x-kom hosting

Nie loguje się w normalnym trybie.

iwan59
utworzono
utworzono (edytowane)

Witam.
Problem wygląda następująco. Avast zakomunikował o rootkicie w pliku explorer.exe i od tego czasu system można uruchomić tylko w trybie awaryjnym. Ostatnio też wywalało błąd svchost. Przywracanie systemu nie pomoga. Logi będę dodawał kiedy się stworzą.

[b]OTL.Txt[/b]
[log]
OTL logfile created on: 2009-11-21 10:40:32 - Run 3
OTL by OldTimer - Version 3.1.6.1 Folder = H:\Nowy folder
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.27% Memory free
3.85 Gb Paging File | 3.77 Gb Available in Paging File | 98.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.63 Gb Total Space | 2.68 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
Drive D: | 59.50 Gb Total Space | 18.84 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive E: | 195.31 Gb Total Space | 22.88 Gb Free Space | 11.71% Space Free | Partition Type: NTFS
Drive F: | 195.32 Gb Total Space | 0.65 Gb Free Space | 0.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1.86 Gb Total Space | 1.27 Gb Free Space | 68.63% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: KOMPUTER
Current User Name: iwan
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-21 10:26:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- H:\Nowy folder\OTL.exe
PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-21 10:26:16 | 00,528,896 | ---- | M] (OldTimer Tools) -- H:\Nowy folder\OTL.exe
MOD - [2008-04-14 21:50:32 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 21:29:10 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found -- -- (createprocess)
SRV - [2009-09-27 17:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009-04-07 08:39:44 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe -- (fsusbexservice)
SRV - [2009-03-09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-01-27 22:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-11-11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-05-16 01:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008-05-16 01:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008-05-16 01:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008-05-16 01:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008-04-14 21:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008-04-14 21:50:36 | 00,168,096 | RHS- | M] () -- C:\WINDOWS\system32\lgkva.dll -- (jlqjge)
SRV - [2008-04-14 21:50:36 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\mswmdmsrv.dll -- (WmdmPmSN)
SRV - [2007-11-06 21:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007-01-04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006-10-26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006-03-03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-09-27 15:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-23 23:25:41 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (tvichw32)
DRV - [2009-08-24 10:58:51 | 00,626,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009-04-07 08:39:44 | 00,036,608 | ---- | M] () -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-19 13:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-03-19 13:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-03-08 21:48:07 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (pxhelp20)
DRV - [2008-05-16 01:20:32 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008-05-16 01:18:33 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008-05-16 01:16:06 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008-05-16 01:15:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008-05-16 01:14:11 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008-05-16 01:13:26 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 23:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008-04-13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 23:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008-04-13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 21:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-22 14:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008-02-22 14:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008-02-22 14:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007-11-06 21:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007-11-03 10:21:02 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- e:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007-06-22 11:14:00 | 04,432,384 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-04-14 09:28:00 | 00,094,592 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-02-26 18:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006-11-06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006-04-12 11:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006-04-12 11:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006-04-12 11:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005-09-26 14:47:46 | 00,008,576 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal)
DRV - [2004-08-17 10:44:22 | 00,091,263 | ---- | M] (VM) -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nasza-klasa.pl/
IE - HKU\S-1-5-21-796845957-1592454029-725345543-1003\S-1-5-21-796845957-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008-11-27 21:33:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: E:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-01-25 17:25:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-20 20:25:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla thunderbird 2.0.0.23\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009-08-24 13:13:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla thunderbird 2.0.0.23\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2009-10-14 18:49:56 | 00,000,000 | ---D | M]

