Nothing utworzono 11 listopada 2009 utworzono 11 listopada 2009 (edytowane) Witam, chciałbym powiedzieć co mi się dziś przydażyło. Chcąc dziś pobawić się silnikami gry "Tibia" ściągnąłem ten program. http://pl.unidownload.com/filedownload-Tibia-Loader-IP-Changer_743.html Po pobraniu, chciałem go zainstalować, ale wyskoczył mi błąd. <Coś o nie poprawnej nazwie pliku czy coś> Zignorowałem to i postanowiłem zainstalować to jeszcze raz. Za drugim razem się udało. Zadowolony z siebie zaczołem zabawę. Po jakiejś godzince znudzony i głodny< ;d> chciałem odinstalować ten program. Start -> Wszystkie programy -> Owy Program -> uninstall Wychodząć z pokoju zauważyłem że nie wyskoczył program do odinstalowania, tylko wiersz poleceń. Wyszedłem z pokoju. Najedzony wróciłem, chciałem w pasku zadać odpalić Mozille, wyskoczył mi komunikat że Skrót nie ma odpowiednika. Jak głupi wpatrywałem się w ten komunikat. Logicznie myśląc, pomyślałem że odpale Mozillę z E. Mój Komputer -> E gdy go zaznaczyłem zastanowiła mnie liczba dostępnego miejsca na tym dysku, gdyż przed obiadem było 202/220Gb, zaś teraz jest 202/202. Gdy otworzyłem dysk E zamarłem. Był pusty, tylko folder z avasta się ostał. I tu jest moja prośba, nie wiem co począć. Aha, jestem początkującym użytkownikiem, więc proszę o cierpliwość ew. tłumaczenie czynności. Start -> Panel Sterowania -> Dodaj/usuń programy. tam jest napisane że jest wszystko zainstalowane ale jednak nic nie ma na dysku e. Oto konfiguracja mojego blaszaka: Windows xp Home Edition Wersja 2002 Service Pack 3 ADM Althon 64x2 Dual Core Processor 5200+ 2.61 GHZ 3,00 GB Ram NVIDIA Ge Force 8500Gt Samsung HD250HJ Proszę o pomoc, gdyż te 18 giga jest dla mnie bardzo ważne. Z góry dziękuje. PS. Temat też znajduję się w Awarie Komputera, więc prosiłbym osobę zarządzającą o usunięcie tamtego tematu. ;/
ZooMpl komentarz 11 listopada 2009 komentarz 11 listopada 2009 Próbowałeś cofnąć system do czasu przed instalacją tego czegoś?
zarowaaa komentarz 11 listopada 2009 komentarz 11 listopada 2009 Skan antywirem innym niż Avast, log z Hijackthis. Sprawdź czy te foldery nie są ukryte (opcje folderów i zaznacz "pokazuj ukryte foldery").
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 [quote name='ZooMpl' date='11 listopad 2009 - 19:21 ' timestamp='1257963697' post='898571'] Próbowałeś cofnąć system do czasu przed instalacją tego czegoś? [/quote] Wyparowały mi punkty przywracania. Nie mogę nic zrobić. ;/ [quote name='Zarowaaa' date='11 listopad 2009 - 19:24 ' timestamp='1257963858' post='898574'] Skan antywirem innym niż Avast, log z Hijackthis. Sprawdź czy te foldery nie są ukryte (opcje folderów i zaznacz "pokazuj ukryte foldery"). [/quote] Jak mogę przeskanować coś czego nie mam na komputerze, ten plik też zniknął. Mam tą opcję. Log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:29, on 2009-11-11 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Tibia Client.exe O4 - User Startup: Tibia Client.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\apache.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: mysql - Unknown owner - E:\xampp\mysql\bin\mysqld.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) -- End of file - 7504 bytes
lukee8 komentarz 11 listopada 2009 komentarz 11 listopada 2009 Przeskanuj Tym : [url="http://www.programosy.pl/program,anti-malware.html"]Klik[/url] Usuń co znajdzie i daj log
ZooMpl komentarz 11 listopada 2009 komentarz 11 listopada 2009 Zakoduj log i prześlij do odpowiedniego działu tam szybciej Ci pomogą.
zarowaaa komentarz 11 listopada 2009 komentarz 11 listopada 2009 Wywal Tibia Client.exe z Autostartu, oprócz tego log czysty. Próbowałeś programów do przywracania plików?
