ale nie mam pewności... Log do sprawdzenia OTL logfile created on: 2009-09-07 23:02:01 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Cyprek\Pulpit\Nowy folder Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,47 Mb Total Physical Memory | 622,47 Mb Available Physical Memory | 60,82% Memory free 1,65 Gb Paging File | 1,26 Gb Available in Paging File | 76,07% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,03 Gb Total Space | 3,20 Gb Free Space | 31,87% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,99 Gb Free Space | 99,35% Space Free | Partition Type: NTFS Drive E: | 25,23 Gb Total Space | 11,03 Gb Free Space | 43,74% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 232,88 Gb Total Space | 100,52 Gb Free Space | 43,17% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: HOUSE Current User Name: Cyprek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008-08-30 07:57:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe PRC - [2006-11-10 17:12:30 | 00,099,936 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008-07-15 09:42:24 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-08-30 07:57:07 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2008-12-07 12:44:55 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-08-15 13:30:09 | 00,307,704 | ---- | M] (Mozilla Corporation) -- H:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-09-07 23:00:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyprek\Pulpit\Nowy folder\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009-09-07 22:49:15 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\civikouz.exe -- (a8a2oqeana5y6tn1 [Disabled | Stopped]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Disabled | Stopped]) SRV - [2008-08-30 07:57:07 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) SRV - [2008-08-30 07:57:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2004-08-23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe -- (FTRTSVC [Auto | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2006-11-10 17:12:30 | 00,099,936 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running]) SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009-02-09 14:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped]) SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped]) SRV - File not found -- -- (ummeaq192zuj [Disabled | Stopped]) SRV - [2001-12-21 16:31:22 | 00,053,248 | ---- | M] () -- C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe -- (UserAccess [Disabled | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2005-11-30 17:12:22 | 00,029,440 | ---- | M] (Siemens AG) -- C:\WINDOWS\System32\drivers\actser.sys -- (actser [On_Demand | Running]) DRV - [2005-05-18 11:50:30 | 02,319,680 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2005-03-09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Stopped]) DRV - [2006-11-10 15:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running]) DRV - [2007-08-04 14:26:55 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running]) DRV - [2008-08-30 07:57:05 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) DRV - [2008-07-15 09:42:24 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) DRV - [2008-07-15 09:42:32 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [Auto | Running]) DRV - [2009-03-27 01:16:28 | 00,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped]) DRV - [2002-08-16 11:10:04 | 00,008,506 | R--- | M] (Dst provider) -- C:\WINDOWS\System32\DRIVERS\DstAudio.sys -- (DstAudio [On_Demand | Stopped]) DRV - [2002-08-16 11:10:04 | 00,019,171 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\DstVideo.sys -- (DstVideo [On_Demand | Stopped]) DRV - [2004-06-20 04:28:00 | 00,010,330 | R--- | M] (TwinHan Provide) -- C:\WINDOWS\System32\DRIVERS\DtvAudio.sys -- (DtvAudio [On_Demand | Running]) DRV - [2004-06-20 04:28:00 | 00,025,600 | R--- | M] (TwinHan Provide) -- C:\WINDOWS\System32\DRIVERS\DtvVideo.sys -- (DtvVideo [On_Demand | Running]) DRV - [2006-09-19 11:03:28 | 00,116,992 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\System32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Running]) DRV - [1996-04-03 21:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running]) DRV - [2004-05-02 10:47:08 | 00,023,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped]) DRV - [2006-09-15 11:07:54 | 00,064,000 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (IKANLOADER2 [Auto | Stopped]) DRV - [2007-08-04 14:26:53 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running]) DRV - [2009-02-09 14:18:00 | 06,307,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2005-05-17 11:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [boot | Running]) DRV - [2005-04-05 21:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2005-04-05 21:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2003-08-04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2004-07-17 11:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2005-03-03 19:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-02-23 17:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2004-12-03 12:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [boot | Running]) DRV - [2006-09-24 15:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running]) DRV - [2005-11-30 17:12:20 | 00,015,264 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\vsb.sys -- (vsbus [On_Demand | Stopped]) DRV - [2005-11-30 17:12:20 | 00,047,744 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\vserial.sys -- (vserial [On_Demand | Stopped]) DRV - [2003-12-21 17:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\xmasbus.sys -- (xmasbus [boot | Running]) DRV - [2003-12-23 02:15:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-789336058-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-789336058-651377827-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () IE - HKU\S-1-5-21-789336058-651377827-839522115-1003\S-1-5-21-789336058-651377827-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.0.0 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.15 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.5 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2008-07-16 12:04:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2009-08-18 15:27:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2009-08-15 13:30:17 | 00,000,000 | ---D | M] [2008-12-19 23:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Extensions [2008-12-19 23:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-07 15:52:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Firefox\Profiles\aztmm94b.default\extensions [2009-06-13 10:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Firefox\Profiles\aztmm94b.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2009-08-25 19:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Firefox\Profiles\aztmm94b.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2008-11-29 13:52:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Firefox\Profiles\aztmm94b.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2008-10-01 19:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\mozilla\Firefox\Profiles\aztmm94b.