HQ19 utworzono 11 lutego 2010 utworzono 11 lutego 2010 Log z OTL [log]OTL logfile created on: 2010-02-11 21:00:40 - Run 2 OTL by OldTimer - Version 3.1.28.0 Folder = D:\Moje\Downloads\Internet Download Manager\Programs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 50,00 Gb Total Space | 25,40 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Drive D: | 80,00 Gb Total Space | 50,03 Gb Free Space | 62,54% Space Free | Partition Type: NTFS Drive E: | 50,01 Gb Total Space | 44,65 Gb Free Space | 89,29% Space Free | Partition Type: NTFS Drive F: | 60,00 Gb Total Space | 9,40 Gb Free Space | 15,66% Space Free | Partition Type: NTFS Drive G: | 58,07 Gb Total Space | 40,40 Gb Free Space | 69,57% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PREZES Current User Name: Marcin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-02-11 21:00:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Moje\Downloads\Internet Download Manager\Programs\OTL.exe PRC - [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-01-25 21:33:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-12-12 21:30:04 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-12-08 14:18:48 | 007,336,448 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2009-11-30 20:03:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-08-17 03:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-05-27 19:58:39 | 002,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-02-06 11:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-14 18:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 18:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 18:21:32 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-11-14 11:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-09-14 07:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC UP\TOTALCMD.EXE PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe PRC - [2006-11-21 18:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2005-08-30 20:04:30 | 000,405,504 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe PRC - [2003-10-08 16:35:42 | 000,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe PRC - [2003-09-17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2000-06-26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe PRC - [1999-12-13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-02-11 21:00:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Moje\Downloads\Internet Download Manager\Programs\OTL.exe MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-26 16:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 18:20:56 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x- ww_35d4ce83\comctl32.dll MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2010-01-20 20:48:51 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP) SRV - [2009-12-12 21:30:04 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-11-30 20:03:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-08-17 03:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007-05-11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2007-03-12 13:49:46 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-01-15 17:14:38 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003-07-28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2000-06-26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service) SRV - [1999-12-13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010-01-20 20:48:51 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010-01-20 20:48:51 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009-12-17 17:38:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-11-29 12:43:31 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-07-21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2008-06-20 12:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-30 17:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008-04-13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 17:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-02-22 18:53:00 | 000,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2007-12-28 10:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007-06-19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007-06-19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007-06-19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007-06-19 08:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007-06-19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007-06-19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007-06-19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2006-08-25 04:47:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-08-11 14:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT) DRV - [2006-08-11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006-08-11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006-08-11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2006-08-11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006-08-11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2006-08-11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006-08-11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006-08-11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006-08-11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006-05-15 14:35:56 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006-05-15 14:35:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006-05-15 14:35:48 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006-05-15 14:35:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006-05-15 14:35:42 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006-05-15 14:35:42 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006-05-15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2005-12-09 17:46:48 | 000,009,312 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88xbar.sys -- (CX88XBAR) AVerMedia, AVerTV Crossbar (88x) DRV - [2005-12-09 17:46:14 | 000,270,336 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880) DRV - [2005-12-09 17:45:52 | 000,032,032 | R--- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE) AVerMedia AVerTV Tuner Service (88x) DRV - [2005-11-10 17:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2004-08-04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.Google.com"]http://www.Google.com[/url] IE - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\S-1-5-21-1993962763-1202660629-725345543- 1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4 FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..keyword.enabled: true FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-11 20:44:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 21:33:22 | 000,000,000 | ---D | M] [2010-02-03 19:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions [2010-02-03 19:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-02-11 18:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions [2009-11-30 19:56:02 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{44d0a1b4- 9c90-4f86-ac92-8680b5d6549e} [2010-02-02 15:59:57 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{9f08cb5a- 76b1-4bcf-aff9-90e1a5d60b1e} [2010-01-18 18:51:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\extensions\{d10d0bf8- f5b5-c8b4-a8b2-2b9879e08c5d} [2009-11-30 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\w0fzmmkm.default\extensions [2010-02-11 19:55:13 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\w0fzmmkm.default\searchplugins\Search. xml [2010-02-11 19:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-11 19:55:11 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8b3f1d75-635d-035a-f9d9-f7b4366df442} [2010-01-25 21:33:19 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-25 21:33:19 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-25 21:33:19 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-25 21:33:19 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-25 21:33:19 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-25 21:33:19 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-11 20:53:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [AQQ] C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe (AVerMedia Technologies, Inc.) O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\TC UP.lnk = C:\Program Files\TC UP\TC UP.