[2009-11-04 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla\Extensions
[2009-11-04 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00c6482d-c502-44c8-8409-fce54ad9c208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\shellbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\shellbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [RocketDock] E:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-796845957-1592454029-725345543-1003..\Run: [SkinClock] E:\Program Files\Clock Tray Skins\ClockTraySkins.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RocketDock.lnk = E:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\iwan\Menu Start\Programy\Autostart\Disabled [2009-10-19 19:37:08 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\iwan\Menu Start\Programy\Autostart\Skrót do AdMunch.lnk = E:\Program Files\Ad Muncher\AdMunch.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-796845957-1592454029-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Block frame with Ad Muncher - File not found
O8 - Extra context menu item: Block image with Ad Muncher - File not found
O8 - Extra context menu item: Block link with Ad Muncher - File not found
O8 - Extra context menu item: Don't filter page with Ad Muncher - File not found
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm File not found
O8 - Extra context menu item: Report page to the Ad Muncher developers - File not found
O9 - Extra Button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..Trusted Domains: google.pl ([maps] http in Zaufane witryny)
O15 - HKU\S-1-5-21-796845957-1592454029-725345543-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.53.254 192.168.11.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-21 00:49:00 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-11-18 14:43:48 | 00,000,000 | -HSD | M] - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6faee026-b2a5-11dd-ab98-0019dbf38d8a}\Shell - "" = AutoRun
O33 - MountPoints2\{b06d5174-6667-11de-9f1e-0019dbf38d8a}\Shell - "" = AutoRun
O33 - MountPoints2\{c0df668b-b8c7-11de-a0d0-0019dbf38d8a}\Shell - "" = AutoRun
O33 - MountPoints2\{f641d40f-d35b-11de-b7f1-0019dbf38d8a}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-21 10:05:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\iwan\Recent
[2009-11-18 20:26:49 | 00,000,000 | --SD | C] -- C:\Documents and Settings\iwan\UserData
[2009-11-17 10:33:58 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\iwan\Pulpit\setup-spybotsd162.exe
[2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009-11-17 10:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009-11-17 10:31:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2009-11-16 21:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Moje dokumenty\PDF2Office v4.0
[2009-11-16 21:03:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\Thinstall
[2009-11-16 15:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Dane aplikacji\Corel
[2009-11-13 10:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Moje dokumenty\My Webs
[2009-11-12 18:31:46 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009-11-12 18:31:45 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009-11-12 18:31:45 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009-11-12 18:31:44 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009-11-12 18:31:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009-11-12 18:31:43 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009-11-12 18:31:42 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009-11-09 22:11:03 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009-11-09 22:11:03 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009-11-09 22:11:02 | 00,095,608 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009-11-09 22:11:02 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009-11-09 22:11:01 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009-11-09 22:11:01 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009-11-09 22:11:01 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009-11-09 22:11:01 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009-11-09 22:10:53 | 01,152,888 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009-11-09 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009-10-27 13:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2009-10-25 22:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++
[2009-10-25 22:07:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\bin
[2009-10-25 22:00:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\icon set part 2
[2009-03-08 21:50:41 | 01,011,784 | ---- | C] (LogMeIn Inc.) -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\HamachiSetup-1.0.3.0-en.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-21 10:36:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-21 10:33:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-21 10:12:08 | 00,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-11-21 10:05:46 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\iwan\ntuser.ini
[2009-11-21 10:05:45 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\iwan\NTUSER.DAT
[2009-11-21 03:41:07 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini
[2009-11-21 03:41:06 | 03,165,174 | -H-- | M] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-19 23:36:42 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-19 13:17:45 | 00,094,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2009-11-19 13:17:45 | 00,094,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009-11-18 18:10:23 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Counter-Strike.lnk
[2009-11-18 17:34:44 | 00,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2009-11-17 16:05:14 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\AQQ.lnk
[2009-11-17 10:34:50 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\iwan\Pulpit\setup-spybotsd162.exe
[2009-11-16 21:03:50 | 00,001,430 | ---- | M] () -- C:\WINDOWS\crrqdtn48.ini
[2009-11-16 11:33:43 | 00,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-11-15 17:49:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-13 10:16:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-12 21:19:53 | 00,000,233 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Skrót do Realtek Konfiguracja audio HD.lnk
[2009-11-11 20:30:43 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Exact Audio Copy.lnk
[2009-11-09 22:11:03 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-09 22:11:02 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-11-09 17:43:28 | 00,234,864 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\20080709018.jpg
[2009-11-09 14:14:03 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word (2).doc
[2009-11-09 14:14:00 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2009-11-04 18:34:09 | 00,000,464 | ---- | M] () -- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini
[2009-11-03 09:35:43 | 00,117,188 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\jazdy40.jar
[2009-11-02 19:13:46 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt2.xls
[2009-11-02 17:10:58 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt1.xls
[2009-11-01 20:54:24 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-11-01 20:07:12 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Football Manager 2010.lnk
[2009-10-28 23:59:59 | 00,000,502 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2009-10-27 18:45:21 | 01,199,246 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\fontanna juszki.cdr
[2009-10-27 17:46:52 | 01,199,202 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_fontanna juszki.cdr
[2009-10-27 17:20:46 | 00,113,784 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\nowe logo kolumna.cdr
[2009-10-27 17:16:30 | 00,113,950 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_nowe logo kolumna.cdr
[2009-10-27 14:09:36 | 00,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk
[2009-10-27 14:02:16 | 02,665,358 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\bez tytułu.bmp
[2009-10-27 13:52:20 | 00,000,293 | -HS- | M] () -- C:\boot.ini
[2009-10-26 21:16:23 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Parki krajobrazowe.doc
[2009-10-26 18:45:37 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Lista- 1 zad 09-10.doc
[2009-10-26 12:03:15 | 00,022,083 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\Redds-piwo-o-smaku-jablkowym-w-butelce-500ml-Full.jpg
[2009-10-25 22:35:08 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2009-10-25 21:06:47 | 01,114,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-25 21:06:47 | 00,499,510 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-25 21:06:47 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-25 21:06:47 | 00,088,816 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-25 21:06:47 | 00,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-22 18:50:54 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\iwan\Moje dokumenty\martyna.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-18 18:10:23 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Counter-Strike.lnk
[2009-11-18 17:34:44 | 00,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2009-11-16 21:03:50 | 00,001,430 | ---- | C] () -- C:\WINDOWS\crrqdtn48.ini
[2009-11-12 21:19:53 | 00,000,233 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Skrót do Realtek Konfiguracja audio HD.lnk
[2009-11-11 20:30:43 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Exact Audio Copy.lnk
[2009-11-09 22:11:03 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk
[2009-11-09 22:10:53 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009-11-09 17:43:27 | 00,234,864 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\20080709018.jpg
[2009-11-09 14:14:03 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word (2).doc
[2009-11-09 14:14:00 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\iwan\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2009-11-04 18:34:09 | 00,000,464 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini
[2009-11-03 09:35:43 | 00,117,188 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\jazdy40.jar
[2009-11-02 18:54:37 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt2.xls
[2009-11-02 17:10:58 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Zeszyt1.xls
[2009-11-01 20:07:12 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Football Manager 2010.lnk
[2009-10-28 23:59:59 | 00,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2009-10-27 17:09:48 | 00,113,950 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_nowe logo kolumna.cdr
[2009-10-27 17:04:18 | 00,113,784 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\nowe logo kolumna.cdr
[2009-10-27 14:09:36 | 00,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk
[2009-10-27 09:53:21 | 01,199,202 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Kopia_zapasowa_fontanna juszki.cdr
[2009-10-27 08:45:22 | 01,199,246 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\fontanna juszki.cdr
[2009-10-26 18:45:37 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Lista- 1 zad 09-10.doc
[2009-10-26 12:03:15 | 00,022,083 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Redds-piwo-o-smaku-jablkowym-w-butelce-500ml-Full.jpg
[2009-10-26 09:51:20 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\Parki krajobrazowe.doc
[2009-10-25 22:35:08 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2009-10-22 18:50:54 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\iwan\Moje dokumenty\martyna.doc
[2009-10-19 13:17:27 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-10-11 19:32:17 | 00,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-07 17:21:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll
[2009-09-25 07:21:28 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009-09-25 07:21:28 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009-08-11 11:20:42 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\wiaserva.log
[2009-06-13 10:28:25 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009-05-30 15:08:09 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini
[2009-04-27 10:30:41 | 00,000,193 | ---- | C] () -- C:\WINDOWS\MBMTool.INI
[2009-04-25 10:06:43 | 00,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-04-21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-03-08 21:50:41 | 01,420,256 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\libeay32.dll
[2009-03-08 21:50:41 | 00,306,052 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\libssl32.dll
[2009-03-08 21:50:41 | 00,091,648 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.exe
[2009-03-08 21:50:41 | 00,074,240 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\zlib1.dll
[2009-03-08 21:50:41 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GoalServer2009.exe
[2009-03-08 21:50:41 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GoalWebServer2009.exe
[2009-03-08 21:50:41 | 00,029,061 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.html
[2009-03-08 21:50:41 | 00,001,375 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\pes09.crt
[2009-03-08 21:50:41 | 00,001,177 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\stunnel.conf
[2009-03-08 21:50:41 | 00,000,887 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\pes09.key
[2009-03-08 21:50:41 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\crt.vbs
[2009-03-08 21:50:41 | 00,000,495 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\check.vbs
[2009-03-03 17:11:50 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-03 17:01:28 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-03-03 17:01:28 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-02-23 17:31:57 | 02,246,163 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-02-23 17:31:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-02-23 17:31:55 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-23 17:31:55 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-01-17 16:13:14 | 00,001,415 | ---- | C] () -- C:\WINDOWS\CPTI_SearchHistory.INI
[2009-01-17 16:13:11 | 01,220,608 | ---- | C] () -- C:\WINDOWS\System32\pdf2bmp.dll
[2009-01-17 16:13:10 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008-11-14 13:43:31 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\$_hpcst$.hpc
[2008-11-02 21:09:02 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008-10-29 16:34:31 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-10-29 16:34:31 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\PnkBstrK.sys
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-10-05 15:18:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-10-05 15:09:46 | 00,124,416 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-03 19:00:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-03 18:47:14 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2008-10-03 18:44:56 | 00,001,028 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-10-03 18:21:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2008-10-03 18:21:50 | 00,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2008-10-03 18:03:37 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-10-03 17:56:04 | 00,010,464 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2008-10-03 17:55:41 | 00,070,368 | ---- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-10-03 17:38:17 | 03,165,174 | -H-- | C] () -- C:\Documents and Settings\iwan\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-10-03 17:34:08 | 00,094,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2008-10-03 17:19:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\iwan\Dane aplikacji\desktop.ini
[2007-11-06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007-10-25 16:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-07-05 09:37:52 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2007-03-29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006-06-29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004-08-03 23:44:02 | 00,168,096 | RHS- | C] () -- C:\WINDOWS\System32\lgkva.dll
[2004-08-03 23:44:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\mswmdmsrv.dll
[2004-08-03 22:15:10 | 00,626,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2001-07-21 22:16:20 | 00,001,048 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 22:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-07 02:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2008-10-28 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy
[2009-09-10 08:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2008-10-05 01:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DFX
[2009-11-17 11:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier
[2009-04-25 10:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeRIP
[2009-09-30 13:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2009-10-21 12:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2008-10-05 00:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm
[2009-02-23 23:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2009-04-23 11:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2008-10-03 18:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2008-12-19 07:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-07-18 11:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCapv1005
[2008-11-16 00:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2008-10-05 21:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TechSmith
[2009-05-30 14:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2008-10-03 19:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gosia\Dane aplikacji\Gadu-Gadu
[2008-10-03 19:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gosia\Dane aplikacji\PC Suite
[2009-04-25 10:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\AD ON Multimedia
[2009-05-11 22:14:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Audacity
[2008-12-10 23:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\AVSMedia
[2008-10-20 17:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\BESTplayer
[2009-11-16 15:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Corel
[2009-11-21 03:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\DC++
[2009-04-25 10:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Desktopicon
[2009-10-06 13:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Dev-Cpp
[2009-10-06 16:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Disney Interactive Studios
[2009-02-22 23:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\EmailNotifier
[2008-10-03 18:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\FlashFXP
[2008-10-04 23:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Gadu-Gadu
[2009-05-11 10:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\HTML Executable
[2009-11-11 21:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Image Zone Express
[2009-03-05 21:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\IrfanView
[2009-03-01 22:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Kana Solution
[2008-11-21 18:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Leadertech
[2008-11-02 21:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Megaupload
[2008-10-09 06:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Mp3tag
[2009-04-23 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Nokia
[2009-10-25 22:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++
[2008-10-03 18:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Opera
[2009-02-13 15:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\PC Suite
[2009-07-18 11:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\PopCapv1005eni
[2009-09-26 09:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Samsung
[2009-03-29 21:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Softi Software
[2009-06-28 00:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Sports Interactive
[2009-03-10 12:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\TechSmith
[2009-11-18 15:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Thinstall
[2008-10-03 18:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Thunderbird
[2009-05-30 14:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Ubisoft
[2009-11-21 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\uTorrent
[2009-08-24 13:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\iwan\Dane aplikacji\Wolfram Research
[2001-07-21 22:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-21 10:33:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> E:\Program Files\RocketDock\RocketDock.exe:SummaryInformation
< End of report >

