webber utworzono 30 stycznia 2010 utworzono 30 stycznia 2010 Witam. Tak jak w temacie, nie dzieje się co prawda nic strasznego, ale chcę być pewien, że nie mam żadnego robactwa w systemie. Będę wdzięczny za sprawdzenie logów: OTL: [log]OTL logfile created on: So 30.01 20:25:04 - Run 1 OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\scope\Desktop 64bit- Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation Internet Explorer (Version = 8.0.7100.0) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: ddd dd.MM 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 24,41 Gb Total Space | 2,40 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 13,82 Gb Free Space | 7,08% Space Free | Partition Type: NTFS Drive E: | 13,15 Gb Total Space | 1,01 Gb Free Space | 7,67% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCOPE-PC Current User Name: scope Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010 01 30 20:23:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\scope\Desktop\OTL.exe PRC - [2010 01 11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009 12 08 14:18:48 | 007,336,448 | ---- | M] (Creative Team S.A.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2009 11 20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera 10 Beta\opera.exe PRC - [2009 09 07 09:24:36 | 000,923,208 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2009 08 24 13:17:42 | 001,045,576 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009 08 24 13:17:42 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2009 07 27 03:03:58 | 000,300,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009 04 10 14:38:12 | 000,818,840 | ---- | M] (BinarySense, Inc.) -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe PRC - [2009 03 09 14:23:40 | 002,015,232 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\DVBTAP.exe PRC - [2009 03 09 14:22:44 | 000,090,112 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe PRC - [2009 02 06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009 01 12 13:04:00 | 002,908,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFDTV\WFWIZ.exe PRC - [2007 09 02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2007 05 28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2006 04 09 19:31:44 | 000,061,440 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Keyboard\Ikeymain.exe PRC - [2004 12 13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010 01 30 20:23:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\scope\Desktop\OTL.exe MOD - [2009 04 22 06:23:04 | 001,289,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009 04 22 06:22:17 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009 04 22 06:22:12 | 001,122,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009 04 22 06:22:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009 04 22 06:22:11 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009 04 22 06:22:11 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009 04 22 06:22:03 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009 04 22 06:22:02 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009 04 22 06:21:56 | 012,855,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009 04 22 06:21:56 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009 04 22 06:21:55 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009 04 22 06:21:54 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009 04 22 06:21:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009 04 22 06:21:49 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009 04 22 06:21:46 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009 04 22 06:21:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009 04 22 06:21:43 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009 04 22 06:21:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009 04 22 06:21:43 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009 04 22 06:21:39 | 001,409,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009 04 22 06:21:39 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009 04 22 06:21:39 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009 04 22 06:21:36 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009 04 22 06:21:19 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009 04 22 06:21:02 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009 04 22 06:20:55 | 000,828,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009 04 22 06:20:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009 04 22 06:20:14 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009 04 22 06:20:07 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009 04 22 06:20:06 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009 04 22 06:20:00 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009 04 22 06:20:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009 04 22 06:19:53 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009 04 22 06:19:50 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009 04 22 06:19:50 | 000,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009 04 22 06:18:41 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009 04 22 06:11:36 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009 04 22 06:11:36 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009 04 22 06:11:35 | 000,662,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009 04 22 06:11:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009 04 22 06:11:34 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009 04 22 06:11:34 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009 04 22 06:11:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009 04 22 06:11:28 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009 04 22 06:11:28 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009 04 22 06:00:58 | 001,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.0_none_d75e6751736615f2\comctl32.dll MOD - [2007 09 02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009 12 23 21:03:10 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009 07 08 22:41:38 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009 04 22 06:41:48 | 000,228,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009 04 22 06:41:31 | 000,201,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009 04 22 06:41:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009 04 22 06:41:29 