iwan59 utworzono 21 listopada 2009 utworzono 21 listopada 2009 (edytowane) Witam. Problem wygląda następująco. Avast zakomunikował o rootkicie w pliku explorer.exe i od tego czasu system można uruchomić tylko w trybie awaryjnym. Ostatnio też wywalało błąd svchost. Przywracanie systemu nie pomoga. Logi będę dodawał kiedy się stworzą. [b]OTL.Txt[/b] [log] OTL logfile created on: 2009-11-21 10:40:32 - Run 3 OTL by OldTimer - Version 3.1.6.1 Folder = H:\Nowy folder Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.27% Memory free 3.85 Gb Paging File | 3.77 Gb Available in Paging File | 98.02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15.63 Gb Total Space | 2.68 Gb Free Space | 17.16% Space Free | Partition Type: NTFS Drive D: | 59.50 Gb Total Space | 18.84 Gb Free Space | 31.66% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 22.88 Gb Free Space | 11.71% Space Free | Partition Type: NTFS Drive F: | 195.32 Gb Total Space | 0.65 Gb Free Space | 0.33% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 1.86 Gb Total Space | 1.27 Gb Free Space | 68.63% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: KOMPUTER Current User Name: iwan Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-11-21 10:26:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- H:\Nowy folder\OTL.exe PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-11-21 10:26:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- H:\Nowy folder\OTL.exe MOD - [2008-04-14 21:50:32 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 21:29:10 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (createprocess) SRV - [2009-09-27 17:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2009-04-07 08:39:44 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe -- (fsusbexservice) SRV - [2009-03-09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-01-27 22:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008-11-11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008-05-16 01:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2008-05-16 01:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2008-05-16 01:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2008-05-16 01:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2008-04-14 21:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008-04-14 21:50:36 | 00,168,096 | RHS- | M] () -- C:\WINDOWS\system32\lgkva.dll -- (jlqjge) SRV - [2008-04-14 21:50:36 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\mswmdmsrv.dll -- (WmdmPmSN) SRV - [2007-11-06 21:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2007-01-04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2006-10-26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2006-03-03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-09-27 15:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-09-23 23:25:41 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (tvichw32) DRV - [2009-08-24 10:58:51 | 00,626,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2009-04-07 08:39:44 | 00,036,608 | ---- | M] () -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-19 13:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-03-19 13:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-03-08 21:48:07 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (pxhelp20) DRV - [2008-05-16 01:20:32 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2008-05-16 01:18:33 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2008-05-16 01:16:06 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008-05-16 01:15:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008-05-16 01:14:11 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2008-05-16 01:13:26 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-04-13 23:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx) DRV - [2008-04-13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 23:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser) DRV - [2008-04-13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 21:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-22 14:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008-02-22 14:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008-02-22 14:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2007-11-06 21:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2007-11-03 10:21:02 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- e:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2007-06-22 11:14:00 | 04,432,384 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007-04-14 09:28:00 | 00,094,592 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-02-26 18:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21) DRV - [2006-11-06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh) DRV - [2006-04-12 11:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006-04-12 11:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2006-04-12 11:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2005-09-26 14:47:46 | 00,008,576 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal) DRV - [2004-08-17 10:44:22 | 00,091,263 | ---- | M] (VM) -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nasza-klasa.pl/ IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\S-1-5-21-796845957-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008-11-27 21:33:43 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: E:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-01-25 17:25:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-20 20:25:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla thunderbird 2.0.0.23\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009-08-24 13:13:41 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\mozilla thunderbird 2.0.0.23\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2009-10-14 18:49:56 | 00,000,000 | ---D | M] [2009-11-04 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla\Extensions [2009-11-04 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00c6482d-c502-44c8-8409-fce54ad9c208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\shellbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\shellbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found O4 - HKLM..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [RocketDock] E:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [SkinClock] E:\Program Files\Clock Tray Skins\ClockTraySkins.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RocketDock.lnk = E:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\iwan\Menu Start\Programy\Autostart\Disabled [2009-10-19 19:37:08 | 00,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\iwan\Menu Start\Programy\Autostart\Skrót do AdMunch.lnk = E:\Program Files\Ad Muncher\AdMunch.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Block frame with Ad Muncher - File not found O8 - Extra context menu item: Block image with Ad Muncher - File not found O8 - Extra context menu item: Block link with Ad Muncher - File not found O8 - Extra context menu item: Don't filter page with Ad Muncher - File not found O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE File not found O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm File not found O8 - Extra context menu item: Report page to the Ad Muncher developers - File not found O9 - Extra Button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..Trusted Domains: google.pl ([maps] http in Zaufane witryny) O15 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.53.254 192.168.11.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-11-18 14:43:48 | 00,000,000 | -HSD | M] - H:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{6faee026-b2a5-11dd-ab98-0019dbf38d8a}\Shell - "" = AutoRun O33 - MountPoints2\{b06d5174-6667-11de-9f1e-0019dbf38d8a}\Shell - "" = AutoRun O33 - MountPoints2\{c0df668b-b8c7-11de-a0d0-0019dbf38d8a}\Shell - "" = AutoRun O33 - MountPoints2\{f641d40f-d35b-11de-b7f1-0019dbf38d8a}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-11-21 10:05:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\iwan\Recent [2009-11-18 20:26:49 | 00,000,000 | --SD | C] -- C:\Documents and Settings\iwan\UserData [2009-11-17 10:33:58 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\iwan\Pulpit\setup-spybotsd162.exe [2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy) [2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy) [2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) [2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) [2009-11-17 10:31:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2009-11-16 21:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Moje dokumenty\PDF2Office v4.0 [2009-11-16 21:03:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\Thinstall [2009-11-16 15:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Dane aplikacji\Corel [2009-11-13 10:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Moje dokumenty\My Webs [2009-11-12 18:31:46 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2009-11-12 18:31:45 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2009-11-12 18:31:45 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2009-11-12 18:31:44 