[/log]

[b]DDS.txt[/b]
[log]

DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL
Run by iwan at 11:01:58.78 on 2009-11-21
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1766 [GMT 1:00]

AV: avast! antivirus 4.8.1201 [VPS 091120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
H:\Nowy folder\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://nasza-klasa.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - e:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\temp\programy portable\portable spybot search & destroy v1.4\portable spybot search & destroy v1.4\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\program files\flashget\getflash.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - e:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SkinClock] e:\program files\clock tray skins\ClockTraySkins.exe
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [NPSStartup]
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\iwan\menust~1\programy\autost~1\skrtdo~1.lnk - e:\program files\ad muncher\AdMunch.exe
StartupFolder: c:\docume~1\iwan\menust~1\programy\autost~1\disabled\admunc~1.lnk - e:\program files\ad muncher\AdMunch.exe
IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: E&ksport do programu Microsoft Excel - e:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Pobierz za pomocą Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\temp\programy portable\portable spybot search & destroy v1.4\portable spybot search & destroy v1.4\spybot - search & destroy\spybot - search & destroy\SDHelper.dll
Trusted Zone: google.pl\maps
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880d85-aad9-4558-abdc-2ab1552d831f} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2005-9-26 8576]
S1 7b197d;7b197d;c:\windows\system32\drivers\7b197d.sys --> c:\windows\system32\drivers\7b197d.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-9 78416]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-9 20560]
S2 createprocess;CreateProcess Service;c:\windows\system\svchost.exe --> c:\windows\system\svchost.exe [?]
S2 fsusbexservice;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-9-25 233472]
S2 jlqjge;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 bmtyvfpx;bmtyvfpx;\??\c:\windows\system32\01d3.tmp --> c:\windows\system32\01D3.tmp [?]
S3 dqkqnry;dqkqnry;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-9-25 36608]
S3 ggggzy;ggggzy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-9-30 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-9-30 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 onnic;onnic;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xdtzey;xdtzey;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

=============== Created Last 30 ================

2009-11-18 19:26:49 0 d-s---w- c:\documents and settings\iwan\UserData
2009-11-17 09:33:53 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-11-17 09:33:53 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-11-17 09:33:53 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-11-17 09:33:53 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-17 09:31:48 0 d-----w- c:\docume~1\alluse~1\daneap~1\Spybot - Search & Destroy
2009-11-16 20:03:50 1430 ----a-w- c:\windows\crrqdtn48.ini
2009-11-12 17:31:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 17:31:45 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 17:31:45 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 17:31:44 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 17:31:43 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 17:31:43 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 17:31:42 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-27 12:47:53 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-10-25 21:07:33 0 d-----w- c:\windows\bin
2009-10-25 21:00:25 0 d-----w- c:\windows\icon set part 2