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKU\S-1-5-21-789336058-651377827-839522115-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKU\.DEFAULT..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe () O4 - HKU\S-1-5-18..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe () O4 - Startup: C:\Documents and Settings\Cyprek\Menu Start\Programy\Autostart\ikowin32.exe (Wpwehyy Xojladekhaj) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-789336058-651377827-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-789336058-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-789336058-651377827-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-789336058-651377827-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - H:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-07-20 11:14:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-01 14:57:18 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{06ce6d72-8c6c-11dd-a96f-4d6564696130}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe O33 - MountPoints2\{06ce6d72-8c6c-11dd-a96f-4d6564696130}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-09-07 23:01:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyprek\Pulpit\Nowy folder [2009-09-07 22:49:15 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\tehoquoozo.exe [2009-09-07 22:45:06 | 00,000,545 | ---- | C] () -- C:\Documents and Settings\Cyprek\Pulpit\NeuroClient.jnlp [2009-09-05 20:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyprek\Pulpit\100_FUJI [2009-09-04 21:16:38 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Cyprek\Pulpit\1.doc [2009-08-25 17:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\AP Tuner [2009-04-13 10:38:49 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-03-12 11:53:15 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-03-12 11:53:15 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-03-12 11:53:14 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-03-12 11:53:12 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009-02-04 14:18:18 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008-11-29 09:06:02 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-10-05 14:06:40 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-09-04 19:10:36 | 00,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI [2008-06-29 20:48:48 | 00,311,128 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll [2008-06-29 20:48:46 | 01,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007-11-26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-09-30 17:32:42 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007-09-13 12:26:56 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007-09-13 12:17:00 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2007-09-13 12:17:00 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2007-09-13 12:17:00 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2007-09-08 11:46:08 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007-09-05 17:52:02 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll [2007-09-05 17:52:01 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\kakle.dll [2007-09-05 17:51:55 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007-09-05 17:51:55 | 00,000,005 | ---- | C] () -- C:\WINDOWS\subtot.dll [2007-08-04 16:02:00 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2007-08-04 16:01:57 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2007-08-04 16:01:46 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2007-08-04 16:01:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2007-08-04 16:01:21 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007-08-04 16:00:49 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-08-04 14:26:55 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007-08-04 14:26:53 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007-07-23 13:51:37 | 00,140,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasbus.sys [2007-07-23 13:51:37 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasscsi.sys [2007-07-20 16:52:30 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007-07-20 16:19:30 | 00,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2007-07-20 16:19:30 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2007-07-20 16:19:25 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2007-07-20 16:19:24 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2007-07-20 15:54:36 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2007-07-20 15:54:17 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2007-07-20 12:08:00 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2007-07-20 11:29:14 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2007-07-20 11:29:03 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2007-07-20 11:20:03 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys [2006-11-10 15:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2005-11-30 17:12:20 | 00,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys [2005-11-30 17:12:20 | 00,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys [2004-08-04 02:44:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2002-09-29 00:00:00 | 00,000,518 | ---- | C] () -- C:\WINDOWS\win.ini [2002-09-29 00:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2009-09-07 23:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2009-09-07 22:56:15 | 40,744,579 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009-09-07 22:56:15 | 00,090,541 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009-09-07 22:53:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-07 22:53:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-07 22:52:53 | 00,000,518 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-07 22:52:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-07 22:49:15 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\tehoquoozo.exe [2009-09-07 22:45:06 | 00,000,545 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\NeuroClient.jnlp [2009-09-07 22:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2009-09-07 21:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2009-09-07 20:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2009-09-07 19:33:58 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\Skype.lnk [2009-09-07 19:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2009-09-07 18:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2009-09-07 17:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2009-09-07 16:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2009-09-07 15:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2009-09-07 14:44:34 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\1.doc [2009-09-06 14:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2009-09-06 13:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2009-09-06 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2009-09-06 11:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2009-09-06 10:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2009-09-06 09:41:31 | 00,181,248 | ---- | M] () -- C:\Documents and Settings\Cyprek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-06 09:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2009-09-05 08:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2009-09-05 07:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2009-09-04 20:06:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-01 17:13:03 | 01,104,180 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-09-01 17:13:03 | 00,494,986 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-09-01 17:13:03 | 00,436,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-09-01 17:13:03 | 00,087,304 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-09-01 17:13:03 | 00,070,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-09-01 00:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2009-08-31 12:28:07 | 00,070,013 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\PICT5309.JPG [2009-08-30 15:50:34 | 00,001,195 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\Muzyka.lnk [2009-08-30 15:37:14 | 00,000,416 | ---- | M] () -- C:\Documents and Settings\Cyprek\Pulpit\Zdjęcia.lnk [2009-08-23 00:36:19 | 02,109,168 | -H-- | M] () -- C:\Documents and Settings\Cyprek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-22 01:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2009-08-16 02:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At3.job ========== LOP Check ========== [2009-03-04 10:44:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-01-17 01:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy [2008-12-29 12:51:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2009-07-04 15:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2007-08-29 14:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2009-03-04 10:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3 [2008-03-29 18:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Friday's games [2008-10-05 12:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9 [2009-01-16 22:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited [2009-01-30 10:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Total Gameplay [2009-06-13 10:19:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji [2007-11-15 09:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\Ahead [2009-06-11 16:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\ATI [2007-09-30 17:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\Corel [2009-05-14 15:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\Cream Software [2007-08-29 14:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\CyberLink [2007-11-11 22:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\Emisja [2007-07-20 12:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\Gadu-Gadu [2008-10-05 12:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\GameHouse [2007-10-25 19:27:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\SecuROM [2009-06-13 10:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\The Path [2008-04-20 11:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\XCPCSync.OEM [2007-10-02 22:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyprek\Dane aplikacji\ZPKSoft [2007-07-20 12:06:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2007-07-20 17:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2007-07-20 11:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-09-01 00:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2009-09-06 09:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2009-09-06 10:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2009-09-06 11:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2009-09-06 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2009-09-06 13:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2009-09-06 14:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2009-09-07 15:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2009-09-07 16:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2009-09-07 17:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2009-09-07 18:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2009-08-22 01:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2009-09-07 19:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2009-09-07 20:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2009-09-07 21:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2009-09-07 22:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2009-09-07 23:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2009-08-16 02:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2009-01-01 04:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2009-01-01 05:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2009-01-01 06:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2009-01-01 07:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2009-09-05 07:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2009-09-05 08:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2002-09-29 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-07 22:53:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
Psycholandia komentarz 7 września 2009 komentarz 7 września 2009 1. Plik: C:\WINDOWS\System32\tehoquoozo.exe przeskanuj na: http://www.virustotal.com/pl/ 2. O4 - HKU\.DEFAULT..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe ()O4 - HKU\S-1-5-18..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe () - znasz te dwa wpisy? 3. Przeskanuj komputer tym: http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
Gość komentarz 8 września 2009 komentarz 8 września 2009 Andziu, Script lepiej by był taki: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-04-01 14:57:18 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2009-04-01 14:57:17 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not foundO16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O4 - HKU\.DEFAULT..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe ()O4 - HKU\S-1-5-18..\Run: [zodicus] C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe ()O4 - Startup: C:\Documents and Settings\Cyprek\Menu Start\Programy\Autostart\ikowin32.exe (Wpwehyy Xojladekhaj)O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)SRV - [2009-09-07 22:49:15 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\civikouz.exe -- (a8a2oqeana5y6tn1 [Disabled | Stopped]):FilesC:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\civikouz.exeC:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exe C:\Documents and Settings\Cyprek\Menu Start\Programy\Autostart\ikowin32.exeC:\WINDOWS\System32\tehoquoozo.exeC:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\hiko.exeC:\WINDOWS\tasks\At24.jobC:\WINDOWS\tasks\At23.jobC:\WINDOWS\tasks\At22.jobC:\WINDOWS\tasks\At21.jobC:\WINDOWS\tasks\At20.jobC:\WINDOWS\tasks\At19.jobC:\WINDOWS\tasks\At18.jobC:\WINDOWS\tasks\At17.jobC:\WINDOWS\tasks\At16.jobC:\WINDOWS\tasks\At15.jobC:\WINDOWS\tasks\At14.jobC:\WINDOWS\tasks\At13.jobC:\WINDOWS\tasks\At12.jobC:\WINDOWS\tasks\At11.jobC:\WINDOWS\tasks\At10.jobC:\WINDOWS\tasks\At9.jobC:\WINDOWS\tasks\At8.jobC:\WINDOWS\Tasks\At7.jobC:\WINDOWS\Tasks\At6.jobC:\WINDOWS\Tasks\At5.jobC:\WINDOWS\Tasks\At4.jobC:\WINDOWS\tasks\At3.jobC:\WINDOWS\tasks\At2.jobC:\WINDOWS\tasks\At1.jobC:\WINDOWS\System32\physxcudart_20.dllC:\RECYCLERD:\RECYCLERE:\RECYCLER:Servicesa8a2oqeana5y6tn1:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]:Commands[emptytemp][start explorer][Reboot]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.