x-kom hosting

Tajemnica, Dysk E, Zniknięcie Danych

Nothing
utworzono
utworzono (edytowane)

Witam,
chciałbym powiedzieć co mi się dziś przydażyło.
Chcąc dziś pobawić się silnikami gry "Tibia" ściągnąłem ten program.
http://pl.unidownload.com/filedownload-Tibia-Loader-IP-Changer_743.html
Po pobraniu, chciałem go zainstalować, ale wyskoczył mi błąd.
<Coś o nie poprawnej nazwie pliku czy coś>
Zignorowałem to i postanowiłem zainstalować to jeszcze raz.
Za drugim razem się udało.
Zadowolony z siebie zaczołem zabawę.
Po jakiejś godzince znudzony i głodny< ;d>
chciałem odinstalować ten program.
Start -> Wszystkie programy -> Owy Program -> uninstall
Wychodząć z pokoju zauważyłem że nie wyskoczył program do odinstalowania, tylko wiersz poleceń.
Wyszedłem z pokoju.
Najedzony wróciłem, chciałem w pasku zadać odpalić Mozille, wyskoczył mi komunikat że Skrót nie ma odpowiednika.
Jak głupi wpatrywałem się w ten komunikat.
Logicznie myśląc, pomyślałem że odpale Mozillę z E.
Mój Komputer -> E
gdy go zaznaczyłem zastanowiła mnie liczba dostępnego miejsca na tym dysku, gdyż przed obiadem było 202/220Gb, zaś teraz jest 202/202.
Gdy otworzyłem dysk E zamarłem.
Był pusty, tylko folder z avasta się ostał.
I tu jest moja prośba, nie wiem co począć.
Aha, jestem początkującym użytkownikiem, więc proszę o cierpliwość ew. tłumaczenie czynności.
Start -> Panel Sterowania -> Dodaj/usuń programy.
tam jest napisane że jest wszystko zainstalowane ale jednak nic nie ma na dysku e.

Oto konfiguracja mojego blaszaka:
Windows xp Home Edition
Wersja 2002
Service Pack 3
ADM Althon 64x2 Dual Core Processor 5200+ 2.61 GHZ
3,00 GB Ram
NVIDIA Ge Force 8500Gt
Samsung HD250HJ
Proszę o pomoc, gdyż te 18 giga jest dla mnie bardzo ważne.
Z góry dziękuje.

PS. Temat też znajduję się w Awarie Komputera, więc prosiłbym osobę zarządzającą o usunięcie tamtego tematu.
;/

ZooMpl
komentarz
komentarz

Próbowałeś cofnąć system do czasu przed instalacją tego czegoś?

zarowaaa
komentarz
komentarz

Skan antywirem innym niż Avast, log z Hijackthis. Sprawdź czy te foldery nie są ukryte (opcje folderów i zaznacz "pokazuj ukryte foldery").

Nothing
komentarz
komentarz

[quote name='ZooMpl' date='11 listopad 2009 - 19:21 ' timestamp='1257963697' post='898571']
Próbowałeś cofnąć system do czasu przed instalacją tego czegoś?
[/quote]
Wyparowały mi punkty przywracania.
Nie mogę nic zrobić. ;/


[quote name='Zarowaaa' date='11 listopad 2009 - 19:24 ' timestamp='1257963858' post='898574']
Skan antywirem innym niż Avast, log z Hijackthis. Sprawdź czy te foldery nie są ukryte (opcje folderów i zaznacz "pokazuj ukryte foldery").
[/quote]
Jak mogę przeskanować coś czego nie mam na komputerze, ten plik też zniknął.
Mam tą opcję.
Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:29, on 2009-11-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tibia Client.exe
O4 - User Startup: Tibia Client.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Unknown owner - E:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: mysql - Unknown owner - E:\xampp\mysql\bin\mysqld.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--
End of file - 7504 bytes

lukee8
komentarz
komentarz

Przeskanuj Tym : [url="http://www.programosy.pl/program,anti-malware.html"]Klik[/url]
Usuń co znajdzie i daj log

ZooMpl
komentarz
komentarz

Zakoduj log i prześlij do odpowiedniego działu tam szybciej Ci pomogą.