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2009-11-12 18:31:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2009-11-12 18:31:43 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2009-11-12 18:31:42 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2009-11-09 22:11:03 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-11-09 22:11:03 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-11-09 22:11:02 | 00,095,608 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-11-09 22:11:02 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-11-09 22:11:01 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-11-09 22:11:01 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-11-09 22:11:01 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-11-09 22:11:01 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-11-09 22:10:53 | 01,152,888 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-11-09 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-10-27 13:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP [2009-10-25 22:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++ [2009-10-25 22:07:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\bin [2009-10-25 22:00:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\icon set part 2 [2009-03-08 21:50:41 | 01,011,784 | ---- | C] (LogMeIn Inc.) -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\HamachiSetup-1.0.3.0-en.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-11-21 10:36:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-11-21 10:33:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-11-21 10:12:08 | 00,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009-11-21 10:05:46 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\iwan\ntuser.ini [2009-11-21 10:05:45 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\iwan\NTUSER.DAT [2009-11-21 03:41:07 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini [2009-11-21 03:41:06 | 03,165,174 | -H-- | M] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-19 23:36:42 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-19 13:17:45 | 00,094,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys [2009-11-19 13:17:45 | 00,094,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\agp440.sys [2009-11-18 18:10:23 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Counter-Strike.lnk [2009-11-18 17:34:44 | 00,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2009-11-17 16:05:14 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\AQQ.lnk [2009-11-17 10:34:50 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\iwan\Pulpit\setup-spybotsd162.exe [2009-11-16 21:03:50 | 00,001,430 | ---- | M] () -- C:\WINDOWS\crrqdtn48.ini [2009-11-16 11:33:43 | 00,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-11-15 17:49:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-11-13 10:16:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-11-12 21:19:53 | 00,000,233 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Skrót do Realtek Konfiguracja audio HD.lnk [2009-11-11 20:30:43 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Exact Audio Copy.lnk [2009-11-09 22:11:03 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-11-09 22:11:02 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-11-09 17:43:28 | 00,234,864 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\20080709018.jpg [2009-11-09 14:14:03 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2009-11-09 14:14:00 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word .doc [2009-11-04 18:34:09 | 00,000,464 | ---- | M] () -- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini [2009-11-03 09:35:43 | 00,117,188 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\jazdy40.jar [2009-11-02 19:13:46 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt2.xls [2009-11-02 17:10:58 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt1.xls [2009-11-01 20:54:24 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009-11-01 20:07:12 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Football Manager 2010.lnk [2009-10-28 23:59:59 | 00,000,502 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009-10-27 18:45:21 | 01,199,246 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\fontanna juszki.cdr [2009-10-27 17:46:52 | 01,199,202 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_fontanna juszki.cdr [2009-10-27 17:20:46 | 00,113,784 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\nowe logo kolumna.cdr [2009-10-27 17:16:30 | 00,113,950 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_nowe logo kolumna.cdr [2009-10-27 14:09:36 | 00,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2009-10-27 14:02:16 | 02,665,358 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\bez tytułu.bmp [2009-10-27 13:52:20 | 00,000,293 | -HS- | M] () -- C:\boot.ini [2009-10-26 21:16:23 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Parki krajobrazowe.doc [2009-10-26 18:45:37 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Lista- 1 zad 09-10.doc [2009-10-26 12:03:15 | 00,022,083 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Redds-piwo-o-smaku-jablkowym-w-butelce-500ml-Full.jpg [2009-10-25 22:35:08 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2009-10-25 21:06:47 | 01,114,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-10-25 21:06:47 | 00,499,510 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-25 21:06:47 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-25 21:06:47 | 00,088,816 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-25 21:06:47 | 00,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-10-22 18:50:54 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\martyna.doc [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-11-18 18:10:23 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Counter-Strike.lnk [2009-11-18 17:34:44 | 00,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2009-11-16 21:03:50 | 00,001,430 | ---- | C] () -- C:\WINDOWS\crrqdtn48.ini [2009-11-12 21:19:53 | 00,000,233 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Skrót do Realtek Konfiguracja audio HD.lnk [2009-11-11 20:30:43 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Exact Audio Copy.lnk [2009-11-09 22:11:03 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-11-09 22:10:53 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009-11-09 17:43:27 | 00,234,864 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\20080709018.jpg [2009-11-09 14:14:03 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2009-11-09 14:14:00 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word .doc [2009-11-04 18:34:09 | 00,000,464 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini [2009-11-03 09:35:43 | 00,117,188 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\jazdy40.jar [2009-11-02 18:54:37 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt2.xls [2009-11-02 17:10:58 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt1.xls [2009-11-01 20:07:12 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Football Manager 2010.lnk [2009-10-28 23:59:59 | 00,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009-10-27 17:09:48 | 00,113,950 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_nowe logo kolumna.cdr [2009-10-27 17:04:18 | 00,113,784 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\nowe logo kolumna.cdr [2009-10-27 14:09:36 | 00,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2009-10-27 09:53:21 | 01,199,202 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_fontanna juszki.cdr [2009-10-27 08:45:22 | 01,199,246 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\fontanna juszki.cdr [2009-10-26 18:45:37 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Lista- 1 zad 09-10.doc [2009-10-26 12:03:15 | 00,022,083 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Redds-piwo-o-smaku-jablkowym-w-butelce-500ml-Full.jpg [2009-10-26 09:51:20 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Parki krajobrazowe.doc [2009-10-25 22:35:08 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2009-10-22 18:50:54 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\martyna.doc [2009-10-19 13:17:27 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-10-11 19:32:17 | 00,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-07 17:21:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2009-09-25 07:21:28 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009-09-25 07:21:28 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009-08-11 11:20:42 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\wiaserva.log [2009-06-13 10:28:25 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-05-30 15:08:09 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini [2009-04-27 10:30:41 | 00,000,193 | ---- | C] () -- C:\WINDOWS\MBMTool.INI [2009-04-25 10:06:43 | 00,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-04-21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009-03-08 21:50:41 | 01,420,256 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\libeay32.dll [2009-03-08 21:50:41 | 00,306,052 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\libssl32.dll [2009-03-08 