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 Powoli, przecież mówiłem że się nie znam. Jak wywalić z Autostartu? Jaki program? ;/
ZooMpl komentarz 11 listopada 2009 komentarz 11 listopada 2009 Użyj programu CCleaner Lub Start->Uruchom->msconfig->Uruchamianie
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 (edytowane) Oki, zrobione. Teraz skanuję programem a-squared Anti-Malware. I usunę to co mi wykryje. Następnie co mam zrobić? Edit: Tam pisze że mi usunie ciastka, czyli z Mozilli zapamiętane hasła? Z tej przed wypadkiem. Wiem że prostą radą jest format, ale mam bardzo cenne dane w owych 18 gb. ;/
Psycholandia komentarz 11 listopada 2009 komentarz 11 listopada 2009 Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338 zamieść go w tagach [b][log] [/ log][/b]
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 (edytowane) Troszkę to trwało ale podołałem. ;D [log]OTL logfile created on: 2009-11-11 20:03:42 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = E:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free 4,00 Gb Paging File | 3,54 Gb Available in Paging File | 88,56% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,00 Gb Total Space | 3,84 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 18,74 Gb Free Space | 93,70% Space Free | Partition Type: NTFS Drive E: | 202,88 Gb Total Space | 202,49 Gb Free Space | 99,81% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AKATSUKI-3BC5C4 Current User Name: Rain Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-11-11 20:02:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2009-10-07 14:59:11 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2009-10-01 16:03:14 | 03,938,952 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2start.exe PRC - [2009-10-01 16:03:14 | 03,792,536 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2wizard.exe PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2service.exe PRC - [2009-09-22 15:25:58 | 18,749,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-08-24 19:33:21 | 00,189,672 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2009-08-17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-08-17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-08-17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-08-17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-08-17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-07-16 12:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009-07-16 12:20:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009-07-14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-07-13 17:47:50 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008-04-14 18:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-12-01 11:46:06 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2006-06-27 16:21:14 | 01,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2006-06-09 10:37:18 | 00,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2006-06-05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe PRC - [2005-08-11 09:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005-06-06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-11-11 20:02:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe MOD - [2008-04-14 18:20:31 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (XAMPP) SRV - File not found -- -- (SQLAgent$SONY_MEDIAMGR) SRV - File not found -- -- (mysql) SRV - File not found -- -- (MSSQL$SONY_MEDIAMGR) SRV - File not found -- -- (Apache2.2) SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2009-09-03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009-08-24 19:33:21 | 00,189,672 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2009-08-17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-08-17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-08-17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-08-17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-07-14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2009-07-13 17:47:50 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-06-02 01:24:28 | 02,841,813 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006-06-05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002-12-17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found -- -- (cpuxp) DRV - [2009-09-22 20:07:12 | 05,915,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-08-24 18:58:33 | 00,139,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2009-08-18 14:12:01 | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-08-17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-08-17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-08-17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-08-17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-08-17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-08-17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-07-14 19:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-04-29 18:51:09 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-03-15 11:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008-11-12 17:15:50 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-08-05 19:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006-10-13 07:18:30 | 00,029,536 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVicHW32.sys -- (TVICHW32) DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-05-29 08:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006-05-29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006-05-29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006-05-29 08:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2006-01-04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\S-1-5-21-746137067-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 44 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.0.