Nothing
komentarz
komentarz

Zakoduj log?
Nie rozumiem.

zarowaaa
komentarz
komentarz

Wywal Tibia Client.exe z Autostartu, oprócz tego log czysty. Próbowałeś programów do przywracania plików?

Nothing
komentarz
komentarz

Powoli, przecież mówiłem że się nie znam.
Jak wywalić z Autostartu?
Jaki program? ;/

ZooMpl
komentarz
komentarz

Użyj programu CCleaner

Lub Start->Uruchom->msconfig->Uruchamianie

Nothing
komentarz
komentarz (edytowane)

Oki, zrobione.
Teraz skanuję programem a-squared Anti-Malware.
I usunę to co mi wykryje.
Następnie co mam zrobić?
Edit:
Tam pisze że mi usunie ciastka, czyli z Mozilli zapamiętane hasła?
Z tej przed wypadkiem.
Wiem że prostą radą jest format, ale mam bardzo cenne dane w owych 18 gb. ;/

Psycholandia
komentarz
komentarz

Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
zamieść go w tagach [b][log] [/ log][/b]

Nothing
komentarz
komentarz (edytowane)

Troszkę to trwało ale podołałem. ;D
[log]OTL logfile created on: 2009-11-11 20:03:42 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = E:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,54 Gb Available in Paging File | 88,56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 3,84 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 18,74 Gb Free Space | 93,70% Space Free | Partition Type: NTFS
Drive E: | 202,88 Gb Total Space | 202,49 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AKATSUKI-3BC5C4
Current User Name: Rain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-11 20:02:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009-10-07 14:59:11 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009-10-01 16:03:14 | 03,938,952 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2start.exe
PRC - [2009-10-01 16:03:14 | 03,792,536 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2wizard.exe
PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2service.exe
PRC - [2009-09-22 15:25:58 | 18,749,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-08-24 19:33:21 | 00,189,672 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009-08-17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-08-17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-08-17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-08-17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-08-17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-07-16 12:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-07-16 12:20:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-07-14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-07-13 17:47:50 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008-04-14 18:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-12-01 11:46:06 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2006-06-27 16:21:14 | 01,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2006-06-09 10:37:18 | 00,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2006-06-05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005-08-11 09:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005-06-06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-11 20:02:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008-04-14 18:20:31 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found -- -- (XAMPP)
SRV - File not found -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found -- -- (mysql)
SRV - File not found -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found -- -- (Apache2.2)
SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009-09-03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009-08-24 19:33:21 | 00,189,672 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009-08-17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-08-17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-08-17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-08-17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009-07-13 17:47:50 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-06-02 01:24:28 | 02,841,813 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006-06-05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002-12-17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found -- -- (cpuxp)
DRV - [2009-09-22 20:07:12 | 05,915,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-08-24 18:58:33 | 00,139,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009-08-18 14:12:01 | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-08-17 17:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-08-17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-08-17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-08-17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-08-17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-08-17 17:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-07-14 19:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-04-29 18:51:09 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-03-15 11:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-11-12 17:15:50 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-08-05 19:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-10-13 07:18:30 | 00,029,536 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-29 08:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006-05-29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006-05-29 08:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006-05-29 08:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006-01-04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\S-1-5-21-746137067-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.0.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: E:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