21:50:41 | 00,091,648 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.exe [2009-03-08 21:50:41 | 00,074,240 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\zlib1.dll [2009-03-08 21:50:41 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GoalServer2009.exe [2009-03-08 21:50:41 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GoalWebServer2009.exe [2009-03-08 21:50:41 | 00,029,061 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.html [2009-03-08 21:50:41 | 00,001,375 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\pes09.crt [2009-03-08 21:50:41 | 00,001,177 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.conf [2009-03-08 21:50:41 | 00,000,887 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\pes09.key [2009-03-08 21:50:41 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\crt.vbs [2009-03-08 21:50:41 | 00,000,495 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\check.vbs [2009-03-03 17:11:50 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-03 17:01:28 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-03-03 17:01:28 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-02-23 17:31:57 | 02,246,163 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009-02-23 17:31:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-02-23 17:31:55 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-02-23 17:31:55 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-01-17 16:13:14 | 00,001,415 | ---- | C] () -- C:\WINDOWS\CPTI_SearchHistory.INI [2009-01-17 16:13:11 | 01,220,608 | ---- | C] () -- C:\WINDOWS\System32\pdf2bmp.dll [2009-01-17 16:13:10 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2008-11-14 13:43:31 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\$_hpcst$.hpc [2008-11-02 21:09:02 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2008-10-29 16:34:31 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-10-29 16:34:31 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\PnkBstrK.sys [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-10-05 15:18:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-10-05 15:09:46 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-10-03 19:00:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2008-10-03 18:47:14 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2008-10-03 18:44:56 | 00,001,028 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-10-03 18:21:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll [2008-10-03 18:21:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll [2008-10-03 18:03:37 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2008-10-03 17:56:04 | 00,010,464 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2008-10-03 17:55:41 | 00,070,368 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2008-10-03 17:38:17 | 03,165,174 | -H-- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\IconCache.db [2008-10-03 17:34:08 | 00,094,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys [2008-10-03 17:19:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\desktop.ini [2007-11-06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007-10-25 16:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-07-05 09:37:52 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini [2007-03-29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2006-06-29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006-06-29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006-04-18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006-04-18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2004-08-03 23:44:02 | 00,168,096 | RHS- | C] () -- C:\WINDOWS\System32\lgkva.dll [2004-08-03 23:44:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\mswmdmsrv.dll [2004-08-03 22:15:10 | 00,626,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys [2001-07-21 22:16:20 | 00,001,048 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-07 02:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2008-10-28 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy [2009-09-10 08:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2008-10-05 01:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DFX [2009-11-17 11:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier [2009-04-25 10:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeRIP [2009-09-30 13:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-10-21 12:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2008-10-05 00:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-02-23 23:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2009-04-23 11:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2008-10-03 18:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2008-12-19 07:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-07-18 11:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCapv1005 [2008-11-16 00:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive [2008-10-05 21:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith [2009-05-30 14:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2008-10-03 19:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gosia\Dane aplikacji\Gadu-Gadu [2008-10-03 19:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gosia\Dane aplikacji\PC Suite [2009-04-25 10:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\AD ON Multimedia [2009-05-11 22:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Audacity [2008-12-10 23:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\AVSMedia [2008-10-20 17:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\BESTplayer [2009-11-16 15:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Corel [2009-11-21 03:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\DC++ [2009-04-25 10:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Desktopicon [2009-10-06 13:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Dev-Cpp [2009-10-06 16:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Disney Interactive Studios [2009-02-22 23:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\EmailNotifier [2008-10-03 18:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\FlashFXP [2008-10-04 23:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Gadu-Gadu [2009-05-11 10:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\HTML Executable [2009-11-11 21:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Image Zone Express [2009-03-05 21:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\IrfanView [2009-03-01 22:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Kana Solution [2008-11-21 18:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Leadertech [2008-11-02 21:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Megaupload [2008-10-09 06:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mp3tag [2009-04-23 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Nokia [2009-10-25 22:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++ [2008-10-03 18:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Opera [2009-02-13 15:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\PC Suite [2009-07-18 11:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\PopCapv1005eni [2009-09-26 09:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Samsung [2009-03-29 21:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Softi Software [2009-06-28 00:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Sports Interactive [2009-03-10 12:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\TechSmith [2009-11-18 15:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Thinstall [2008-10-03 18:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Thunderbird [2009-05-30 14:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Ubisoft [2009-11-21 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\uTorrent [2009-08-24 13:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Wolfram Research [2001-07-21 22:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-11-21 10:33:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> E:\Program Files\RocketDock\RocketDock.exe:SummaryInformation < End of report > [/log] [b]DDS.txt[/b] [log] DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL Run by iwan at 11:01:58.78 on 2009-11-21 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1766 [GMT 1:00] AV: avast! antivirus 4.8.1201 [VPS 091120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE H:\Nowy folder\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://nasza-klasa.pl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - e:\program files\techsmith\snagit 9\SnagItBHO.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\temp\programy portable\portable spybot search & destroy v1.4\portable spybot search & destroy v1.4\spybot - search & destroy\spybot - search & destroy\SDHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\program files\flashget\getflash.