==================== Find3M ====================

2009-11-19 12:17:45 94112 -c--a-w- c:\windows\system32\drivers\agp440.sys
2009-10-25 20:06:47 88816 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 20:06:47 499510 ----a-w- c:\windows\system32\perfh015.dat
2009-10-19 18:48:55 44750 ----a-w- C:\rejestr cz2 19 oct.reg
2009-10-19 18:48:17 458888 ----a-w- C:\rejestr 19 oct.reg
2009-10-19 18:19:58 152064 ----a-w- C:\deletedr.exe
2009-10-19 18:02:31 132597 ----a-w- C:\Flash_Disinfector.exe
2009-10-07 16:21:51 137729 ----a-w- c:\windows\system32\explorxp.exe
2009-09-27 16:19:52 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 14:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-23 22:25:41 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-09-10 09:33:41 120529 ----a-w- c:\windows\hpoins11.dat
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2008-04-14 20:50:36 168096 --sha-r- c:\windows\system32\lgkva.dll
2007-11-05 21:37:26 129368 --shatr- c:\windows\system32\panel sterowania.{21ec2020-3aea-1069-a2dd-08002b30309d}\winlogon.dll

============= FINISH: 11:02:11.54 ===============

[/log]

[b]Attach.txt[/b]
[log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-10-03 18:17:45
System Uptime: 2009-11-21 10:36:22 (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Procesor Intel Pentium III Xeon | CPU 1 | 2671/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 16 GiB total, 2.68 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 18.836 GiB free.
E: is FIXED (NTFS) - 195 GiB total, 22.876 GiB free.
F: is FIXED (NTFS) - 195 GiB total, 0.654 GiB free.
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia 6630
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd

==== System Restore Points ===================

RP34: 2009-11-19 13:31:27 - Punkt kontrolny systemu
RP35: 2009-11-20 14:21:33 - Punkt kontrolny systemu

==== Installed Programs ======================

7-Zip 4.65
Ad Muncher
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8 - Polish
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
ALLPlayer V3.X
µTorrent
Audacity 1.3.6 (Unicode)
Audiosurf
avast! Antivirus
Borderlands
BufferChm
Burnout(TM) Paradise The Ultimate Box
Call of Duty Modern Warfare 2
CCleaner
Cleanse Uninstaller Pro 2008
Clock Tray Skins 4
CoreAVC Professional Edition (remove only)
Counter-Strike
Counter-Strike 1.6
CustomerResearchQFolder
CWK (Czasowy Wyłącznik Komputera)
DC++ 0.750
Deathmatch Classic
Destinations
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceManagementQFolder
DFX for Winamp
Driver Magician 3.4
DriverAgent by eSupport.com
eSupportQFolder
EVEREST Ultimate Edition v4.50
Exact Audio Copy 0.99pb5
F300
F300_Help
Fax_CDA
FlashGet 1.9.6.1073
Football Manager 2010
Foto-Mosaik-Edda 5.4.4
Gadu-Gadu 7.7
GetDiz 3.0
Gravity
GRID
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Icon Restore 1.0
Ideal DVD to AVI Converter V2.0.1
InstantShareDevicesMFC
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
JestemHardcorem 1.2
K-Lite Codec Pack 4.6.2 (Full)
Kolory
Last.fm 1.5.4.24567
LightScribe System Software
LightScribe Template Labeler
Malwarebytes' Anti-Malware
MarketResearch
Medieval CUE Splitter
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mirror's Edge™
Mojo Master Winamp Visualizer for Winamp (remove only)
Mozilla Thunderbird (2.0.0.23)
Mp3tag v2.41
MSVC80_x86
MSXML 6.0 Parser
NAPIPROJEKT 1.0.6.1
Need for Speed™ SHIFT
Nero OEM
NewCopy_CDA
NFO Creator
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
OpenOffice.org 2.3
Opera 10.00
Opera 10.01
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8)
Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1)
Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9)
Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
Pet Racer
Pet Soccer
Picasa 3
Podręcznik dotyczący urządzeń z systemem Windows Mobile®
Popcap Game Collection
Pro Evolution Soccer 2009
Pro Evolution Soccer 2010
ProductContextNPI
Prototype(TM)
PunkBuster Services
QuickSFV (Remove only)
Readme
Real Alternative 1.7.5
Realtek High Definition Audio Driver
Ricochet
RocketDock 1.3.5
Rockstar Games Social Club
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Scan
ScannerCopy
Skaner on-line mks_vir
Skype™ 4.1
SnagIt 9
Softi FreeOCR
SolutionCenter
SopCast 3.0.1
Spelling Dictionaries Support For Adobe Reader 8
Spolszczenie Pro Evolution Soccer 2009 RC 1.0
Spybot - Search & Destroy
Status
Steam
SubEdit-Player
sXe Injected
The Sims™ 3
Toolbox
Total Commander (Remove or Repair)
Total Video Converter 3.11
TrayApp
TV
UltraISO Premium V8.66
Usb Game Pad
USB Joystick
VC80CRTRedist - 8.0.50727.762
VibrateGameDeviceDriver
Vimicro USB PC Camera (VC0305)
VisualGPS - BeeLineGPS v1.83
WapSter AQQ
WebFldrs XP
WebReg
Winamp
Windows Media Format 11 runtime
WinPcap 4.0.2
WinRAR archiver
xp-AntiSpy 3.96-6

==== End Of File ===========================

[/log]\

[b]RSIT[/b]
info
[log]
info.txt logfile of random's system information tool 1.06 2009-11-21 11:05:28