[2008-11-10 11:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Extensions
[2008-11-10 11:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-11 11:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions
[2008-11-10 12:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-08-09 14:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-19 00:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2008-11-10 11:21:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-11-10 00:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-09-29 18:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008-11-10 12:20:07 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\searchplugins\winamp-search.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [a-squared] E:\Program Files\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\My applications\Tibia Client.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.0.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-11-10 10:55:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-11 19:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Moje dokumenty\a-squared
[2009-11-11 14:44:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Rain\Recent
[2009-11-10 00:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\dwhelper
[2009-11-09 23:55:46 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009-11-08 17:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2009-11-07 18:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Pulpit\zaled
[2009-10-29 22:10:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google
[2009-10-29 22:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\Temp
[2009-10-29 22:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009-10-29 22:10:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\Google
[2009-10-18 11:01:14 | 01,217,784 | ---- | C] (Valve Corporation) -- C:\Documents and Settings\Rain\Pulpit\steam.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-11 19:56:56 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-11 19:56:56 | 00,000,338 | -HS- | M] () -- C:\boot.ini
[2009-11-11 19:56:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-11 19:43:45 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\a-squared Anti-Malware.lnk
[2009-11-11 19:27:23 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\HijackThis.lnk
[2009-11-11 18:15:19 | 00,238,831 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-11-11 18:10:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-11 18:10:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-11 18:02:34 | 12,697,600 | ---- | M] () -- C:\Documents and Settings\Rain\ntuser.dat
[2009-11-11 18:02:32 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Rain\ntuser.ini
[2009-11-11 18:01:57 | 04,805,774 | -H-- | M] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-11 15:33:56 | 00,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-11 15:24:31 | 00,001,635 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\ClientRegistry.blob
[2009-11-11 14:52:36 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2009-11-10 18:51:59 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2009-11-10 00:53:49 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-10 00:20:11 | 49,647,563 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\L5AIQ81SJ.flv
[2009-11-05 21:05:36 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-10-25 13:11:52 | 00,057,064 | ---- | M] () -- C:\Documents and Settings\Rain\Moje dokumenty\fb8317ddd9.jpeg
[2009-10-25 11:48:15 | 01,140,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-25 11:48:15 | 00,508,458 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-25 11:48:15 | 00,450,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-25 11:48:15 | 00,091,564 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-25 11:48:15 | 00,075,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-22 10:18:25 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-10-22 10:18:25 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009-10-21 16:09:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-21 09:34:04 | 00,518,671 | ---- | M] () -- C:\Documents and Settings\Rain\Pulpit\Wideo-0001.mp4
[2009-10-19 00:27:52 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Documents and Settings\Rain\Pulpit\steam.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-11 19:43:45 | 00,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\a-squared Anti-Malware.lnk
[2009-11-11 19:27:23 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\HijackThis.lnk
[2009-11-11 14:43:17 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk
[2009-11-10 00:10:08 | 49,647,563 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\L5AIQ81SJ.flv
[2009-11-09 23:55:46 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009-11-05 21:05:36 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-10-25 13:11:50 | 00,057,064 | ---- | C] () -- C:\Documents and Settings\Rain\Moje dokumenty\fb8317ddd9.jpeg
[2009-10-21 15:31:08 | 00,518,671 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\Wideo-0001.mp4
[2009-10-20 16:29:07 | 00,001,635 | ---- | C] () -- C:\Documents and Settings\Rain\Pulpit\ClientRegistry.blob
[2009-08-07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-06-09 15:00:28 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\MPQEditor.ini
[2009-04-04 18:38:18 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\lualib.dll
[2009-03-17 14:18:59 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-15 16:49:14 | 00,000,000 | ---- | C] () -- C:\Program Files\AstonWriteTest.txt
[2009-02-02 18:58:19 | 00,000,058 | ---- | C] () -- C:\WINDOWS\my.ini
[2009-01-25 22:59:48 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\PnkBstrK.sys
[2009-01-25 22:59:48 | 00,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-01-24 20:27:34 | 01,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2009-01-17 20:28:34 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009-01-17 20:28:34 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009-01-09 23:09:19 | 04,805,774 | -H-- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-12-29 23:12:55 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-12-29 11:09:48 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008-12-24 15:03:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-11-17 22:09:39 | 00,052,736 | ---- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-12 17:15:50 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-11-10 22:04:28 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-11-10 11:48:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-11-10 11:21:03 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-11-10 11:21:03 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-11-10 11:21:02 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-11-10 11:21:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-11-10 11:21:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-10 11:21:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-11-10 11:21:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-11-10 11:20:04 | 00,072,832 | ---- | C] () -- C:\Documents and Settings\Rain\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-11-10 10:58:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rain\Dane aplikacji\desktop.ini