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - e:\program files\techsmith\snagit 9\SnagItIEAddin.dll TB: {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [SkinClock] e:\program files\clock tray skins\ClockTraySkins.exe uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe" mRun: [WinampAgent] "e:\program files\winamp\winampa.exe" mRun: [NPSStartup] mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\iwan\menust~1\programy\autost~1\skrtdo~1.lnk - e:\program files\ad muncher\AdMunch.exe StartupFolder: c:\docume~1\iwan\menust~1\programy\autost~1\disabled\admunc~1.lnk - e:\program files\ad muncher\AdMunch.exe IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude IE: E&ksport do programu Microsoft Excel - e:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Pobierz za pomocą Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\temp\programy portable\portable spybot search & destroy v1.4\portable spybot search & destroy v1.4\spybot - search & destroy\spybot - search & destroy\SDHelper.dll Trusted Zone: google.pl\maps DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880d85-aad9-4558-abdc-2ab1552d831f} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2005-9-26 8576] S1 7b197d;7b197d;c:\windows\system32\drivers\7b197d.sys --> c:\windows\system32\drivers\7b197d.sys [?] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-9 78416] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-9 20560] S2 createprocess;CreateProcess Service;c:\windows\system\svchost.exe --> c:\windows\system\svchost.exe [?] S2 fsusbexservice;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-9-25 233472] S2 jlqjge;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 bmtyvfpx;bmtyvfpx;\??\c:\windows\system32\01d3.tmp --> c:\windows\system32\01D3.tmp [?] S3 dqkqnry;dqkqnry;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-9-25 36608] S3 ggggzy;ggggzy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-9-30 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-9-30 8320] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064] S3 onnic;onnic;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 xdtzey;xdtzey;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] =============== Created Last 30 ================ 2009-11-18 19:26:49 0 d-s---w- c:\documents and settings\iwan\UserData 2009-11-17 09:33:53 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-11-17 09:33:53 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-11-17 09:33:53 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-11-17 09:33:53 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-11-17 09:31:48 0 d-----w- c:\docume~1\alluse~1\daneap~1\Spybot - Search & Destroy 2009-11-16 20:03:50 1430 ----a-w- c:\windows\crrqdtn48.ini 2009-11-12 17:31:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-11-12 17:31:45 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-11-12 17:31:45 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-11-12 17:31:44 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-11-12 17:31:43 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-11-12 17:31:43 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-11-12 17:31:42 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-10-27 12:47:53 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP 2009-10-25 21:07:33 0 d-----w- c:\windows\bin 2009-10-25 21:00:25 0 d-----w- c:\windows\icon set part 2 ==================== Find3M ==================== 2009-11-19 12:17:45 94112 -c--a-w- c:\windows\system32\drivers\agp440.sys 2009-10-25 20:06:47 88816 ----a-w- c:\windows\system32\perfc015.dat 2009-10-25 20:06:47 499510 ----a-w- c:\windows\system32\perfh015.dat 2009-10-19 18:48:55 44750 ----a-w- C:\rejestr cz2 19 oct.reg 2009-10-19 18:48:17 458888 ----a-w- C:\rejestr 19 oct.reg 2009-10-19 18:19:58 152064 ----a-w- C:\deletedr.exe 2009-10-19 18:02:31 132597 ----a-w- C:\Flash_Disinfector.exe 2009-10-07 16:21:51 137729 ----a-w- c:\windows\system32\explorxp.exe 2009-09-27 16:19:52 3674112 ----a-w- c:\windows\system32\nvwssr.dll 2009-09-27 14:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll 2009-09-27 14:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 14:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll 2009-09-27 14:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll 2009-09-27 14:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll 2009-09-27 14:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll 2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll 2009-09-27 14:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin 2009-09-27 14:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll 2009-09-23 22:25:41 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS 2009-09-10 09:33:41 120529 ----a-w- c:\windows\hpoins11.dat 2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2008-04-14 20:50:36 168096 --sha-r- c:\windows\system32\lgkva.dll 2007-11-05 21:37:26 129368 --shatr- c:\windows\system32\panel sterowania.{21ec2020-3aea-1069-a2dd-08002b30309d}\winlogon.dll ============= FINISH: 11:02:11.54 =============== [/log] [b]Attach.txt[/b] [log] UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2008-10-03 18:17:45 System Uptime: 2009-11-21 10:36:22 (1 hours ago) Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345 Processor: Procesor Intel Pentium III Xeon | CPU 1 | 2671/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 16 GiB total, 2.68 GiB free. D: is FIXED (NTFS) - 59 GiB total, 18.836 GiB free. E: is FIXED (NTFS) - 195 GiB total, 22.876 GiB free. F: is FIXED (NTFS) - 195 GiB total, 0.654 GiB free. G: is CDROM () H: is Removable ==== Disabled Device Manager Items ============= Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia Windows Portable Device Driver Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N73 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia Windows Portable Device Driver Device ID: ROOT\WPD\0001 Manufacturer: Nokia Name: Nokia N95 PNP Device ID: ROOT\WPD\0001 Service: WUDFRd Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia Windows Portable Device Driver Device ID: ROOT\WPD\0002 Manufacturer: Nokia Name: Nokia 6630 PNP Device ID: ROOT\WPD\0002 Service: WUDFRd ==== System Restore Points =================== RP34: 2009-11-19 13:31:27 - Punkt kontrolny systemu RP35: 2009-11-20 14:21:33 - Punkt kontrolny systemu ==== Installed Programs ====================== 7-Zip 4.65 Ad Muncher Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8 - Polish Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player 11.5 AiO_Scan_CDA AiOSoftwareNPI ALLPlayer V3.X µTorrent Audacity 1.3.6 (Unicode) Audiosurf avast! Antivirus Borderlands BufferChm Burnout(TM) Paradise The Ultimate Box Call of Duty Modern Warfare 2 CCleaner Cleanse Uninstaller Pro 2008 Clock Tray Skins 4 CoreAVC Professional Edition (remove only) Counter-Strike Counter-Strike 1.6 CustomerResearchQFolder CWK (Czasowy Wyłącznik Komputera) DC++ 0.750 Deathmatch Classic Destinations Dev-C++ 5 beta 9 release (4.9.9.2) DeviceManagementQFolder DFX for Winamp Driver Magician 3.4 DriverAgent by eSupport.com eSupportQFolder EVEREST Ultimate Edition v4.50 Exact Audio Copy 0.99pb5 F300 F300_Help Fax_CDA FlashGet 1.9.6.1073 Football Manager 2010 Foto-Mosaik-Edda 5.4.4 Gadu-Gadu 7.7 GetDiz 3.0 Gravity GRID HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB954550-v5) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant Icon Restore 1.0 Ideal DVD to AVI Converter V2.0.1 InstantShareDevicesMFC IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 13 Java(TM) 6 Update 3 Java(TM) 6 Update 7 JestemHardcorem 1.2 K-Lite Codec Pack 4.6.2 (Full) Kolory Last.fm 1.5.4.24567 LightScribe System Software LightScribe Template Labeler Malwarebytes' Anti-Malware MarketResearch Medieval CUE Splitter Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK Microsoft .NET Framework 3.5 Language Pack SP1 - plk Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft WSE 3.0 Runtime Mirror's Edge™ Mojo Master Winamp Visualizer for Winamp (remove only) Mozilla Thunderbird (2.0.0.23) Mp3tag v2.41 MSVC80_x86 MSXML 6.0 Parser NAPIPROJEKT 1.0.6.1 Need for Speed™ SHIFT Nero OEM NewCopy_CDA NFO Creator Nokia Connectivity Cable Driver Nokia PC Suite Nokia Software Updater Notepad++ NVIDIA Drivers NVIDIA nView Desktop Manager NVIDIA PhysX OpenAL OpenOffice.org 2.3 Opera 10.00 Opera 10.01 Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8) Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1) Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9) Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1) Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) PC Connectivity Solution Pet Racer Pet Soccer Picasa 3 Podręcznik dotyczący urządzeń z systemem Windows Mobile® Popcap Game Collection Pro Evolution Soccer 2009 Pro Evolution Soccer 2010 ProductContextNPI Prototype(TM) PunkBuster Services QuickSFV (Remove only) Readme Real Alternative 1.7.5 Realtek High Definition Audio Driver Ricochet RocketDock 1.3.5 Rockstar Games Social Club Safari SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile Modem Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung New PC Studio Samsung New PC Studio USB Driver Installer SAMSUNG SYMBIAN USB Download Driver SAMSUNG USB Mobile Device Software SamsungConnectivityCableDriver Scan ScannerCopy Skaner on-line mks_vir Skype™ 4.1 SnagIt 9 Softi FreeOCR SolutionCenter SopCast 3.0.1 Spelling Dictionaries Support For Adobe Reader 8 Spolszczenie Pro Evolution Soccer 2009 RC 1.0 