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009 04 22 06:41:20 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009 04 22 06:41:01 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009 04 22 06:40:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009 04 22 06:40:56 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009 04 22 06:40:54 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009 04 22 06:40:54 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009 04 22 06:40:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009 04 22 06:40:52 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009 04 22 06:40:14 | 001,011,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009 04 22 06:39:46 | 001,126,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009 04 22 06:39:30 | 000,314,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009 04 22 06:39:29 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009 04 22 06:39:25 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009 04 22 06:39:08 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009 04 22 06:39:06 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009 04 22 06:39:03 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009 04 22 06:38:59 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009 04 22 06:38:59 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009 04 22 06:38:44 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009 04 22 06:38:24 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009 04 22 06:38:06 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2008 07 29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2010 01 25 22:02:01 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010 01 11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009 12 16 18:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009 08 24 13:17:42 | 001,045,576 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009 08 24 13:17:42 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2009 07 30 12:33:08 | 001,724,264 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009 07 27 03:03:58 | 000,300,616 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009 04 22 08:16:44 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009 04 22 08:16:43 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009 04 22 06:21:43 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009 04 22 06:20:14 | 000,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009 04 22 01:32:06 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009 04 10 14:38:12 | 000,818,840 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2009 04 04 21:04:26 | 000,090,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009 02 06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007 05 28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2004 12 13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010 01 09 21:14:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2009 12 06 12:41:44 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:[b]64bit:[/b] - [2009 12 06 12:11:05 | 000,070,088 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:[b]64bit:[/b] - [2009 12 06 12:10:44 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:[b]64bit:[/b] - [2009 12 06 12:10:26 | 000,033,736 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:[b]64bit:[/b] - [2009 12 06 12:10:23 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:[b]64bit:[/b] - [2009 11 10 14:35:36 | 000,139,408 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2009 09 23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009 09 09 10:20:12 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009 08 10 02:26:00 | 000,474,496 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfeaglxt.sys -- (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) DRV:[b]64bit:[/b] - [2009 04 22 06:53:06 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009 04 22 06:53:04 | 000,105,040 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009 04 22 06:52:53 | 000,028,752 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009 04 22 06:48:23 | 000,153,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:[b]64bit:[/b] - [2009 04 22 06:48:16 | 000,077,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009 04 22 06:48:15 | 000,065,616 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009 04 22 06:48:14 | 000,054,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:[b]64bit:[/b] - [2009 04 22 06:48:11 | 000,050,256 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:[b]64bit:[/b] - [2009 04 22 06:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:[b]64bit:[/b] - [2009 04 22 06:45:33 | 000,228,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:[b]64bit:[/b] - [2009 04 22 06:45:27 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:[b]64bit:[/b] - [2009 04 22 06:45:27 | 000,203,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:[b]64bit:[/b] - [2009 04 22 06:45:25 | 000,047,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:[b]64bit:[/b] - [2009 04 22 06:45:20 | 000,036,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:[b]64bit:[/b] - [2009 04 22 06:45:20 | 000,024,640 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009 04 22 06:45:20 | 000,022,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:[b]64bit:[/b] - [2009 04 22 06:45:19 | 000,036,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:[b]64bit:[/b] - [2009 04 22 06:45:10 | 000,458,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:[b]64bit:[/b] - [2009 04 22 06:44:54 | 000,222,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:[b]64bit:[/b] - [2009 04 22 05:26:27 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:[b]64bit:[/b] - [2009 04 22 05:25:20 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:[b]64bit:[/b] - [2009 04 22 05:19:00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:[b]64bit:[/b] - [2009 04 22 05:18:10 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:[b]64bit:[/b] - [2009 04 22 05:16:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:[b]64bit:[/b] - [2009 04 22 05:15:56 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:[b]64bit:[/b] - [2009 04 22 05:15:43 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:[b]64bit:[/b] - [2009 04 22 05:15:37 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:[b]64bit:[/b] - [2009 04 22 05:15:28 