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007-04-19 23:05:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-04-19 23:05:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-04-19 23:05:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-04-19 23:05:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-04-19 23:05:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-03-02 13:00:00 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-12-07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-03-05 22:33:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2008-11-11 18:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2009-06-01 19:40:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2008-12-16 04:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-01-20 18:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2009-09-13 16:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-11-11 18:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-03-30 19:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony
[2009-09-17 04:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-11-10 00:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Any Video Converter
[2009-03-15 16:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Aston
[2009-11-10 00:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\BESTplayer
[2009-07-26 17:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\BitTorrent
[2008-11-12 17:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\DAEMON Tools
[2008-11-11 21:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Datalayer
[2009-11-11 20:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\DNA
[2009-02-12 21:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\fretsonfire
[2008-11-10 11:23:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Gadu-Gadu
[2009-07-25 20:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\GetRightToGo
[2009-08-23 07:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\gtk-2.0
[2009-09-17 15:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Leadertech
[2008-11-16 10:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Nokia
[2009-07-22 11:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Nowe Gadu-Gadu
[2009-07-26 21:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\OpenFM
[2008-11-11 18:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\PC Suite
[2009-08-21 16:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Publish Providers
[2009-02-02 14:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Remere's Map Editor
[2009-01-25 23:01:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\SecuROM
[2009-08-21 16:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\Sony
[2009-02-22 14:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\SpeedSim
[2009-02-19 16:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rain\Dane aplikacji\TibiaTestserver
[2006-03-02 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-11 18:10:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 279 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
< End of report > [/log]
2 extra
[log]OTL Extras logfile created on: 2009-11-11 20:03:42 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = E:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,54 Gb Available in Paging File | 88,56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,00 Gb Total Space | 3,84 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 18,74 Gb Free Space | 93,70% Space Free | Partition Type: NTFS
Drive E: | 202,88 Gb Total Space | 202,49 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AKATSUKI-3BC5C4
Current User Name: Rain
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\Combat Arms EU\CombatArms.exe" = E:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"E:\Program Files\Combat Arms EU\Engine.exe" = E:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Metin2_PL\metin2.bin" = E:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\BitTorrent\bittorrent.exe" = E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\WINDOWS\Help\THEFORGOTTENSERVER.EXE" = C:\WINDOWS\Help\THEFORGOTTENSERVER.EXE:*:Enabled:The Forgotten Server -- File not found
"E:\Program Files\Nowe Gadu-Gadu\gg.exe" = E:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found
"E:\Program Files\Warcraft III\Warcraft III.exe" = E:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Program Files\Warcraft III\War3.exe" = E:\Program Files\Warcraft III\War3.exe:*:Disabled:Warcraft III -- File not found
"E:\Program Files\Garena\Garena.exe" = E:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found
"E:\Program Files\Steam\steamapps\bravorain55\counter-strike source\hl2.exe" = E:\Program Files\Steam\steamapps\bravorain55\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe" = E:\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- File not found
"E:\Program Files\Electronic Arts\EADM\Core.exe" = E:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"E:\Rohan_Global\rohanclient.exe" = E:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found
"E:\Program Files\GameSpy Arcade\Aphex.exe" = E:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"E:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe" = E:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe:*:Enabled:BF2VoipServer -- File not found
"E:\Program Files\Metin2_PLz\metin_99yt2_by_Mounthains.exe" = E:\Program Files\Metin2_PLz\metin_99yt2_by_Mounthains.exe:*:Enabled:metin_99yt2_by_Mounthains -- File not found
"E:\Program Files\Metin2_PLz\metin longjuyt2 server2.exe" = E:\Program Files\Metin2_PLz\metin longjuyt2 server2.exe:*:Enabled:metin longjuyt2 server2 -- File not found
"E:\Program Files\Metin2_PLz\metin_yt2sf_lw.exe" = E:\Program Files\Metin2_PLz\metin_yt2sf_lw.exe:*:Enabled:metin_yt2sf_lw -- File not found
"E:\Program Files\Metin2_PLz\Metin2Mod.bin" = E:\Program Files\Metin2_PLz\Metin2Mod.bin:*:Enabled:Metin2Mod -- File not found
"E:\Program Files\Metin2_PL\metin2client.bin" = E:\Program Files\Metin2_PL\metin2client.bin:*:Enabled:metin2client -- File not found
"E:\Program Files\Metin2_PLzxDdas\Metin2Mod.bin" = E:\Program Files\Metin2_PLzxDdas\Metin2Mod.bin:*:Enabled:Metin2Mod -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"E:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = E:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War -- File not found
"E:\Program Files\Steam\steam.exe" = E:\Program Files\Steam\steam.exe:*:Enabled:Steam -- File not found
"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3624A532-D480-4043-84C8-114AAA0BED1D}" = Gears of War
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0e
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 2.6.7
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"BitTorrent" = BitTorrent 5.0.4
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"FastStone Capture" = FastStone Capture 5.3
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"Garena" = Garena
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IVONA - syntezator mowy, wersja rehabilitacyjna" = IVONA - syntezator mowy, wersja rehabilitacyjna
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Steam App 500" = Left 4 Dead
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TVicHW32_is1" = TVicHW32 Version 1.0
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Companion