Spybot - Search & Destroy Status Steam SubEdit-Player sXe Injected The Sims™ 3 Toolbox Total Commander (Remove or Repair) Total Video Converter 3.11 TrayApp TV UltraISO Premium V8.66 Usb Game Pad USB Joystick VC80CRTRedist - 8.0.50727.762 VibrateGameDeviceDriver Vimicro USB PC Camera (VC0305) VisualGPS - BeeLineGPS v1.83 WapSter AQQ WebFldrs XP WebReg Winamp Windows Media Format 11 runtime WinPcap 4.0.2 WinRAR archiver xp-AntiSpy 3.96-6 ==== End Of File =========================== [/log]\ [b]RSIT[/b] info [log] info.txt logfile of random's system information tool 1.06 2009-11-21 11:05:28 ======Uninstall list====== -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe" Ad Muncher-->E:\Program Files\Ad Muncher\uninst.exe Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81200000003} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ALLPlayer V3.X-->"e:\Program Files\ALLPlayer\unins000.exe" Audacity 1.3.6 (Unicode)-->"e:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD} Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F} Call of Duty Modern Warfare 2-->"E:\Gry\Activision\Modern Warfare 2\unins000.exe" CCleaner-->"H:\Portable\CCleaner\uninst.exe" Cleanse Uninstaller Pro 2008 -->E:\Program Files\Zards software\Cleanse Uninstaller\uninst.exe Clock Tray Skins 4-->"e:\Program Files\Clock Tray Skins\unins000.exe" CoreAVC Professional Edition (remove only)-->"e:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe" Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 Counter-Strike-->"E:\Gry\Steam\steam.exe" steam://uninstall/10 CWK (Czasowy Wyłącznik Komputera)-->"E:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall DC++ 0.750-->"E:\Program Files\DC++\uninstall.exe" Deathmatch Classic-->"E:\Gry\Steam\steam.exe" steam://uninstall/40 Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe" DFX for Winamp-->e:\Program Files\DFX\uninstall_Winamp.exe Driver Magician 3.4-->"C:\Program Files\Driver Magician\unins000.exe" DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove EVEREST Ultimate Edition v4.50-->"E:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Exact Audio Copy 0.99pb5-->E:\Program Files\Exact Audio Copy\uninst.exe FlashGet 1.9.6.1073-->e:\Program Files\FlashGet\uninst.exe Football Manager 2010-->"E:\Gry\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe" Foto-Mosaik-Edda 5.4.4-->"E:\Program Files\Foto-Mosaik-Edda\unins000.exe" Gadu-Gadu 7.7-->e:\Program Files\Gadu-Gadu\Setup.exe GetDiz 3.0-->E:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE E:\PROGRA~1\GetDiz\UNINST~1\install.log Gravity-->"E:\Gry\Gravity\unins000.exe" GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly HijackThis 2.0.2-->"e:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" HP Customer Participation Program 7.0-->E:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 7.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Photosmart, Officejet and Deskjet 7.0.A-->E:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Icon Restore 1.0-->C:\WINDOWS\unins000.exe Ideal DVD to AVI Converter V2.0.1-->"C:\Program Files\IdealDVD2AVI\unins000.exe" IrfanView (remove only)-->e:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JestemHardcorem 1.2-->"E:\Gry\JestemHardcorem\unins000.exe" K-Lite Codec Pack 4.6.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Last.fm 1.5.4.24567-->"e:\Program Files\Last.fm\unins000.exe" LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898} LightScribe Template Labeler-->MsiExec.exe /X{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{2AFF2951-86B1-3C53-B34D-B440F11E7D0A} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988} Mojo Master Winamp Visualizer for Winamp (remove only)-->"e:\Program Files\Winamp\uninst-vis_MojoMaster.dll.exe" Mozilla Thunderbird (2.0.0.23)-->E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe Mp3tag v2.41-->e:\Program Files\Mp3tag\Mp3tagUninstall.EXE MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} NAPIPROJEKT 1.0.6.1-->"e:\Program Files\NAPI-PROJEKT\unins000.exe" Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4} Nero OEM-->e:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NFO Creator-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD} Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548} Notepad++-->E:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U OpenOffice.org 2.3-->MsiExec.exe /I{554F8595-ABAA-4FC7-B749-CF3260D687B6} Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9} Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219} Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe" Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_642960B49F5985230DB9B953682A9431120601FA\amdk8.inf Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD} Pet Racer-->E:\Gry\\Pet Racer\uninstall Pet Racer.exe Pet Soccer-->E:\Program Files\Pet Soccer\uninstall Pet Soccer.exe Picasa 3-->"e:\Program Files\Google\Picasa3\Uninstall.exe" Podręcznik dotyczący urządzeń z systemem Windows Mobile®-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe Popcap Game Collection-->"C:\Program Files\InstallShield Installation Information\{69EA986B-B172-4FAA-B54D-853BD3A2B264}\Setup.exe" -runfromtemp -l0x0009 -removeonly Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31} Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727} Prototype(TM)-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409 PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u QuickSFV (Remove only)-->e:\Program Files\QuickSFV\QSFVUNST.EXE e:\Program Files\QuickSFV\ Real Alternative 1.7.5-->"e:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly Ricochet-->"E:\Gry\Steam\steam.exe" steam://uninstall/60 RocketDock 1.3.5-->"E:\Program Files\RocketDock\unins000.exe" Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly Safari-->MsiExec.exe /X{582D2A53-F426-4C5E-A2E6-43C1AB36B907} SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\Program Files\Samsung\Samsung Mobile phone USB driver\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Program Files\SAMSUNG\SAMSUNG Mobile USB Modem\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Program Files\SAMSUNG\SAMSUNG Mobile USB Modem\SSM_Uninstall.exe Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0415 -removeonly Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612} Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0415 -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25} Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SnagIt 9-->MsiExec.exe /I{ADDD6985-3A28-44D0-A1BA-FDD19A820491} Softi FreeOCR-->MsiExec.exe /I{ABBACAD2-4DAF-490E-932B-E330B33FCF98} SopCast 3.0.1-->e:\Program Files\SopCast\uninst.exe Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spolszczenie Pro Evolution Soccer 2009 RC 1.0-->"E:\Gry\KONAMI\Pro Evolution Soccer 2009\img\unins000.exe" Spybot - Search & Destroy-->"E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SubEdit-Player-->"e:\Program Files\SubEdit-Player\unins000.exe" sXe Injected-->E:\Program Files\sXe Injected\uninstall.exe The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0015 -removeonly Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Total Video Converter 3.11-->"e:\Program Files\Total Video Converter\unins000.exe" TV-->e:\Program Files\TV\Uninst0.exe UltraISO Premium V8.66-->"e:\Program Files\UltraISO\unins000.exe" Usb Game Pad-->C:\PROGRA~1\USBGAM~1\UNWISE.EXE C:\PROGRA~1\USBGAM~1\INSTALL.LOG USB Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEED33EE-4357-4907-8F20-C1A50CC68A5A}\setup.exe" -l0x9 -removeonly VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VibrateGameDeviceDriver-->MsiExec.exe /I{DBB7F606-0C13-4182-AD7F-427A4773580E} Vimicro USB PC Camera (VC0305)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9 VisualGPS - BeeLineGPS v1.83-->"C:\Program Files\Microsoft ActiveSync\VisualGPS - BeeLineGPS\unins000.exe" WapSter AQQ-->e:\Program Files\WapSter\WapSter AQQ\uninstall.exe Winamp-->"e:\Program Files\Winamp\UninstWA.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe WinRAR archiver-->e:\Program Files\WinRAR\uninstall.exe xp-AntiSpy 3.96-6-->e:\Program Files\xp-AntiSpy\Uninstall.exe =====HijackThis Backups===== O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ [2009-03-10] O1 - Hosts: 5.179.195.25 pes2009web.winning-eleven.net [2009-03-10] O1 - Hosts: 5.179.195.25 pes09pcgate-e.winning-eleven.net [2009-03-10] O1 - Hosts: stun.xten.com pes7stun-e.winning-eleven.net [2009-03-10] O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe [2009-05-11] O4 - HKCU\..\Run: [MsServer] msfun80.exe [2009-05-11] O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe [2009-05-11] O4 - HKCU\..\Run: [MsServer] msfun80.exe [2009-05-11] O4 - Startup: rncsys32.exe [2009-06-22] O4 - HKLM\..\Run: [winsvc32] winsvc32.exe [2009-06-22] O4 - Global Startup: icwsetup.exe [2009-06-22] O4 - Startup: ikowin32.exe [2009-08-16] O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe [2009-08-16] O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe [2009-10-19] O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) [2009-10-19] O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) [2009-11-04] ======System event log====== Computer Name: KOMPUTER Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia. Record Number: 27995 Source Name: Service Control Manager Time Written: 20091102112359.000000+060 Event Type: informacje User: Computer Name: KOMPUTER Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 27994 Source Name: Service Control Manager Time Written: 20091102112359.