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: E:\Program Files\Mozilla Firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2008-11-10 11:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Extensions [2008-11-10 11:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-11-11 11:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions [2008-11-10 12:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-08-09 14:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-19 00:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2008-11-10 11:21:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-11-10 00:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-09-29 18:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2008-11-10 12:20:07 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\searchplugins\winamp-search.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [a-squared] E:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\My applications\Tibia Client.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE File not found O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.0.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-10 10:55:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-11-11 19:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Moje dokumenty\a-squared [2009-11-11 14:44:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Rain\Recent [2009-11-10 00:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\dwhelper [2009-11-09 23:55:46 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid [2009-11-08 17:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade [2009-11-07 18:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Pulpit\zaled [2009-10-29 22:10:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-10-29 22:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\Temp [2009-10-29 22:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Google [2009-10-29 22:10:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\Google [2009-10-18 11:01:14 | 01,217,784 | ---- | C] (Valve Corporation) -- C:\Documents and Settings\Rain\Pulpit\steam.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-11-11 19:56:56 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini [2009-11-11 19:56:56 | 00,000,338 | -HS- | M] () -- C:\boot.ini [2009-11-11 19:56:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-11-11 19:43:45 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\a-squared Anti-Malware.lnk [2009-11-11 19:27:23 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\HijackThis.lnk [2009-11-11 18:15:19 | 00,238,831 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009-11-11 18:10:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-11 18:10:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-11-11 18:02:34 | 12,697,600 | ---- | M] () -- C:\Documents and Settings\Rain\ntuser.dat [2009-11-11 18:02:32 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Rain\ntuser.ini [2009-11-11 18:01:57 | 04,805,774 | -H-- | M] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-11 15:33:56 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-11-11 15:24:31 | 00,001,635 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\ClientRegistry.blob [2009-11-11 14:52:36 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk [2009-11-10 18:51:59 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-11-10 00:53:49 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-10 00:20:11 | 49,647,563 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\L5AIQ81SJ.flv [2009-11-05 21:05:36 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-10-25 13:11:52 | 00,057,064 | ---- | M] () -- C:\Documents and Settings\Rain\Moje dokumenty\fb8317ddd9.jpeg [2009-10-25 11:48:15 | 01,140,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-10-25 11:48:15 | 00,508,458 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-25 11:48:15 | 00,450,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-25 11:48:15 | 00,091,564 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-25 11:48:15 | 00,075,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-10-22 10:18:25 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009-10-22 10:18:25 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009-10-21 16:09:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-10-21 09:34:04 | 00,518,671 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\Wideo-0001.mp4 [2009-10-19 00:27:52 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Documents and Settings\Rain\Pulpit\steam.