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"
Ad Muncher-->E:\Program Files\Ad Muncher\uninst.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALLPlayer V3.X-->"e:\Program Files\ALLPlayer\unins000.exe"
Audacity 1.3.6 (Unicode)-->"e:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty Modern Warfare 2-->"E:\Gry\Activision\Modern Warfare 2\unins000.exe"
CCleaner-->"H:\Portable\CCleaner\uninst.exe"
Cleanse Uninstaller Pro 2008 -->E:\Program Files\Zards software\Cleanse Uninstaller\uninst.exe
Clock Tray Skins 4-->"e:\Program Files\Clock Tray Skins\unins000.exe"
CoreAVC Professional Edition (remove only)-->"e:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Counter-Strike-->"E:\Gry\Steam\steam.exe" steam://uninstall/10
CWK (Czasowy Wyłącznik Komputera)-->"E:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall
DC++ 0.750-->"E:\Program Files\DC++\uninstall.exe"
Deathmatch Classic-->"E:\Gry\Steam\steam.exe" steam://uninstall/40
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DFX for Winamp-->e:\Program Files\DFX\uninstall_Winamp.exe
Driver Magician 3.4-->"C:\Program Files\Driver Magician\unins000.exe"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EVEREST Ultimate Edition v4.50-->"E:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Exact Audio Copy 0.99pb5-->E:\Program Files\Exact Audio Copy\uninst.exe
FlashGet 1.9.6.1073-->e:\Program Files\FlashGet\uninst.exe
Football Manager 2010-->"E:\Gry\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
Foto-Mosaik-Edda 5.4.4-->"E:\Program Files\Foto-Mosaik-Edda\unins000.exe"
Gadu-Gadu 7.7-->e:\Program Files\Gadu-Gadu\Setup.exe
GetDiz 3.0-->E:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE E:\PROGRA~1\GetDiz\UNINST~1\install.log
Gravity-->"E:\Gry\Gravity\unins000.exe"
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"e:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
HP Customer Participation Program 7.0-->E:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->E:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icon Restore 1.0-->C:\WINDOWS\unins000.exe
Ideal DVD to AVI Converter V2.0.1-->"C:\Program Files\IdealDVD2AVI\unins000.exe"
IrfanView (remove only)-->e:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JestemHardcorem 1.2-->"E:\Gry\JestemHardcorem\unins000.exe"
K-Lite Codec Pack 4.6.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"e:\Program Files\Last.fm\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898}
LightScribe Template Labeler-->MsiExec.exe /X{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mojo Master Winamp Visualizer for Winamp (remove only)-->"e:\Program Files\Winamp\uninst-vis_MojoMaster.dll.exe"
Mozilla Thunderbird (2.0.0.23)-->E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.41-->e:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NAPIPROJEKT 1.0.6.1-->"e:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
Nero OEM-->e:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NFO Creator-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
Notepad++-->E:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.3-->MsiExec.exe /I{554F8595-ABAA-4FC7-B749-CF3260D687B6}
Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_642960B49F5985230DB9B953682A9431120601FA\amdk8.inf
Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Pet Racer-->E:\Gry\\Pet Racer\uninstall Pet Racer.exe
Pet Soccer-->E:\Program Files\Pet Soccer\uninstall Pet Soccer.exe
Picasa 3-->"e:\Program Files\Google\Picasa3\Uninstall.exe"
Podręcznik dotyczący urządzeń z systemem Windows Mobile®-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Popcap Game Collection-->"C:\Program Files\InstallShield Installation Information\{69EA986B-B172-4FAA-B54D-853BD3A2B264}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
Prototype(TM)-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickSFV (Remove only)-->e:\Program Files\QuickSFV\QSFVUNST.EXE e:\Program Files\QuickSFV\
Real Alternative 1.7.5-->"e:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
Ricochet-->"E:\Gry\Steam\steam.exe" steam://uninstall/60
RocketDock 1.3.5-->"E:\Program Files\RocketDock\unins000.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Safari-->MsiExec.exe /X{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Program Files\Samsung\Samsung Mobile phone USB driver\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Program Files\SAMSUNG\SAMSUNG Mobile USB Modem\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Program Files\SAMSUNG\SAMSUNG Mobile USB Modem\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0415 -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0415 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SnagIt 9-->MsiExec.exe /I{ADDD6985-3A28-44D0-A1BA-FDD19A820491}
Softi FreeOCR-->MsiExec.exe /I{ABBACAD2-4DAF-490E-932B-E330B33FCF98}
SopCast 3.0.1-->e:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spolszczenie Pro Evolution Soccer 2009 RC 1.0-->"E:\Gry\KONAMI\Pro Evolution Soccer 2009\img\unins000.exe"
Spybot - Search & Destroy-->"E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubEdit-Player-->"e:\Program Files\SubEdit-Player\unins000.exe"
sXe Injected-->E:\Program Files\sXe Injected\uninstall.exe
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0015 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.11-->"e:\Program Files\Total Video Converter\unins000.exe"
TV-->e:\Program Files\TV\Uninst0.exe
UltraISO Premium V8.66-->"e:\Program Files\UltraISO\unins000.exe"
Usb Game Pad-->C:\PROGRA~1\USBGAM~1\UNWISE.EXE C:\PROGRA~1\USBGAM~1\INSTALL.LOG
USB Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEED33EE-4357-4907-8F20-C1A50CC68A5A}\setup.exe" -l0x9 -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VibrateGameDeviceDriver-->MsiExec.exe /I{DBB7F606-0C13-4182-AD7F-427A4773580E}
Vimicro USB PC Camera (VC0305)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
VisualGPS - BeeLineGPS v1.83-->"C:\Program Files\Microsoft ActiveSync\VisualGPS - BeeLineGPS\unins000.exe"
WapSter AQQ-->e:\Program Files\WapSter\WapSter AQQ\uninstall.exe
Winamp-->"e:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->e:\Program Files\WinRAR\uninstall.exe
xp-AntiSpy 3.96-6-->e:\Program Files\xp-AntiSpy\Uninstall.exe

=====HijackThis Backups=====

O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ [2009-03-10]
O1 - Hosts: 5.179.195.25 pes2009web.winning-eleven.net [2009-03-10]
O1 - Hosts: 5.179.195.25 pes09pcgate-e.winning-eleven.net [2009-03-10]
O1 - Hosts: stun.xten.com pes7stun-e.winning-eleven.net [2009-03-10]
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe [2009-05-11]
O4 - HKCU\..\Run: [MsServer] msfun80.exe [2009-05-11]
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe [2009-05-11]
O4 - HKCU\..\Run: [MsServer] msfun80.exe [2009-05-11]
O4 - Startup: rncsys32.exe [2009-06-22]
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe [2009-06-22]
O4 - Global Startup: icwsetup.exe [2009-06-22]
O4 - Startup: ikowin32.exe [2009-08-16]
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe [2009-08-16]
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe [2009-10-19]
O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) [2009-10-19]
O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) [2009-11-04]

======System event log======

Computer Name: KOMPUTER
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.

Record Number: 27995
Source Name: Service Control Manager
Time Written: 20091102112359.000000+060
Event Type: informacje
User:

Computer Name: KOMPUTER
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 27994
Source Name: Service Control Manager
Time Written: 20091102112359.000000+060
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KOMPUTER
Event Code: 7036
Message: Usługa Pml Driver HPZ12 weszła w stan zatrzymania.

Record Number: 27993
Source Name: Service Control Manager
Time Written: 20091102112201.000000+060
Event Type: informacje
User:

Computer Name: KOMPUTER
Event Code: 7036
Message: Usługa Pml Driver HPZ12 weszła w stan uruchomienia.

Record Number: 27992
Source Name: Service Control Manager
Time Written: 20091102112200.000000+060
Event Type: informacje
User:

Computer Name: KOMPUTER
Event Code: 7035
Message: Do usługi Pml Driver HPZ12 został pomyślnie wysłany kod sterowania uruchom.