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KOMPUTER Event Code: 7036 Message: Usługa Pml Driver HPZ12 weszła w stan zatrzymania. Record Number: 27993 Source Name: Service Control Manager Time Written: 20091102112201.000000+060 Event Type: informacje User: Computer Name: KOMPUTER Event Code: 7036 Message: Usługa Pml Driver HPZ12 weszła w stan uruchomienia. Record Number: 27992 Source Name: Service Control Manager Time Written: 20091102112200.000000+060 Event Type: informacje User: Computer Name: KOMPUTER Event Code: 7035 Message: Do usługi Pml Driver HPZ12 został pomyślnie wysłany kod sterowania uruchom. Record Number: 27991 Source Name: Service Control Manager Time Written: 20091102112200.000000+060 Event Type: informacje User: KOMPUTER\iwan ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "RGSCLauncher"=E:\Gry\Rockstar Games\Rockstar Games Social Club "RGSC"=E:\Gry\Rockstar Games\Rockstar Games Social Club\1_0_0_0 "SAFEBOOT_OPTION"=MINIMAL -----------------EOF----------------- [/log] log [log] Logfile of random's system information tool 1.06 (written by random/random) Run by iwan at 2009-11-21 11:05:26 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 3 GB (17%) free of 16 GB Total RAM: 2047 MB (86% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05, on 2009-11-21 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE H:\Nowy folder\RSIT.exe E:\Program Files\Trend Micro\HijackThis\iwan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nasza-klasa.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SnagIt Toolbar Loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - (no file) O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SkinClock] E:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Disabled O4 - Startup: Skrót do AdMunch.lnk = E:\Program Files\Ad Muncher\AdMunch.exe O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://maps.google.pl O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) O23 - Service: FsUsbExService (fsusbexservice) - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8263 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00c6482d-c502-44c8-8409-fce54ad9c208}] SnagIt Toolbar Loader - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - e:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096] {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=E:\Program Files\Winamp\winampa.exe [2008-01-15 37376] "NPSStartup"= [] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-05-16 79224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "SkinClock"=E:\Program Files\Clock Tray Skins\ClockTraySkins.exe [2008-01-22 417792] "RocketDock"=E:\Program Files\RocketDock\RocketDock.exe [2009-10-21 495616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] E:\Program Files\Winamp\winampa.exe [2008-01-15 37376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^HP Digital Imaging Monitor.lnk] E:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^Microsoft Office.lnk] E:\PROGRA~1\MICROS~1\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^iwan^Menu Start^Programy^Autostart^RocketDock.lnk] E:\PROGRA~1\ROCKET~1\ROCKET~1.EXE [2009-10-21 495616] C:\Documents and Settings\iwan\Menu Start\Programy\Autostart Disabled Skrót do AdMunch.lnk - E:\Program Files\Ad Muncher\AdMunch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\WapSter\WapSter AQQ\AQQ.exe"="E:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ" "E:\Program Files\FlashGet\flashget.exe"="E:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget" "E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "E:\Gry\Pro Evolution Soccer 2008\PES2008.exe"="E:\Gry\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "E:\Program Files\SopCast\adv\SopAdver.exe"="E:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "E:\Program Files\SopCast\SopCast.exe"="E:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\Gry\Codemasters\GRID\GRID.exe"="E:\Gry\Codemasters\GRID\GRID.exe:*:Enabled:GRID" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "E:\Gry\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="E:\Gry\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009" "E:\Gry\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="E:\Gry\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" "E:\Gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club" "E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box" "E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box" "E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box" "E:\Gry\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe"="E:\Gry\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:*:Disabled:The Sims™ 3" "E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher" "F:\Instalki\utorrent.exe"="F:\Instalki\utorrent.exe:*:Enabled:µTorrent" "e:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="e:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009" "E:\Gry\Activision\Prototype\prototypef.exe"="E:\Gry\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)" "E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację" "E:\Program Files\Valve\hltv.exe"="E:\Program Files\Valve\hltv.exe:*:Disabled:HLTV Launcher" "E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " "E:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="E:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server" "E:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="E:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server" "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services" "E:\Program Files\DC++\DCPlusPlus.exe"="E:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++" "E:\Gry\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="E:\Gry\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010" "E:\Gry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Gry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV" "H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe"="H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "E:\Gry\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="E:\Gry\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Disabled:Borderlands" "E:\Gry\Sports Interactive\Football Manager 2010\fm.exe"="E:\Gry\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "E:\Temp\PROGRAMY PORTABLE\PDF2Office v4.0\Launch PDF2Office.exe"="E:\Temp\PROGRAMY PORTABLE\PDF2Office v4.0\Launch PDF2Office.exe:*:Enabled:PDF2Office " "C:\Documents and Settings\iwan\Dane aplikacji\Thinstall\PDF2Office v4.0\4000001300002i\PDF2OfficeDesktopServer.exe"="C:\Documents and Settings\iwan\Dane aplikacji\Thinstall\PDF2Office v4.0\4000001300002i\PDF2OfficeDesktopServer.exe:*:Enabled:PDF2OfficeDesktopServer" "H:\PortableApps\LBreakout2Portable\App\lbreakout2\lbreakout2.exe"="H:\PortableApps\LBreakout2Portable\App\lbreakout2\lbreakout2.exe:*:Enabled:LBreakout2" "E:\Gry\Steam\Steam.exe"="E:\Gry\Steam\Steam.exe:*:Enabled:Steam" "E:\Gry\Steam\steamapps\iwan59\counter-strike\hl.exe"="E:\Gry\Steam\steamapps\iwan59\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "E:\Gry\Steam\steamapps\iwan59\ricochet\hl.exe"="E:\Gry\Steam\steamapps\iwan59\ricochet\hl.exe:*:Enabled:Half-Life Launcher" "E:\Gry\Steam\steamapps\iwan59\deathmatch classic\hl.exe"="E:\Gry\Steam\steamapps\iwan59\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faee026-b2a5-11dd-ab98-0019dbf38d8a}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b06d5174-6667-11de-9f1e-0019dbf38d8a}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0df668b-b8c7-11de-a0d0-0019dbf38d8a}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f641d40f-d35b-11de-b7f1-0019dbf38d8a}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======File associations====== .ini - open - "E:\Program Files\GetDiz\GetDiz.exe" "%1" ======List of files/folders created in the last 3 months====== 2009-11-21 11:05:26 ----DC---- C:\rsit 2009-11-21 10:04:13 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-17 10:33:53 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2009-11-17 10:33:53 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2009-11-17 10:33:53 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2009-11-17 10:33:53 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2009-11-17 10:31:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-11-16 21:03:50 ----A---- C:\WINDOWS\crrqdtn48.ini 2009-11-16 15:13:43 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Corel 2009-11-12 18:31:46 ----A---- C:\WINDOWS\system32\XAudio2_5.dll 2009-11-12 18:31:45 ----A---- C:\WINDOWS\system32\xactengine3_5.dll 2009-11-12 18:31:45 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll 2009-11-12 18:31:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll 2009-11-12 18:31:43 ----A---- C:\WINDOWS\system32\d3dx11_42.dll 2009-11-12 18:31:43 ----A---- C:\WINDOWS\system32\d3dx10_42.dll 2009-11-12 18:31:42 ----A---- C:\WINDOWS\system32\D3DX9_42.dll 2009-11-09 22:10:53 ----A---- C:\WINDOWS\system32\aswBoot.exe 2009-11-09 22:10:52 ----D---- C:\Program Files\Alwil Software 2009-11-04 18:34:09 ----A---- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini 2009-10-27 13:47:53 ----D---- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP 2009-10-25 22:35:08 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++ 2009-10-25 22:07:33 ----D---- C:\WINDOWS\bin 2009-10-25 22:00:25 ----D---- C:\WINDOWS\icon set part 2 2009-10-19 19:19:58 ----A---- C:\deletedr.exe 2009-10-19 19:02:30 ----A---- C:\Flash_Disinfector.exe 2009-10-19 18:58:18 ----D---- C:\Nowy folder 2009-10-19 10:52:44 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Thinstall 2009-10-14 18:54:22 ----D---- C:\Program Files\Microsoft Visual Studio 2009-10-14 18:54:21 ----D---- C:\Program Files\Common Files\Designer 2009-10-14 18:54:11 ----D---- C:\WINDOWS\ShellNew 2009-10-14 18:53:46 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Microsoft Web Folders 2009-10-12 15:57:02 ----D---- C:\WINDOWS\system32\URTTEMP 2009-10-11 19:32:17 ----A---- C:\WINDOWS\ODBC.INI 2009-10-11 18:40:19 ----A---- C:\WINDOWS\system32\mdimon.dll 2009-10-11 18:40:07 ----A---- C:\WINDOWS\system32\msonpmon.dll 2009-10-11 18:35:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2009-10-08 09:34:08 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-10-07 17:21:51 ----A---- C:\WINDOWS\system32\settings.dll 2009-10-07 17:21:51 ----A---- C:\WINDOWS\system32\explorxp.exe 2009-10-07 17:21:10 ----RASHT---- C:\explore.exe 2009-10-07 17:21:10 ----D---- C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D} 2009-10-06 22:38:39 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\DC++ 2009-10-06 16:49:42 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Disney Interactive Studios 2009-10-06 13:36:10 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Dev-Cpp 2009-10-06 13:35:53 ----D---- C:\Dev-Cpp 2009-09-27 17:20:06 ----A---- C:\WINDOWS\system32\nvcpluir.dll 2009-09-27 17:20:04 ----A---- C:\WINDOWS\system32\nvcplui.exe 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrszht.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrstr.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsth.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssv.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssl.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssk.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsru.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrspt.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrspl.dll 2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsno.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvwddi.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsko.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsja.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsit.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrshu.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrshe.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrses.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrseng.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsel.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsde.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsda.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrscs.dll 2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsar.dll 2009-09-27 17:19:52 ----A---- C:\WINDOWS\system32\nvwssr.dll 2009-09-27 17:19:52 ----A---- C:\WINDOWS\system32\nvwss.dll 2009-09-27 17:19:50 ----A---- C:\WINDOWS\system32\nvvitvsr.dll 2009-09-27 17:19:50 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmoblsr.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmobls.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmccssr.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmccss.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvgamesr.dll 2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvgames.dll 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvmctray.dll 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvdispsr.dll 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvdisps.dll 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvcpl.dll 2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvcolor.exe 2009-09-27 17:19:40 ----A---- C:\WINDOWS\system32\nvmccs.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuda.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcodins.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcod.dll 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvapi.dll 2009-09-26 09:35:55 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Samsung 2009-09-25 07:21:43 ----A---- C:\WINDOWS\system32\DIFxAPI.dll 2009-09-25 07:21:32 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-09-25 07:21:28 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe 2009-09-25 07:21:28 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll 2009-09-25 07:21:10 ----D---- C:\Program Files\MarkAny 2009-09-21 17:21:19 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Image Zone Express 2009-09-20 10:41:15 ----D---- C:\Program Files\Common Files\Skype 2009-09-15 15:39:27 ----D---- C:\Program Files\Orban 2009-09-10 10:32:16 ----D---- C:\Program Files\Common Files\HP 2009-09-10 08:45:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters 2009-08-24 13:04:16 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Wolfram Research ======List of files/folders modified in the last 3 months====== 2009-11-21 10:33:45 ----D---- C:\WINDOWS\system32 2009-11-21 10:12:25 ----D---- C:\WINDOWS\Prefetch 2009-11-21 10:09:08 ----D---- C:\WINDOWS\temp 2009-11-21 10:04:13 ----D---- C:\WINDOWS 2009-11-21 03:41:15 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-21 03:41:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-21 03:41:07 ----A---- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini 2009-11-21 03:24:04 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\uTorrent 2009-11-18 17:34:46 ----SHD---- C:\WINDOWS\Installer 2009-11-18 17:34:45 ----HD---- C:\Config.Msi 2009-11-18 15:24:09 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla 2009-11-17 11:20:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier 2009-11-17 10:33:53 ----RD---- C:\Program Files 2009-11-16 21:09:21 ----SD---- C:\Documents and Settings\iwan\Dane aplikacji\Microsoft 2009-11-16 19:35:55 ----SHD---- C:\RECYCLER 2009-11-16 19:35:07 ----D---- C:\Documents and Settings 2009-11-16 13:01:58 ----D---- C:\WINDOWS\Registration 2009-11-13 10:16:46 ----A---- C:\WINDOWS\NeroDigital.ini 2009-11-12 18:31:50 ----D---- C:\WINDOWS\system32\DirectX 2009-11-12 18:31:47 ----HD---- C:\WINDOWS\inf 2009-11-12 18:31:01 ----RSD---- C:\WINDOWS\assembly 2009-11-12 14:20:24 ----HD---- C:\Program Files\InstallShield Installation Information 2009-11-10 13:20:28 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\OpenOffice.org2 2009-11-09 22:11:03 ----D---- C:\WINDOWS\system32\drivers 2009-11-04 18:39:21 ----D---- C:\WINDOWS\pss 2009-11-04 18:37:01 ----D---- C:\WINDOWS\Minidump 2009-10-27 13:52:20 ----SH---- C:\boot.ini 2009-10-27 13:52:00 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-27 13:51:42 ----D---- C:\WINDOWS\WinSxS 2009-10-27 13:48:00 ----D---- C:\Program Files\DIFX 2009-10-27 13:47:58 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-10-27 13:47:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-10-26 18:23:39 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-25 21:06:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-21 19:37:54 ----SHD---- C:\WINDOWS\CSC 2009-10-21 12:25:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI 2009-10-19 20:03:55 ----D---- C:\WINDOWS\Help 2009-10-19 20:03:10 ----D---- C:\Program Files\AGEIA Technologies 2009-10-19 20:02:42 ----D---- C:\Program Files\NVIDIA Corporation 2009-10-19 19:30:28 ----D---- C:\otl 2009-10-19 19:08:59 ----D---- C:\WINDOWS\system 2009-10-19 18:45:22 ----D---- C:\Icons 2009-10-19 00:20:28 ----D---- C:\WINDOWS\system32\Restore 2009-10-15 16:36:30 ----A---- C:\WINDOWS\wincmd.ini 2009-10-14 18:54:54 ----AC---- C:\WINDOWS\vbaddin.ini 2009-10-14 18:54:42 ----D---- C:\Program Files\Common Files 2009-10-14 18:54:39 ----A---- C:\WINDOWS\win.ini 2009-10-14 18:54:25 ----RSD---- C:\WINDOWS\Fonts 2009-10-14 18:54:20 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-10-14 18:54:16 ----D---- C:\Program Files\Common Files\System 2009-10-14 18:53:39 ----D---- C:\WINDOWS\msapps 2009-10-14 18:53:39 ----D---- C:\Program Files\microsoft frontpage 2009-10-14 18:52:32 ----D---- C:\tmp 2009-10-14 18:50:29 ----D---- C:\Program Files\Microsoft.NET 2009-10-12 16:53:42 ----SHD---- C:\System Volume Information 2009-10-11 19:31:43 ----D---- C:\Program Files\Microsoft ActiveSync 2009-10-11 19:20:12 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-10-11 19:19:36 ----D---- C:\Program Files\MSBuild 2009-10-11 18:39:57 ----D---- C:\WINDOWS\system32\config 2009-09-30 13:47:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Installations 2009-09-30 13:47:36 ----D---- C:\Program Files\Nokia 2009-09-30 13:46:55 ----D---- C:\Program Files\Common Files\Nokia 2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-09-26 11:42:58 ----D---- C:\Program Files\SAMSUNG 2009-09-25 07:21:07 ----D---- C:\Program Files\PC Connectivity Solution 2009-09-22 20:35:34 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Skype 2009-09-21 21:23:15 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\skypePM 2009-09-20 10:41:15 ----RD---- C:\Program Files\Skype 2009-09-20 10:41:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2009-09-10 10:30:57 ----D---- C:\WINDOWS\twain_32 2009-09-10 10:17:30 ----D---- C:\Program Files\Hewlett-Packard 2009-09-04 17:44:40 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 8576] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-11-10 12160] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 7b197d;7b197d; C:\WINDOWS\System32\drivers\7b197d.sys [] S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944] S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416] S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912] S1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] S1 ISODrive;ISO CD-ROM Device Driver; \??