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-11-11 19:43:45 | 00,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\a-squared Anti-Malware.lnk [2009-11-11 19:27:23 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\HijackThis.lnk [2009-11-11 14:43:17 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk [2009-11-10 00:10:08 | 49,647,563 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\L5AIQ81SJ.flv [2009-11-09 23:55:46 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2009-11-05 21:05:36 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-10-25 13:11:50 | 00,057,064 | ---- | C] () -- C:\Documents and Settings\Rain\Moje dokumenty\fb8317ddd9.jpeg [2009-10-21 15:31:08 | 00,518,671 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\Wideo-0001.mp4 [2009-10-20 16:29:07 | 00,001,635 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\ClientRegistry.blob [2009-08-07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009-06-09 15:00:28 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\MPQEditor.ini [2009-04-04 18:38:18 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\lualib.dll [2009-03-17 14:18:59 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-15 16:49:14 | 00,000,000 | ---- | C] () -- C:\Program Files\AstonWriteTest.txt [2009-02-02 18:58:19 | 00,000,058 | ---- | C] () -- C:\WINDOWS\my.ini [2009-01-25 22:59:48 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\PnkBstrK.sys [2009-01-25 22:59:48 | 00,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-01-24 20:27:34 | 01,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll [2009-01-17 20:28:34 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2009-01-17 20:28:34 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll [2009-01-09 23:09:19 | 04,805,774 | -H-- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\IconCache.db [2008-12-29 23:12:55 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-12-29 11:09:48 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008-12-24 15:03:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008-11-17 22:09:39 | 00,052,736 | ---- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-12 17:15:50 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-11-10 22:04:28 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-11-10 11:48:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2008-11-10 11:21:03 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-11-10 11:21:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2008-11-10 11:21:02 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-10 11:21:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-10 11:21:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-10 11:21:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-11-10 11:21:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-11-10 11:20:04 | 00,072,832 | ---- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2008-11-10 10:58:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\desktop.ini [2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2007-04-19 23:05:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-04-19 23:05:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-04-19 23:05:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-04-19 23:05:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-04-19 23:05:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-03-02 13:00:00 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005-12-07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009-03-05 22:33:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2008-11-11 18:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations [2009-06-01 19:40:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2008-12-16 04:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-01-20 18:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU [2009-09-13 16:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2008-11-11 18:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-03-30 19:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2009-09-17 04:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-10 00:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Any Video Converter [2009-03-15 16:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Aston [2009-11-10 00:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\BESTplayer [2009-07-26 17:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\BitTorrent [2008-11-12 17:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\DAEMON Tools [2008-11-11 21:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Datalayer [2009-11-11 20:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\DNA [2009-02-12 21:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\fretsonfire [2008-11-10 11:23:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Gadu-Gadu [2009-07-25 20:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\GetRightToGo [2009-08-23 07:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\gtk-2.0 [2009-09-17 15:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Leadertech [2008-11-16 10:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Nokia [2009-07-22 11:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu [2009-07-26 21:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\OpenFM [2008-11-11 18:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\PC Suite [2009-08-21 16:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Publish Providers [2009-02-02 14:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Remere's Map Editor [2009-01-25 23:01:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\SecuROM [2009-08-21 16:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Sony [2009-02-22 14:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\SpeedSim [2009-02-19 16:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\TibiaTestserver [2006-03-02 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-11-11 18:10:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 279 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 < End of report > [/log] 2 extra [log]OTL Extras logfile created on: 2009-11-11 20:03:42 