Record Number: 27991
Source Name: Service Control Manager
Time Written: 20091102112200.000000+060
Event Type: informacje
User: KOMPUTER\iwan

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=E:\Gry\Rockstar Games\Rockstar Games Social Club
"RGSC"=E:\Gry\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

[/log]

log
[log]
Logfile of random's system information tool 1.06 (written by random/random)
Run by iwan at 2009-11-21 11:05:26
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 3 GB (17%) free of 16 GB
Total RAM: 2047 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05, on 2009-11-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\Nowy folder\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\iwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nasza-klasa.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SnagIt Toolbar Loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SkinClock] E:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Disabled
O4 - Startup: Skrót do AdMunch.lnk = E:\Program Files\Ad Muncher\AdMunch.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://maps.google.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CreateProcess Service (createprocess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: FsUsbExService (fsusbexservice) - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8263 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00c6482d-c502-44c8-8409-fce54ad9c208}]
SnagIt Toolbar Loader - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\Temp\PROGRAMY PORTABLE\Portable Spybot Search & Destroy v1.4\Portable Spybot Search & Destroy v1.4\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - e:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096]
{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"NPSStartup"= []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-05-16 79224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SkinClock"=E:\Program Files\Clock Tray Skins\ClockTraySkins.exe [2008-01-22 417792]
"RocketDock"=E:\Program Files\RocketDock\RocketDock.exe [2009-10-21 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Program Files\Winamp\winampa.exe [2008-01-15 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^HP Digital Imaging Monitor.lnk]
E:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^Microsoft Office.lnk]
E:\PROGRA~1\MICROS~1\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^iwan^Menu Start^Programy^Autostart^RocketDock.lnk]
E:\PROGRA~1\ROCKET~1\ROCKET~1.EXE [2009-10-21 495616]

C:\Documents and Settings\iwan\Menu Start\Programy\Autostart
Disabled
Skrót do AdMunch.lnk - E:\Program Files\Ad Muncher\AdMunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\WapSter\WapSter AQQ\AQQ.exe"="E:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ"
"E:\Program Files\FlashGet\flashget.exe"="E:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Gry\Pro Evolution Soccer 2008\PES2008.exe"="E:\Gry\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"E:\Program Files\SopCast\adv\SopAdver.exe"="E:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\Program Files\SopCast\SopCast.exe"="E:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Gry\Codemasters\GRID\GRID.exe"="E:\Gry\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Gry\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="E:\Gry\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"E:\Gry\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="E:\Gry\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"E:\Gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club"
"E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="E:\Gry\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\Gry\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe"="E:\Gry\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:*:Disabled:The Sims™ 3"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Instalki\utorrent.exe"="F:\Instalki\utorrent.exe:*:Enabled:µTorrent"
"e:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="e:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"E:\Gry\Activision\Prototype\prototypef.exe"="E:\Gry\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację"
"E:\Program Files\Valve\hltv.exe"="E:\Program Files\Valve\hltv.exe:*:Disabled:HLTV Launcher"
"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"E:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="E:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"E:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="E:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"E:\Program Files\DC++\DCPlusPlus.exe"="E:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"E:\Gry\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="E:\Gry\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"E:\Gry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Gry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe"="H:\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Gry\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="E:\Gry\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Disabled:Borderlands"
"E:\Gry\Sports Interactive\Football Manager 2010\fm.exe"="E:\Gry\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\Temp\PROGRAMY PORTABLE\PDF2Office v4.0\Launch PDF2Office.exe"="E:\Temp\PROGRAMY PORTABLE\PDF2Office v4.0\Launch PDF2Office.exe:*:Enabled:PDF2Office "
"C:\Documents and Settings\iwan\Dane aplikacji\Thinstall\PDF2Office v4.0\4000001300002i\PDF2OfficeDesktopServer.exe"="C:\Documents and Settings\iwan\Dane aplikacji\Thinstall\PDF2Office v4.0\4000001300002i\PDF2OfficeDesktopServer.exe:*:Enabled:PDF2OfficeDesktopServer"
"H:\PortableApps\LBreakout2Portable\App\lbreakout2\lbreakout2.exe"="H:\PortableApps\LBreakout2Portable\App\lbreakout2\lbreakout2.exe:*:Enabled:LBreakout2"
"E:\Gry\Steam\Steam.exe"="E:\Gry\Steam\Steam.exe:*:Enabled:Steam"
"E:\Gry\Steam\steamapps\iwan59\counter-strike\hl.exe"="E:\Gry\Steam\steamapps\iwan59\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Gry\Steam\steamapps\iwan59\ricochet\hl.exe"="E:\Gry\Steam\steamapps\iwan59\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Gry\Steam\steamapps\iwan59\deathmatch classic\hl.exe"="E:\Gry\Steam\steamapps\iwan59\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6faee026-b2a5-11dd-ab98-0019dbf38d8a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b06d5174-6667-11de-9f1e-0019dbf38d8a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0df668b-b8c7-11de-a0d0-0019dbf38d8a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f641d40f-d35b-11de-b7f1-0019dbf38d8a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======File associations======

.ini - open - "E:\Program Files\GetDiz\GetDiz.exe" "%1"

======List of files/folders created in the last 3 months======

2009-11-21 11:05:26 ----DC---- C:\rsit
2009-11-21 10:04:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-17 10:33:53 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-11-17 10:33:53 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-11-17 10:33:53 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-11-17 10:33:53 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-11-17 10:31:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-11-16 21:03:50 ----A---- C:\WINDOWS\crrqdtn48.ini
2009-11-16 15:13:43 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Corel
2009-11-12 18:31:46 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-12 18:31:45 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-12 18:31:45 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-12 18:31:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-12 18:31:43 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-12 18:31:43 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-12 18:31:42 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-11-09 22:10:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-09 22:10:52 ----D---- C:\Program Files\Alwil Software
2009-11-04 18:34:09 ----A---- C:\Documents and Settings\iwan\Dane aplikacji\AutoGK.ini
2009-10-27 13:47:53 ----D---- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-10-25 22:35:08 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Notepad++
2009-10-25 22:07:33 ----D---- C:\WINDOWS\bin
2009-10-25 22:00:25 ----D---- C:\WINDOWS\icon set part 2
2009-10-19 19:19:58 ----A---- C:\deletedr.exe
2009-10-19 19:02:30 ----A---- C:\Flash_Disinfector.exe
2009-10-19 18:58:18 ----D---- C:\Nowy folder
2009-10-19 10:52:44 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Thinstall
2009-10-14 18:54:22 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-14 18:54:21 ----D---- C:\Program Files\Common Files\Designer
2009-10-14 18:54:11 ----D---- C:\WINDOWS\ShellNew
2009-10-14 18:53:46 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Microsoft Web Folders
2009-10-12 15:57:02 ----D---- C:\WINDOWS\system32\URTTEMP
2009-10-11 19:32:17 ----A---- C:\WINDOWS\ODBC.INI
2009-10-11 18:40:19 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-10-11 18:40:07 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-11 18:35:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-10-08 09:34:08 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-07 17:21:51 ----A---- C:\WINDOWS\system32\settings.dll
2009-10-07 17:21:51 ----A---- C:\WINDOWS\system32\explorxp.exe
2009-10-07 17:21:10 ----RASHT---- C:\explore.exe
2009-10-07 17:21:10 ----D---- C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2009-10-06 22:38:39 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\DC++
2009-10-06 16:49:42 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Disney Interactive Studios
2009-10-06 13:36:10 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Dev-Cpp
2009-10-06 13:35:53 ----D---- C:\Dev-Cpp
2009-09-27 17:20:06 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-09-27 17:20:04 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrstr.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsth.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssl.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrssk.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrspt.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrspl.dll
2009-09-27 17:20:02 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-09-27 17:20:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-09-27 17:19:52 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-09-27 17:19:52 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-09-27 17:19:50 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-09-27 17:19:50 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-09-27 17:19:48 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-09-27 17:19:46 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-09-27 17:19:40 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-09-26 09:35:55 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Samsung
2009-09-25 07:21:43 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2009-09-25 07:21:32 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-09-25 07:21:28 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe
2009-09-25 07:21:28 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll
2009-09-25 07:21:10 ----D---- C:\Program Files\MarkAny
2009-09-21 17:21:19 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Image Zone Express
2009-09-20 10:41:15 ----D---- C:\Program Files\Common Files\Skype
2009-09-15 15:39:27 ----D---- C:\Program Files\Orban
2009-09-10 10:32:16 ----D---- C:\Program Files\Common Files\HP
2009-09-10 08:45:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2009-08-24 13:04:16 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Wolfram Research