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Warcraft III" = Warcraft III: wszystkie elementy

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2009-06-20 17:28:22 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cert8.db
failed, 0000001E.

Error - 2009-06-20 17:32:04 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cert8.db
failed, 0000001E.

Error - 2009-06-22 05:44:22 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 2009-07-08 10:00:40 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dfn.dl.sourceforge.net/sourceforge/gparted/gparted-live-0.4.5-3.iso failed,
00000084.

Error - 2009-11-05 15:03:21 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&pq=renesans%20w%20polsce&q=Literatura%20Renesansu%20w%20polsc&cp=28
failed, 0000A413.

Error - 2009-11-05 15:03:21 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&pq=renesans%20w%20polsce&q=Literatura%20Renesansu%20w%20polsce&cp=29
failed, 0000A413.

Error - 2009-11-05 15:16:00 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&pq=Nauka%20Renesansowa%20w%20polsce&q=Odkrycia%20naukowe%20w%20re&cp=21
failed, 0000A413.

Error - 2009-11-05 19:46:15 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.web-search-home.com/chkresources failed, 0000A413.

Error - 2009-11-08 13:00:01 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&pq=Mario%20remix&q=commodore%2064%20contra%20r&cp=21
failed, 0000A413.

Error - 2009-11-09 18:48:28 | Computer Name = AKATSUKI-3BC5C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&q=Strona%20z%20porn&cp=13 failed,
0000A413.

[ Application Events ]
Error - 2009-07-23 14:48:19 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd firefox.exe, wersja 1.9.1.3483, moduł powodujący
błąd dttoolbarff.dll, wersja 1.0.0.5, adres błędu 0x000a10c0.

Error - 2009-07-26 12:51:47 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd bittorrent.exe, wersja 0.0.0.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00690001.

Error - 2009-08-03 07:40:10 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kb.exe, wersja 0.0.0.0, moduł powodujący
błąd kb.exe, wersja 0.0.0.0, adres błędu 0x0027b1d5.

Error - 2009-08-03 07:41:11 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kb.exe, wersja 0.0.0.0, moduł powodujący
błąd kb.exe, wersja 0.0.0.0, adres błędu 0x0027b1d5.

Error - 2009-08-03 07:41:16 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1001
Description = Pakiet błędów 1396699126.