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = E:\ Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free 4,00 Gb Paging File | 3,54 Gb Available in Paging File | 88,56% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,00 Gb Total Space | 3,84 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 18,74 Gb Free Space | 93,70% Space Free | Partition Type: NTFS Drive E: | 202,88 Gb Total Space | 202,49 Gb Free Space | 99,81% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AKATSUKI-3BC5C4 Current User Name: Rain Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 File not found htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "E:\Program Files\Combat Arms EU\CombatArms.exe" = E:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found "E:\Program Files\Combat Arms EU\Engine.exe" = E:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Program Files\Metin2_PL\metin2.bin" = E:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2 -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "E:\Program Files\BitTorrent\bittorrent.exe" = E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\WINDOWS\Help\THEFORGOTTENSERVER.EXE" = C:\WINDOWS\Help\THEFORGOTTENSERVER.EXE:*:Enabled:The Forgotten Server -- File not found "E:\Program Files\Nowe Gadu-Gadu\gg.exe" = E:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "E:\Program Files\Warcraft III\Warcraft III.exe" = E:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\Program Files\Warcraft III\War3.exe" = E:\Program Files\Warcraft III\War3.exe:*:Disabled:Warcraft III -- File not found "E:\Program Files\Garena\Garena.exe" = E:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found "E:\Program Files\Steam\steamapps\bravorain55\counter-strike source\hl2.exe" = E:\Program Files\Steam\steamapps\bravorain55\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "E:\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe" = E:\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- File not found "E:\Program Files\Electronic Arts\EADM\Core.exe" = E:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found "E:\Rohan_Global\rohanclient.exe" = E:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found "E:\Program Files\GameSpy Arcade\Aphex.exe" = E:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found "E:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe" = E:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe:*:Enabled:BF2VoipServer -- File not found "E:\Program Files\Metin2_PLz\metin_99yt2_by_Mounthains.exe" = E:\Program Files\Metin2_PLz\metin_99yt2_by_Mounthains.exe:*:Enabled:metin_99yt2_by_Mounthains -- File not found "E:\Program Files\Metin2_PLz\metin longjuyt2 server2.exe" = E:\Program Files\Metin2_PLz\metin longjuyt2 server2.exe:*:Enabled:metin longjuyt2 server2 -- File not found "E:\Program Files\Metin2_PLz\metin_yt2sf_lw.exe" = E:\Program Files\Metin2_PLz\metin_yt2sf_lw.exe:*:Enabled:metin_yt2sf_lw -- File not found "E:\Program Files\Metin2_PLz\Metin2Mod.bin" = E:\Program Files\Metin2_PLz\Metin2Mod.bin:*:Enabled:Metin2Mod -- File not found "E:\Program Files\Metin2_PL\metin2client.bin" = E:\Program Files\Metin2_PL\metin2client.bin:*:Enabled:metin2client -- File not found "E:\Program Files\Metin2_PLzxDdas\Metin2Mod.bin" = E:\Program Files\Metin2_PLzxDdas\Metin2Mod.bin:*:Enabled:Metin2Mod -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "E:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = E:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War -- File not found "E:\Program Files\Steam\steam.exe" = E:\Program Files\Steam\steam.exe:*:Enabled:Steam -- File not found "E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player "{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™ "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0e "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 2.6.7 "a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5 "Audacity_is1" = Audacity 1.2.6 "avast!" = avast! Antivirus "BitTorrent" = BitTorrent 5.0.4 "CCleaner" = CCleaner (remove only) "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "EADM" = EA Download Manager "FastStone Capture" = FastStone Capture 5.3 "Fraps" = Fraps (remove only) "GameSpy Arcade" = GameSpy Arcade "Garena" = Garena "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna "KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "RADVideo" = RAD Video Tools "Steam App 500" = Left 4 Dead "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TVicHW32_is1" = TVicHW32 Version 1.0 "Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.4.5 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Companion" = Yahoo! Companion [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Warcraft III" = Warcraft III: wszystkie elementy [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2009-06-20 17:28:22 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cert8.db failed, 0000001E. Error - 2009-06-20 17:32:04 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cert8.db failed, 0000001E. Error - 2009-06-22 05:44:22 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Unhandled exception in AavmProviderStop [Inner], MAIL. Error - 2009-07-08 10:00:40 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://dfn.dl.sourceforge.net/sourceforge/gparted/gparted-live-0.4.5-3.iso failed, 00000084. Error - 2009-11-05 15:03:21 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/complete/search?hl=pl&pq=renesans%20w%20polsce&q=Literatura%20Renesansu%20w%20polsc&cp=28 failed, 0000A413. Error - 2009-11-05 15:03:21 