======List of files/folders modified in the last 3 months======

2009-11-21 10:33:45 ----D---- C:\WINDOWS\system32
2009-11-21 10:12:25 ----D---- C:\WINDOWS\Prefetch
2009-11-21 10:09:08 ----D---- C:\WINDOWS\temp
2009-11-21 10:04:13 ----D---- C:\WINDOWS
2009-11-21 03:41:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-21 03:41:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-21 03:41:07 ----A---- C:\Documents and Settings\iwan\Dane aplikacji\ClockTraySkins.ini
2009-11-21 03:24:04 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\uTorrent
2009-11-18 17:34:46 ----SHD---- C:\WINDOWS\Installer
2009-11-18 17:34:45 ----HD---- C:\Config.Msi
2009-11-18 15:24:09 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Mozilla
2009-11-17 11:20:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\EmailNotifier
2009-11-17 10:33:53 ----RD---- C:\Program Files
2009-11-16 21:09:21 ----SD---- C:\Documents and Settings\iwan\Dane aplikacji\Microsoft
2009-11-16 19:35:55 ----SHD---- C:\RECYCLER
2009-11-16 19:35:07 ----D---- C:\Documents and Settings
2009-11-16 13:01:58 ----D---- C:\WINDOWS\Registration
2009-11-13 10:16:46 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-12 18:31:50 ----D---- C:\WINDOWS\system32\DirectX
2009-11-12 18:31:47 ----HD---- C:\WINDOWS\inf
2009-11-12 18:31:01 ----RSD---- C:\WINDOWS\assembly
2009-11-12 14:20:24 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-10 13:20:28 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\OpenOffice.org2
2009-11-09 22:11:03 ----D---- C:\WINDOWS\system32\drivers
2009-11-04 18:39:21 ----D---- C:\WINDOWS\pss
2009-11-04 18:37:01 ----D---- C:\WINDOWS\Minidump
2009-10-27 13:52:20 ----SH---- C:\boot.ini
2009-10-27 13:52:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-27 13:51:42 ----D---- C:\WINDOWS\WinSxS
2009-10-27 13:48:00 ----D---- C:\Program Files\DIFX
2009-10-27 13:47:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-27 13:47:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-26 18:23:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-25 21:06:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-21 19:37:54 ----SHD---- C:\WINDOWS\CSC
2009-10-21 12:25:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
2009-10-19 20:03:55 ----D---- C:\WINDOWS\Help
2009-10-19 20:03:10 ----D---- C:\Program Files\AGEIA Technologies
2009-10-19 20:02:42 ----D---- C:\Program Files\NVIDIA Corporation
2009-10-19 19:30:28 ----D---- C:\otl
2009-10-19 19:08:59 ----D---- C:\WINDOWS\system
2009-10-19 18:45:22 ----D---- C:\Icons
2009-10-19 00:20:28 ----D---- C:\WINDOWS\system32\Restore
2009-10-15 16:36:30 ----A---- C:\WINDOWS\wincmd.ini
2009-10-14 18:54:54 ----AC---- C:\WINDOWS\vbaddin.ini
2009-10-14 18:54:42 ----D---- C:\Program Files\Common Files
2009-10-14 18:54:39 ----A---- C:\WINDOWS\win.ini
2009-10-14 18:54:25 ----RSD---- C:\WINDOWS\Fonts
2009-10-14 18:54:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-14 18:54:16 ----D---- C:\Program Files\Common Files\System
2009-10-14 18:53:39 ----D---- C:\WINDOWS\msapps
2009-10-14 18:53:39 ----D---- C:\Program Files\microsoft frontpage
2009-10-14 18:52:32 ----D---- C:\tmp
2009-10-14 18:50:29 ----D---- C:\Program Files\Microsoft.NET
2009-10-12 16:53:42 ----SHD---- C:\System Volume Information
2009-10-11 19:31:43 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-11 19:20:12 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2009-10-11 19:19:36 ----D---- C:\Program Files\MSBuild
2009-10-11 18:39:57 ----D---- C:\WINDOWS\system32\config
2009-09-30 13:47:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Installations
2009-09-30 13:47:36 ----D---- C:\Program Files\Nokia
2009-09-30 13:46:55 ----D---- C:\Program Files\Common Files\Nokia
2009-09-27 15:12:22 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-09-26 11:42:58 ----D---- C:\Program Files\SAMSUNG
2009-09-25 07:21:07 ----D---- C:\Program Files\PC Connectivity Solution
2009-09-22 20:35:34 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\Skype
2009-09-21 21:23:15 ----D---- C:\Documents and Settings\iwan\Dane aplikacji\skypePM
2009-09-20 10:41:15 ----RD---- C:\Program Files\Skype
2009-09-20 10:41:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2009-09-10 10:30:57 ----D---- C:\WINDOWS\twain_32
2009-09-10 10:17:30 ----D---- C:\Program Files\Hewlett-Packard
2009-09-04 17:44:40 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2005-09-26 8576]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-11-10 12160]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 7b197d;7b197d; C:\WINDOWS\System32\drivers\7b197d.sys []
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912]
S1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
S1 ISODrive;ISO CD-ROM Device Driver; \??\e:\Program Files\UltraISO\drivers\ISODrive.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416]
S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152]
S3 bmtyvfpx;bmtyvfpx; \??\C:\WINDOWS\system32\01D3.tmp []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dqkqnry;dqkqnry; \??\C:\WINDOWS\system32\01.tmp []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 ggggzy;ggggzy; \??\C:\WINDOWS\system32\01.tmp []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-08 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
S3 msicpl;MSICPL; \??\H:\install4\MSICPL.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 ntaccess;NTACCESS; \??\H:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
S3 onnic;onnic; \??\C:\WINDOWS\system32\01.tmp []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pgldqpoc;pgldqpoc; \??\C:\DOCUME~1\iwan\USTAWI~1\Temp\pgldqpoc.sys []
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tvichw32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;Karta USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 xdtzey;xdtzey; \??\C:\WINDOWS\system32\01.tmp []
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 ZSMC301b;Vimicro USB PC Camera (VC0305); C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-08-17 91263]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760]
S2 createprocess;CreateProcess Service; C:\WINDOWS\system\svchost.exe []
S2 fsusbexservice;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S2 jlqjge;Support Installer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[/log]

Gość
komentarz
komentarz

Rootkit pogania Rootkita! Użyj [url=http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303][b][color=blue][u]ComboFixa[/url][/b][/color][/u] i wklej z niego log. Zmień nazwę na: [b]123.com[/b]


.