\e:\Program Files\UltraISO\drivers\ISODrive.sys [] S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560] S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416] S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152] S3 bmtyvfpx;bmtyvfpx; \??\C:\WINDOWS\system32\01D3.tmp [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dqkqnry;dqkqnry; \??\C:\WINDOWS\system32\01.tmp [] S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] S3 ggggzy;ggggzy; \??\C:\WINDOWS\system32\01.tmp [] S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-08 25280] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384] S3 msicpl;MSICPL; \??\H:\install4\MSICPL.sys [] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 ntaccess;NTACCESS; \??\H:\NTACCESS.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872] S3 onnic;onnic; \??\C:\WINDOWS\system32\01.tmp [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 pgldqpoc;pgldqpoc; \??\C:\DOCUME~1\iwan\USTAWI~1\Temp\pgldqpoc.sys [] S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tvichw32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usb_rndisx;Karta USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S3 xdtzey;xdtzey; \??\C:\WINDOWS\system32\01.tmp [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984] S3 ZSMC301b;Vimicro USB PC Camera (VC0305); C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-08-17 91263] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760] S2 createprocess;CreateProcess Service; C:\WINDOWS\system\svchost.exe [] S2 fsusbexservice;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] S2 jlqjge;Support Installer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728] S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- [/log]
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 Rootkit pogania Rootkita! Użyj [url=http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303][b][color=blue][u]ComboFixa[/url][/b][/color][/u] i wklej z niego log. Zmień nazwę na: [b]123.com[/b] . 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 Po 50. etapie ComboFix zaczął usuwać zainfekowane pliki. Komputer uruchomił się ponownie. Ani w trybie awaryjnym, ani w normalnym system się nie uruchamia, więc ComboFix nie generuje loga. Pokazuje się bluescreen: [URL=http://img688.imageshack.us/img688/584/091121113450.jpg][IMG]http://img688.imageshack.us/img688/584/091121113450.th.jpg[/IMG][/URL]
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 (edytowane) BSOD powoduje Rootkit w MBR. Nie wiem co zalecić w tej sytuacji. Najlepszym wyjściem było by sformatowanie dysku i postawienie systemu na nowo, lecz to by na 99% nie usuneło Rootkita. Jeżeli możesz wejść w Tryb Awaryjny to pokaż ponownie log z OTL. 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 Tryb awaryjny nie działa. Pokazuje się bluescreen ten sam co w moim ostatnim poście. Jeżeli sformatowanie dysku i postawienie systemu na nowo nie pomoże to w jaki sposób pozbyć się tego rootkita?
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 Po zainstalowaniu nowego systemu pokaż log z ComboFixa. 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 (edytowane) A może istnieje jakieś LiveCD, które wyczyści obszar MBR z tego rootkita? Mam trochę plików na C, da radę je jakoś uratować? tzn. przeniesc na inna partycję? EDIT: Mam liveCD systemu Ubuntu i pendrive. Może istniej jakaś możliwość uratowania windowsa przez narzędzia pod ubuntu?Nowy system postawiony. Ze sterowników zainstalowałem narazie tylko kartę sieciową. Oto log z ComboFixa. [log] ComboFix 09-11-20.02 - iwan 2009-11-21 15:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1741 [GMT 4,5:30] Uruchomiony z: C:\123.com.com . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . c:\windows\system32\drivers\pciide.sys . ((((((((((((((((((((((((( Pliki utworzone od 2009-10-21 do 2009-11-21 ))))))))))))))))))))))))))))))) . 2009-11-21 15:07 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2009-11-21 15:06 . 2008-04-14 19:35 58880 ----a-w- c:\windows\system32\drivers\redbook.sys 2009-11-21 15:06 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-11-21 15:04 . 2009-07-16 19:33 6144 -c--a-w- c:\windows\system32\dllcache\kbdtuq.dll 2009-11-21 15:03 . 2009-11-21 14:24 -------- d--h--w- c:\documents and settings\Default User 2009-11-21 15:03 . 2009-11-21 14:20 -------- d-----w- C:\Documents and Settings 2009-11-21 15:03 . 2009-11-21 14:16 -------- d-----w- c:\documents and settings\All Users . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-21 14:45 . 2009-11-21 14:45 -------- d-----w- c:\program files\Realtek 2009-11-21 14:45 . 2009-11-21 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-21 14:28 . 2009-07-16 19:33 49492 ----a-w- c:\windows\system32\perfc015.dat 2009-11-21 14:28 . 2009-07-16 19:33 355486 ----a-w- c:\windows\system32\perfh015.dat 2009-11-21 14:21 . 2009-11-21 14:21 12328 ----a-w- c:\documents and settings\iwan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-11-21 14:17 . 2009-11-21 14:17 -------- d-----w- c:\program files\microsoft frontpage 2009-11-21 14:16 . 2009-11-21 14:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-21 14:16 . 2009-11-21 14:16 -------- d-----w- c:\program files\Usługi online 2009-11-21 14:14 . 2009-11-21 14:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-21 14:13 . 2009-11-21 14:13 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-21 06:42 . 2009-11-21 14:24 3570958 ----a-r- C:\123.com.com 2009-10-30 15:19 . 2009-11-21 14:45 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys . ------- Sigcheck ------- [-] 2009-07-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-21_14.27.24 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-21 14:45 . 2009-05-26 15:00 73728 c:\windows\system32\RTNUninst32.dll + 2009-11-21 14:45 . 2009-07-08 07:35 73728 c:\windows\system32\RtNicProp32.dll + 2009-07-16 19:33 . 2009-11-21 14:28 39992 c:\windows\system32\perfc009.dat - 2009-07-16 19:33 . 2009-11-21 14:21 39992 c:\windows\system32\perfc009.dat + 2009-07-16 19:33 . 2009-11-21 14:28 311604 c:\windows\system32\perfh009.dat - 2009-07-16 19:33 . 2009-11-21 14:21 311604 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-16 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-07-17 69248] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-07-17 212520] R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-07-17 125952] . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-21 15:50 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(388) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Czas ukończenia: 2009-11-21 15:50 ComboFix-quarantined-files.txt 2009-11-21 11:20 Przed: 13 156 581 376 bajtów wolnych Po: 13 130 526 720 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - DFF3781F924DF70ADB342FC4C01C7623 [/log]
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 Log jest czysty. Użyj MBR.exe i wklej z niego log: http://www.forumpc.pl/index.php?showtopic=99152&st=0&p=693757&fromsearch=1&#entry693757 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 (edytowane) MBR [log] Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK [/log] Jednak problemów ciąg dalszy. Uruchomiłem ponownie komputer i znów wywalany jest BSOD ten sam co wcześniej. Ani tryb normalny, ani tryb awaryjny, ani tryb awaryjny z wierszem poleceń nie działają. Co teraz?
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 Log z MBR jest OK. A czy sformatowałeś partycję C? 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 No tak. Sformatowałem tylko systemową C. Odpaliłem ComboFixa, podałem loga, później to samo z MBR. I teraz nie da się uruchomić systemu, bo pokazuje się bsod.
Gość komentarz 21 listopada 2009 komentarz 21 listopada 2009 Sformatuj ponownie C i już nie wykonuj nic. 1
iwan59 komentarz 21 listopada 2009 Autor komentarz 21 listopada 2009 Postawiłem nowy system. Póki co działa. Co teraz robić? Coś instalować? Skanować?
Gość komentarz 22 listopada 2009 komentarz 22 listopada 2009 Nic nie skanuj. Zainstaluj sterowniki i potrzebne dla Ciebie programy. To na tyle. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.