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/complete/search?hl=pl&pq=renesans%20w%20polsce&q=Literatura%20Renesansu%20w%20polsce&cp=29 failed, 0000A413. Error - 2009-11-05 15:16:00 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/complete/search?hl=pl&pq=Nauka%20Renesansowa%20w%20polsce&q=Odkrycia%20naukowe%20w%20re&cp=21 failed, 0000A413. Error - 2009-11-05 19:46:15 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://www.web-search-home.com/chkresources failed, 0000A413. Error - 2009-11-08 13:00:01 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/complete/search?hl=pl&pq=Mario%20remix&q=commodore%2064%20contra%20r&cp=21 failed, 0000A413. Error - 2009-11-09 18:48:28 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.pl/complete/search?hl=pl&q=Strona%20z%20porn&cp=13 failed, 0000A413. [ Application Events ] Error - 2009-07-23 14:48:19 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd firefox.exe, wersja 1.9.1.3483, moduł powodujący błąd dttoolbarff.dll, wersja 1.0.0.5, adres błędu 0x000a10c0. Error - 2009-07-26 12:51:47 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bittorrent.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00690001. Error - 2009-08-03 07:40:10 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kb.exe, wersja 0.0.0.0, moduł powodujący błąd kb.exe, wersja 0.0.0.0, adres błędu 0x0027b1d5. Error - 2009-08-03 07:41:11 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kb.exe, wersja 0.0.0.0, moduł powodujący błąd kb.exe, wersja 0.0.0.0, adres błędu 0x0027b1d5. Error - 2009-08-03 07:41:16 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1001 Description = Pakiet błędów 1396699126. Error - 2009-08-03 13:01:05 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd hl2.exe, wersja 0.0.0.0, moduł powodujący błąd datacache.dll, wersja 0.0.0.0, adres błędu 0x0000b423. Error - 2009-08-03 16:18:28 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd dxdiag.exe, wersja 5.3.2600.5512, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0001b21a. Error - 2009-08-07 15:16:04 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca hl2.exe, wersja 0.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-08-08 05:49:31 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd firefox.exe, wersja 1.9.1.3497, moduł powodujący błąd dttoolbarff.dll, wersja 1.0.0.5, adres błędu 0x000a10c0. Error - 2009-08-08 19:01:08 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd hl2.exe, wersja 0.0.0.0, moduł powodujący błąd studiorender.dll, wersja 0.0.0.0, adres błędu 0x0003198a. [ System Events ] Error - 2009-10-23 09:02:28 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 2009-10-23 10:20:13 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 2009-10-23 16:31:59 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu: %%3 Error - 2009-10-23 16:31:59 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3 Error - 2009-10-23 16:32:22 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 2009-10-23 16:41:25 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu: %%3 Error - 2009-10-23 16:41:25 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3 Error - 2009-10-23 16:46:52 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 2009-10-24 07:17:06 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu: %%3 Error - 2009-10-24 07:17:06 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3 < End of report > [/log]Log z programu a-squared Anti-Malware [log]a-squared Anti-Malware - wersja %S 4.5 Ost. aktualizacja: 2009-11-11 19:50:40 Ustawienia skanu: Typ skanu: N/A Obiekty: Pamięć, Ślady, Ciastka, C:\, D:\, E:\ Skan archiw: Włącz Heurestyka: Wyłącz Skan reklam: Włącz Skan wystartował: 2009-11-11 19:50:49 c:\documents and settings\rain\menu start\programy\gamespy arcade Wykryto: Trace.Directory.GameSpy Arcade!A2 Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Cmd1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2 Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Preview1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2 Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Title1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2 c:\documents and settings\all users\menu start\programy\bittorrent\bittorrent.lnk Wykryto: Trace.File.Bittorrent 5.0!A2 Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\GameSpy\GameSpy Arcade --> InstDir Wykryto: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\GameSpy\GameSpy Arcade --> InstDir Wykryto: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> DisplayName Wykryto: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> UninstallString Wykryto: Trace.Registry.GameSpy Arcade!A2 C:\Documents and Settings\Rain\Cookies\rain@doubleclick[2].txt Wykryto: Trace.TrackingCookie.doubleclick!A2 C:\Documents and Settings\Rain\Cookies\rain@smartadserver[1].txt Wykryto: Trace.TrackingCookie.smartadserver!A2 C:\Documents and Settings\Rain\Cookies\rain@tradedoubler[1].txt Wykryto: Trace.TrackingCookie.tradedoubler!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256853839015000 Wykryto: Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994989468001 Wykryto: Trace.TrackingCookie.promo.awempire.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953000 Wykryto: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953001 Wykryto: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953003 Wykryto: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000914734000 Wykryto: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000914734001 Wykryto: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562000 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562002 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257087555453000 Wykryto: Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257142798515000 Wykryto: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257264767703000 Wykryto: Trace.TrackingCookie.ads.crakmedia.