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz

Po 50. etapie ComboFix zaczął usuwać zainfekowane pliki.
Komputer uruchomił się ponownie. Ani w trybie awaryjnym, ani w normalnym system się nie uruchamia, więc ComboFix nie generuje loga.
Pokazuje się bluescreen: [URL=http://img688.imageshack.us/img688/584/091121113450.jpg][IMG]http://img688.imageshack.us/img688/584/091121113450.th.jpg[/IMG][/URL]

Gość
komentarz
komentarz (edytowane)

BSOD powoduje Rootkit w MBR. Nie wiem co zalecić w tej sytuacji. Najlepszym wyjściem było by sformatowanie dysku i postawienie systemu na nowo, lecz to by na 99% nie usuneło Rootkita.
Jeżeli możesz wejść w Tryb Awaryjny to pokaż ponownie log z OTL.

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz

Tryb awaryjny nie działa. Pokazuje się bluescreen ten sam co w moim ostatnim poście.
Jeżeli sformatowanie dysku i postawienie systemu na nowo nie pomoże to w jaki sposób pozbyć się tego rootkita?

Gość
komentarz
komentarz

Po zainstalowaniu nowego systemu pokaż log z ComboFixa.

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz (edytowane)

A może istnieje jakieś LiveCD, które wyczyści obszar MBR z tego rootkita?
Mam trochę plików na C, da radę je jakoś uratować? tzn. przeniesc na inna partycję?

EDIT:
Mam liveCD systemu Ubuntu i pendrive. Może istniej jakaś możliwość uratowania windowsa przez narzędzia pod ubuntu?

Nowy system postawiony. Ze sterowników zainstalowałem narazie tylko kartę sieciową.
Oto log z ComboFixa.
[log]
ComboFix 09-11-20.02 - iwan 2009-11-21 15:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1741 [GMT 4,5:30]
Uruchomiony z: C:\123.com.com
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\windows\system32\drivers\pciide.sys

.
((((((((((((((((((((((((( Pliki utworzone od 2009-10-21 do 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 15:07 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-11-21 15:06 . 2008-04-14 19:35 58880 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-11-21 15:06 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-11-21 15:04 . 2009-07-16 19:33 6144 -c--a-w- c:\windows\system32\dllcache\kbdtuq.dll
2009-11-21 15:03 . 2009-11-21 14:24 -------- d--h--w- c:\documents and settings\Default User
2009-11-21 15:03 . 2009-11-21 14:20 -------- d-----w- C:\Documents and Settings
2009-11-21 15:03 . 2009-11-21 14:16 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 14:45 . 2009-11-21 14:45 -------- d-----w- c:\program files\Realtek
2009-11-21 14:45 . 2009-11-21 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 14:28 . 2009-07-16 19:33 49492 ----a-w- c:\windows\system32\perfc015.dat
2009-11-21 14:28 . 2009-07-16 19:33 355486 ----a-w- c:\windows\system32\perfh015.dat
2009-11-21 14:21 . 2009-11-21 14:21 12328 ----a-w- c:\documents and settings\iwan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-11-21 14:17 . 2009-11-21 14:17 -------- d-----w- c:\program files\microsoft frontpage
2009-11-21 14:16 . 2009-11-21 14:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-21 14:16 . 2009-11-21 14:16 -------- d-----w- c:\program files\Usługi online
2009-11-21 14:14 . 2009-11-21 14:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 14:13 . 2009-11-21 14:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-21 06:42 . 2009-11-21 14:24 3570958 ----a-r- C:\123.com.com
2009-10-30 15:19 . 2009-11-21 14:45 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
.

------- Sigcheck -------

[-] 2009-07-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-21_14.27.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-21 14:45 . 2009-05-26 15:00 73728 c:\windows\system32\RTNUninst32.dll
+ 2009-11-21 14:45 . 2009-07-08 07:35 73728 c:\windows\system32\RtNicProp32.dll
+ 2009-07-16 19:33 . 2009-11-21 14:28 39992 c:\windows\system32\perfc009.dat
- 2009-07-16 19:33 . 2009-11-21 14:21 39992 c:\windows\system32\perfc009.dat
+ 2009-07-16 19:33 . 2009-11-21 14:28 311604 c:\windows\system32\perfh009.dat
- 2009-07-16 19:33 . 2009-11-21 14:21 311604 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-16 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-07-17 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-07-17 212520]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-07-17 125952]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 15:50
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2009-11-21 15:50
ComboFix-quarantined-files.txt 2009-11-21 11:20

Przed: 13 156 581 376 bajtów wolnych
Po: 13 130 526 720 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DFF3781F924DF70ADB342FC4C01C7623

[/log]

Gość
komentarz
komentarz

Log jest czysty. Użyj MBR.exe i wklej z niego log: http://www.forumpc.pl/index.php?showtopic=99152&st=0&p=693757&fromsearch=1&#entry693757

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz (edytowane)

MBR
[log]
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[/log]



Jednak problemów ciąg dalszy. :(

Uruchomiłem ponownie komputer i znów wywalany jest BSOD ten sam co wcześniej. Ani tryb normalny, ani tryb awaryjny, ani tryb awaryjny z wierszem poleceń nie działają.
Co teraz?

Gość
komentarz
komentarz

Log z MBR jest OK. A czy sformatowałeś partycję C?

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz

No tak. Sformatowałem tylko systemową C. Odpaliłem ComboFixa, podałem loga, później to samo z MBR. I teraz nie da się uruchomić systemu, bo pokazuje się bsod.

Gość
komentarz
komentarz

Sformatuj ponownie C i już nie wykonuj nic.

  • Dobra wypowiedź 1
iwan59
komentarz
komentarz

Postawiłem nowy system. Póki co działa. Co teraz robić? Coś instalować? Skanować?

Gość
komentarz
komentarz

Nic nie skanuj. Zainstaluj sterowniki i potrzebne dla Ciebie programy.

To na tyle.

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.