Error - 2009-08-03 13:01:05 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd hl2.exe, wersja 0.0.0.0, moduł powodujący
błąd datacache.dll, wersja 0.0.0.0, adres błędu 0x0000b423.

Error - 2009-08-03 16:18:28 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd dxdiag.exe, wersja 5.3.2600.5512, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0001b21a.

Error - 2009-08-07 15:16:04 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca hl2.exe, wersja 0.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-08-08 05:49:31 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd firefox.exe, wersja 1.9.1.3497, moduł powodujący
błąd dttoolbarff.dll, wersja 1.0.0.5, adres błędu 0x000a10c0.

Error - 2009-08-08 19:01:08 | Computer Name = AKATSUKI-3BC5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd hl2.exe, wersja 0.0.0.0, moduł powodujący
błąd studiorender.dll, wersja 0.0.0.0, adres błędu 0x0003198a.

[ System Events ]
Error - 2009-10-23 09:02:28 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2009-10-23 10:20:13 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2009-10-23 16:31:59 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:
%%3

Error - 2009-10-23 16:31:59 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3

Error - 2009-10-23 16:32:22 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2009-10-23 16:41:25 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:
%%3

Error - 2009-10-23 16:41:25 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3

Error - 2009-10-23 16:46:52 | Computer Name = AKATSUKI-3BC5C4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
upnphost z argumentami „” w celu uruchomienia serwera: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2009-10-24 07:17:06 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Apache2.2 z powodu następującego błędu:
%%3

Error - 2009-10-24 07:17:06 | Computer Name = AKATSUKI-3BC5C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi mysql z powodu następującego błędu: %%3


< End of report > [/log]

Log z programu a-squared Anti-Malware
[log]a-squared Anti-Malware - wersja %S 4.5
Ost. aktualizacja: 2009-11-11 19:50:40

Ustawienia skanu:

Typ skanu: N/A
Obiekty: Pamięć, Ślady, Ciastka, C:\, D:\, E:\
Skan archiw: Włącz
Heurestyka: Wyłącz
Skan reklam: Włącz

Skan wystartował: 2009-11-11 19:50:49

c:\documents and settings\rain\menu start\programy\gamespy arcade Wykryto: Trace.Directory.GameSpy Arcade!A2
Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Cmd1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2
Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Preview1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2
Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\KLExtensions\Tools --> Title1 Wykryto: Trace.Registry.Kazaa Lite Resurrection!A2
c:\documents and settings\all users\menu start\programy\bittorrent\bittorrent.lnk Wykryto: Trace.File.Bittorrent 5.0!A2
Value: HKEY_USERS\S-1-5-21-746137067-1592454029-1801674531-1004\Software\GameSpy\GameSpy Arcade --> InstDir Wykryto: Trace.Registry.GameSpy Arcade!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\GameSpy\GameSpy Arcade --> InstDir Wykryto: Trace.Registry.GameSpy Arcade!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> DisplayName Wykryto: Trace.Registry.GameSpy Arcade!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> UninstallString Wykryto: Trace.Registry.GameSpy Arcade!A2
C:\Documents and Settings\Rain\Cookies\rain@doubleclick[2].txt Wykryto: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Rain\Cookies\rain@smartadserver[1].txt Wykryto: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Rain\Cookies\rain@tradedoubler[1].txt Wykryto: Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256853839015000 Wykryto: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994989468001 Wykryto: Trace.TrackingCookie.promo.awempire.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953000 Wykryto: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953001 Wykryto: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1256994999953003 Wykryto: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000914734000 Wykryto: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000914734001 Wykryto: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562000 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562002 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257000919562003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257087555453000 Wykryto: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257142798515000 Wykryto: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257264767703000 Wykryto: Trace.TrackingCookie.ads.crakmedia.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447746968000 Wykryto: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447750921000 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257447750937003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257452411125000 Wykryto: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257452411125001 Wykryto: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257698925671000 Wykryto: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257698925671003 Wykryto: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257705670984001 Wykryto: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257705699000003 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257876618890002 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257933966812001 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257933968312004 Wykryto: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257934063812002 Wykryto: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257934063812003 Wykryto: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984000 Wykryto: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984001 Wykryto: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984002 Wykryto: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Rain\Dane aplikacji\Mozilla\Firefox\Profiles\3w732ebb.default\cookies.sqlite:1257947369984003 Wykryto: Trace.TrackingCookie.azjmp.com!A2
C:\Documents and Settings\Rain\Menu Start\Programy\Autostart\smgr32.exe Wykryto: Trojan-Dropper.Gen2!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesA.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesHP.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPDE.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPIT.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesA.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesHP.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesPDE.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesPIT.exe Wykryto: Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Pulpit\Słony Wegas\keygen.exe Wykryto: Generic.Win32.Malware!IK
C:\Documents and Settings\Rain\Pulpit\Słony Wegas\SonyVegas7_Keygen_and_Scan.rar/keygen.exe Wykryto: Generic.Win32.Malware!IK
C:\Program Files\Temp\temporary2.exe Wykryto: Trojan-Downloader.Win32.Small!IK