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447746968000 Wykryto: Trace.TrackingCookie.adserv!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447750921000 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447750937003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257452411125000 Wykryto: Trace.TrackingCookie.myspace.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257452411125001 Wykryto: Trace.TrackingCookie.myspace.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257698925671000 Wykryto: Trace.TrackingCookie.myspace.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257698925671003 Wykryto: Trace.TrackingCookie.myspace.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257705670984001 Wykryto: Trace.TrackingCookie.www.burstnet.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257705699000003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257876618890002 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257933966812001 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257933968312004 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257934063812002 Wykryto: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257934063812003 Wykryto: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984000 Wykryto: Trace.TrackingCookie.azjmp.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984001 Wykryto: Trace.TrackingCookie.azjmp.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984002 Wykryto: Trace.TrackingCookie.azjmp.com!A2 C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984003 Wykryto: Trace.TrackingCookie.azjmp.com!A2 C:\Documents and Settings\Rain\Menu Start\Programy\Autostart\smgr32.exe Wykryto: Trojan-Dropper.Gen2!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesA.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesHP.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPDE.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPIT.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesA.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesHP.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesPDE.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesPIT.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Pulpit\Słony Wegas\keygen.exe Wykryto: Generic.Win32.Malware!IK C:\Documents and Settings\Rain\Pulpit\Słony Wegas\SonyVegas7_Keygen_and_Scan.rar/keygen.exe Wykryto: Generic.Win32.Malware!IK C:\Program Files\Temp\temporary2.exe Wykryto: Trojan-Downloader.Win32.Small!IK Przeskanowano Pliki: 65362 Ślady: 644428 Ciastka: 617 Procesy: 48 Wykryte Pliki: 12 Ślady: 9 Ciastka: 35 Procesy: 0 Klucze rejestru: 0 Koniec skanu: 2009-11-11 20:11:17 Skan trwał: 0:20:28 C:\Program Files\Temp\temporary2.exe Skasowany Trojan-Downloader.Win32.Small!IK C:\Documents and Settings\Rain\Pulpit\Słony Wegas\keygen.exe Skasowany Generic.Win32.Malware!IK C:\Documents and Settings\Rain\Pulpit\Słony Wegas\SonyVegas7_Keygen_and_Scan.rar/keygen.exe Skasowany Generic.Win32.Malware!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesA.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesHP.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPDE.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPIT.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesA.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK C:\Documents and Settings\Rain\Menu Start\Programy\Autostart\smgr32.exe Skasowany Trojan-Dropper.Gen2!IK Skasowany Pliki: 20 Ślady: 0 Ciastka: 0 [/log]
Psycholandia komentarz 11 listopada 2009 komentarz 11 listopada 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (file missing) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.) O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] :Files C:\Program Files\Yahoo!\Companion\Installs D:\autorun.inf C:\autorun.inf :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 Proszę. [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2775 Windows 5.1.2600 Dodatek Service Pack 3 2009-11-11 20:57:41 mbam-log-2009-11-11 (20-57-41).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowane obiekty: 132215 Upłynęło: 13 minute(s), 51 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) [/log] Podczas skanowania awast wykrył jakiegoś wirusa, zignorowałem go. Co dalej?
Nothing komentarz 11 listopada 2009 Autor komentarz 11 listopada 2009 (edytowane) win 32:Malware-gen W pliku avasta, znalazłem jego nazwę, i znam jego lokalizację. Mam pytanie, czy jest szansa na odzyskanie danych?
ZooMpl komentarz 11 listopada 2009 komentarz 11 listopada 2009 Spróbuj programami do odzyskiwania skasowanych danych, część odzyskasz(wszystkie przy szczęściu)
Nothing komentarz 12 listopada 2009 Autor komentarz 12 listopada 2009 (edytowane) Czyli że co? Jak to mam zrobić? Ale te dane nie zostały skasowane, nadal tam są.Proszę, pomóżcie. ;/Co mam dalej zrobić?
danielek316 komentarz 12 listopada 2009 komentarz 12 listopada 2009 Ściągnąć program do odzyskiwania danych i próbować. Tu masz do wyboru: http://www.download.net.pl/c96/Odzyskiwanie-danych/ Ja osobiście używałem tego: http://www.download.net.pl/1612/PC-Inspector-Smart-Recovery/
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.