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:[b]64bit:[/b] - [2009 04 22 05:15:08 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009 04 22 05:15:05 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:[b]64bit:[/b] - [2009 04 22 05:14:25 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:[b]64bit:[/b] - [2009 04 22 05:10:55 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:[b]64bit:[/b] - [2009 04 22 05:09:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2009 04 22 05:08:57 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:[b]64bit:[/b] - [2009 04 22 04:59:57 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:[b]64bit:[/b] - [2009 04 22 04:57:24 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:[b]64bit:[/b] - [2009 04 22 04:49:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:[b]64bit:[/b] - [2009 04 22 04:49:14 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:[b]64bit:[/b] - [2009 04 22 04:43:33 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:[b]64bit:[/b] - [2009 04 22 04:34:55 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:[b]64bit:[/b] - [2009 04 22 04:34:53 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:[b]64bit:[/b] - [2009 04 22 04:29:34 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:[b]64bit:[/b] - [2009 04 22 04:27:28 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:[b]64bit:[/b] - [2009 04 22 04:23:12 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:[b]64bit:[/b] - [2009 03 17 05:35:14 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009 03 06 08:43:48 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009 02 24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:[b]64bit:[/b] - [2009 02 06 04:41:49 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009 01 24 05:08:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009 01 13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:[b]64bit:[/b] - [2009 01 13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:[b]64bit:[/b] - [2009 01 13 18:14:40 | 000,036,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:[b]64bit:[/b] - [2009 01 13 18:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:[b]64bit:[/b] - [2009 01 13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:[b]64bit:[/b] - [2008 02 22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:[b]64bit:[/b] - [2006 07 21 19:15:00 | 000,469,888 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxavsvid.sys -- (CX88VID) DRV - [2009 06 24 18:51:09 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC) DRV - [2009 04 22 06:23:43 | 000,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009 04 22 06:22:17 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009 04 22 06:21:17 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009 03 20 16:27:01 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009 03 20 16:21:33 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009 02 24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2004 12 30 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2004 12 23 16:27:56 | 000,027,392 | ---- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys -- (ULCDRHlp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 9C 53 23 3C 20 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www8.agame.com/mirror/flash/b/bubble_shooter.swf" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010 01 22 17:23:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010 01 22 17:23:39 | 000,000,000 | ---D | M] [2009 09 22 14:51:12 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\mozilla\Extensions [2009 09 22 14:51:12 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2010 01 25 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\mozilla\Firefox\Profiles\hhord01p.default\extensions [2009 09 20 21:09:14 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\scope\AppData\Roaming\mozilla\Firefox\Profiles\hhord01p.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010 01 25 22:10:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009 12 06 12:10:32 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009 09 18 15:43:32 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2010 01 22 17:23:37 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010 01 22 17:23:37 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010 01 22 17:23:37 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010 01 22 17:23:37 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010 01 22 17:23:37 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010 01 22 17:23:37 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009 02 24 04:35:22 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.) O4 - HKCU..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (Creative Team S.A.) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: &Download All by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8:[b]64bit:[/b] - Extra context menu item: &Download by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.238.255.76 213.241.79.37 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files (x86)\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{92437c18-60f5-11de-9072-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{92437c18-60f5-11de-9072-00196684aaa8}\Shell\AutoRun\command - "" = H:\FrameworkCheck.exe -- File not found O33 - MountPoints2\{9775d85a-7459-11de-9ca1-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{9775d85a-7459-11de-9ca1-00196684aaa8}\Shell\AutoRun\command - "" = L:\Autorun.exe -- File not found O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{d42ce2c8-a21d-11de-a8d4-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{d42ce2c8-a21d-11de-a8d4-00196684aaa8}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2009 04 22 08:16:44 | 000,000,000 | ---D | M] NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010 01 30 20:23:51 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\scope\Desktop\OTL.exe [2010 01 30 15:46:19 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\G DATA [2010 01 30 15:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation [2010 01 29 22:45:19 | 000,000,000 | ---D | C] -- C:\Users\scope\Documents\German Truck Simulator [2010 01 29 18:53:04 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\TuneUp Software [2010 01 29 18:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010 01 29 18:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010 01 29 18:33:12 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010 01 29 18:33:12 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010 01 29 17:47:09 | 003,453,712 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2010 01 29 17:45:14 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2010 01 29 17:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2010 01 27 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\HD Tune Pro [2010 01 27 17:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro [2010 01 27 17:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simpli Software [2010 01 27 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\BinarySense [2010 01 27 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BinarySense [2010 01 27 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BinarySense [2010 01 26 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\GHISLER [2010 01 25 22:12:18 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\PunkBuster [2010 01 25 22:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2010 01 24 12:22:45 | 000,000,000 | ---D | C] -- C:\Users\scope\Documents\Prototype [2010 01 23 21:07:54 | 000,000,000 | ---D | C] -- C:\totalcmd [2010 01 22 16:50:29 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\acccore [2010 01 22 16:50:28 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\AOL [2010 01 22 16:50:28 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\AIM [2010 01 22 16:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility [2010 01 22 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL [2010 01 21 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\A4Tech [2010 01 21 14:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010 01 19 21:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo [2010 01 15 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\PhotoFiltre Studio X [2010 01 14 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Local\WMTools Downloaded Files [2010 01 14 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6 [2010 01 09 21:22:03 | 000,000,000 | ---D | C] -- C:\Users\scope\Documents\My Games [2010 01 08 19:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010 01 07 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\scope\Documents\Downloads [2010 01 07 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\ChromePlus [2010 01 04 19:17:04 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\VitySoft [2010 01 01 18:28:11 | 000,000,000 | ---D | C] -- C:\Users\scope\AppData\Roaming\Codeton [2010 01 01 17:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paseczek [2009 07 06 18:16:20 | 004,345,856 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010 01 30 20:30:11 | 002,883,584 | -HS- | M] () -- C:\Users\scope\NTUSER.DAT [2010 01 30 20:29:58 | 000,017,357 | ---- | M] () -- C:\Program Files (x86)\opera6.adr [2010 01 30 20:27:53 | 000,781,909 | ---- | M] () -- C:\Users\scope\Desktop\RSIT.exe [2010 01 30 20:23:54 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\scope\Desktop\OTL.exe [2010 01 30 20:14:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010 01 30 20:14:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010 01 30 20:14:15 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2010 01 30 20:13:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010 01 30 20:13:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010 01 30 20:13:30 | 010,498,574 | -H-- | M] () -- C:\Users\scope\AppData\Local\IconCache.db [2010 01 30 20:13:23 | 000,000,002 | ---- | M] () -- C:\Windows\SysWow64\Dvbpws.dll [2010 01 30 18:05:32 | 001,523,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010 01 30 18:05:32 | 000,687,578 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010 01 30 18:05:32 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010 01 30 18:05:32 | 000,131,130 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010 01 30 18:05:32 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010 01 30 13:56:57 | 000,067,104 | ---- | M] () -- C:\Users\scope\AppData\Local\GDIPFONTCACHEV1.DAT [2010 01 30 13:56:17 | 000,306,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010 01 25 22:13:02 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010 01 25 22:13:02 | 000,214,488 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010 01 25 22:02:01 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010 01 25 22:02:01 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010 01 22 20:51:00 | 000,000,968 | ---- | M] () -- C:\Windows\unins000.dat [2010 01 22 16:50:29 | 000,000,347 | -H-- | M] () -- C:\IPH.PH [2010 01 19 19:38:03 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010 01 15 18:44:11 | 000,001,863 | ---- | M] () -- C:\Users\scope\Desktop\PICHZ.lnk [2010 01 12 05:03:33 | 000,068,200 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010 01 12 05:03:33 | 000,065,640 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010 01 12 05:03:33 | 000,009,163 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2010 01 11 23:18:54 | 000,271,481 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml [2010 01 11 23:18:54 | 000,065,332 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml [2010 01 09 21:14:31 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010 01 04 17:38:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\img213.imageshack.us [2010 01 04 17:38:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\img51.imageshack.us [2010 01 04 17:38:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\img101.imageshack.us [2010 01 04 17:37:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\img137.imageshack.us [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010 01 30 20:27:20 | 000,513,783 | ---- | C] () -- C:\Users\scope\Desktop\RSIT.exe [2010 01 30 20:22:27 | 000,017,357 | ---- | C] () -- C:\Program Files (x86)\opera6.adr [2010 01 29 18:33:12 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010 01 29 17:45:14 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2010 01 25 22:12:21 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010 01 25 22:02:19 | 000,214,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010 01 25 22:02:01 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010 01 25 22:02:01 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010 01 22 20:46:45 | 000,000,968 | ---- | C] () -- C:\Windows\unins000.dat [2010 01 22 16:50:11 | 000,000,347 | -H-- | C] () -- C:\IPH.PH [2010 01 11 23:18:54 | 000,271,481 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml [2010 01 11 23:18:54 | 000,065,332 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml [2010 01 09 18:50:48 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010 01 04 17:38:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\img213.imageshack.us [2010 01 04 17:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\img51.imageshack.us [2010 01 04 17:38:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\img101.imageshack.us [2010 01 04 17:37:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\img137.imageshack.us [2009 12 17 17:11:03 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2009 10 18 19:11:50 | 000,000,073 | ---- | C] () -- C:\Windows\Kyor.ini [2009 09 30 15:49:32 | 000,020,480 | ---- | C] () -- C:\Users\scope\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009 09 20 14:45:38 | 000,000,304 | ---- | C] () -- C:\Windows\game.ini [2009 07 31 21:16:22 | 000,007,630 | ---- | C] () -- C:\Users\scope\AppData\Local\Resmon.ResmonCfg [2009 07 09 20:28:58 | 000,000,052 | ---- | C] () -- C:\Users\scope\AppData\Local\Temp.vbs [2009 06 24 20:18:22 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll [2009 06 24 19:04:04 | 000,040,000 | ---- | C] () -- C:\Program Files (x86)\kanaly.chl [2009 04 22 04:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009 04 22 02:04:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008 10 28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2001 09 19 18:18:01 | 000,008,939 | ---- | C] () -- C:\Windows\Zmodeler.ini [color=#E56717]========== LOP Check ==========[/color] [2009 12 25 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\.purple [2010 01 22 16:50:29 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\acccore [2009 08 10 12:56:44 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Ashampoo [2009 12 16 19:45:22 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Astroburn Lite [2009 11 07 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Autodesk [2010 01 27 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\BinarySense [2010 01 29 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\BITS [2009 08 16 14:27:59 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\BlackBean [2010 01 07 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\ChromePlus [2010 01 01 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Codeton [2009 11 16 13:13:38 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\dBpoweramp [2009 08 10 12:50:07 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\DeepBurner [2010 01 18 15:54:37 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\EurekaLog [2010 01 30 14:46:36 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\foobar2000 [2009 06 24 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Foxit [2009 10 04 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\GanymedeNet [2010 01 23 21:08:35 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\GHISLER [2009 12 24 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\gtk-2.0 [2010 01 27 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\HD Tune Pro [2009 10 15 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\IrfanView [2009 09 15 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Leadertech [2009 08 11 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\New Technology Studio [2010 01 28 19:49:54 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Notepad++ [2009 10 29 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\OpenOffice.org [2009 12 25 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Opera [2010 01 15 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\PhotoFiltre Studio X [2009 09 22 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\Songbird2 [2010 01 29 18:53:04 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\TuneUp Software [2010 01 08 21:57:11 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\uTorrent [2010 01 04 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\scope\AppData\Roaming\VitySoft [2010 01 09 10:36:59 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009 04 22 06:28:23 | 000,383,200 | RHS- | M] () -- C:\bootmgr [2009 06 25 04:49:30 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010 01 30 20:14:15 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2010 01 22 16:50:29 | 000,000,347 | -H-- | M] () -- C:\IPH.PH [2010 01 30 20:14:18 | 4294,238,208 | -HS- | M] () -- C:\pagefile.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2BE9FEFC < End of report > [/log] Podczas próby skanu RSIT dostaję error: [img]http://www.imagebanana.com/img/1obi4gwo/er.png[/img]
Psycholandia komentarz 30 stycznia 2010 komentarz 30 stycznia 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O13 - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O33 - MountPoints2\{92437c18-60f5-11de-9072-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{92437c18-60f5-11de-9072-00196684aaa8}\Shell\AutoRun\command - "" = H:\FrameworkCheck.exe -- File not found O33 - MountPoints2\{9775d85a-7459-11de-9ca1-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{9775d85a-7459-11de-9ca1-00196684aaa8}\Shell\AutoRun\command - "" = L:\Autorun.exe -- File not found O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{b3a99932-fd5b-11de-8cb9-00196684aaa8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{d42ce2c8-a21d-11de-a8d4-00196684aaa8}\Shell - "" = AutoRun O33 - MountPoints2\{d42ce2c8-a21d-11de-a8d4-00196684aaa8}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found :Files C:\ProgramData\ntuser.pol :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
webber komentarz 31 stycznia 2010 Autor komentarz 31 stycznia 2010 Log z Malware po usunięciu 2 zainfekowanych obiektów: [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3667 Windows 6.1.7100 Internet Explorer 8.0.7100.0 N 31.01 13:55:10 mbam-log-2010-01-31 (13-55-10).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 102679 Upłynęło: 4 minute(s), 22 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 2 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) [/log]
Psycholandia komentarz 31 stycznia 2010 komentarz 31 stycznia 2010 Uruchom OTL i klik na CleanUP. Czysto.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.