Przeskanowano

Pliki: 65362
Ślady: 644428
Ciastka: 617
Procesy: 48

Wykryte

Pliki: 12
Ślady: 9
Ciastka: 35
Procesy: 0
Klucze rejestru: 0

Koniec skanu: 2009-11-11 20:11:17
Skan trwał: 0:20:28

C:\Program Files\Temp\temporary2.exe Skasowany Trojan-Downloader.Win32.Small!IK
C:\Documents and Settings\Rain\Pulpit\Słony Wegas\keygen.exe Skasowany Generic.Win32.Malware!IK
C:\Documents and Settings\Rain\Pulpit\Słony Wegas\SonyVegas7_Keygen_and_Scan.rar/keygen.exe Skasowany Generic.Win32.Malware!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesA.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesHP.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPDE.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh\resourcesPIT.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Moje dokumenty\mh.rar/resourcesA.exe Skasowany Trojan-Downloader.Win32.AutoIt!IK
C:\Documents and Settings\Rain\Menu Start\Programy\Autostart\smgr32.exe Skasowany Trojan-Dropper.Gen2!IK

Skasowany

Pliki: 20
Ślady: 0
Ciastka: 0
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-746137067-1592454029-1801674531-1004\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (file missing)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-23 22:40:24 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

:Files
C:\Program Files\Yahoo!\Companion\Installs
D:\autorun.inf
C:\autorun.inf

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[/code]
Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie.

Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Nothing
komentarz
komentarz

Proszę.
[log]Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 2775
Windows 5.1.2600 Dodatek Service Pack 3

2009-11-11 20:57:41
mbam-log-2009-11-11 (20-57-41).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 132215
Upłynęło: 13 minute(s), 51 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)
[/log]
Podczas skanowania awast wykrył jakiegoś wirusa, zignorowałem go.
Co dalej?

Psycholandia
komentarz
komentarz

Jaki to był wiurs?

Nothing
komentarz
komentarz (edytowane)

win 32:Malware-gen
W pliku avasta, znalazłem jego nazwę, i znam jego lokalizację.
Mam pytanie, czy jest szansa na odzyskanie danych?

ZooMpl
komentarz
komentarz

Spróbuj programami do odzyskiwania skasowanych danych, część odzyskasz(wszystkie przy szczęściu)

Nothing
komentarz
komentarz (edytowane)

Czyli że co?
Jak to mam zrobić?
Ale te dane nie zostały skasowane, nadal tam są.

Proszę, pomóżcie. ;/

Co mam dalej zrobić?

danielek316
komentarz
komentarz

Ściągnąć program do odzyskiwania danych i próbować.
Tu masz do wyboru: http://www.download.net.pl/c96/Odzyskiwanie-danych/
Ja osobiście używałem tego: http://www.download.net.pl/1612/PC-Inspector-Smart-Recovery/
:)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.