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\Software\Policies\Microsoft\ Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1993962763-1202660629-725345543-1003_Classes\Software\Policies\Microsoft\ Internet Explorer\Control Panel present O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.7.226 217.172.224.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-30 16:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-02-05 21:00:24 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-30 16:17:12 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-11 20:50:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-02-11 20:49:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-02-11 20:49:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-02-11 20:49:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-02-11 20:49:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-02-11 20:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-02-11 20:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave [2010-02-11 20:00:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent [2010-02-11 19:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Ringtones [2010-02-08 22:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2010-02-08 21:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero [2010-02-07 20:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\UserData [2010-02-05 15:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\OCCT [2010-02-05 15:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\OCCT [2010-02-03 19:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Thunderbird [2010-02-03 19:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Thunderbird [2010-02-03 19:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\The Bat! [2010-02-01 21:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10 [2010-02-01 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-02-01 17:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Poprawiny studniówkowe [2010-01-25 21:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\Pobieranie [2010-01-25 18:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\CyberLink [2010-01-24 14:59:36 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2010-01-24 14:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer [2010-01-24 12:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help [2010-01-24 12:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help [2010-01-24 11:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Moje dokumenty\18 WoS Pedal to the Metal [2010-01-24 10:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-01-21 22:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\codeblocks [2010-01-21 22:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeBlocks [2010-01-20 20:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2010-01-20 20:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2010-01-20 20:37:40 | 000,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010-01-20 16:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA [2010-01-20 15:57:18 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2010-01-20 15:50:32 | 000,053,320 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2010-01-20 15:50:27 | 000,051,784 | ---- | C] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2010-01-20 15:50:17 | 000,027,720 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2010-01-20 15:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA [2010-01-13 18:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010-01-12 22:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter [2010-01-12 21:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Identities [2009-12-12 21:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [2009-12-02 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TeamViewer [2009-11-30 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-11-30 16:57:40 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2009-11-30 16:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-11-30 16:17:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-11-30 16:17:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 30 Days ==========[/color] [2010-02-11 20:54:07 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-11 20:53:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-11 20:53:48 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20021102}.CDF [2010-02-11 20:53:38 | 000,005,562 | ---- | M] () -- C:\WINDOWS\AVerTV.ini [2010-02-11 20:53:37 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-02-11 20:53:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-11 20:53:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-11 20:53:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-11 20:53:25 | 000,332,020 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010-02-11 20:52:48 | 006,659,104 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-02-11 20:52:48 | 000,565,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010-02-11 20:52:48 | 000,057,296 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010-02-11 20:52:48 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx [2010-02-11 20:52:48 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx [2010-02-11 20:52:48 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx [2010-02-11 20:52:48 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20021102}. rfx [2010-02-11 20:52:48 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20021102}.rfx [2010-02-11 20:52:48 | 000,006,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010-02-11 20:52:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-02-11 20:52:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-02-11 20:52:46 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT [2010-02-11 20:52:44 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini [2010-02-11 20:50:16 | 000,000,425 | RHS- | M] () -- C:\boot.ini [2010-02-11 20:41:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-02-11 20:04:09 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\GoldWave.lnk [2010-02-11 19:55:11 | 000,118,284 | ---- | M] () -- C:\WINDOWS\System32\VlJ6D-5cKcc9_.exe [2010-02-09 23:06:45 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Music.m3u [2010-02-08 18:45:35 | 002,110,396 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-08 16:15:58 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-02-08 16:15:43 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-02-07 12:40:30 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-05 15:06:54 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OCCT.lnk [2010-02-03 18:15:47 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2010-01-25 21:27:01 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\MyPhoneExplorer.lnk [2010-01-25 18:19:40 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Easy Duplicate Finder.lnk [2010-01-25 18:19:34 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Converter.lnk [2010-01-25 18:12:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\Default.PLS [2010-01-25 18:11:00 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Player.lnk [2010-01-25 18:10:42 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\RegCleaner.lnk [2010-01-25 07:36:18 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\UltraISO.lnk [2010-01-25 07:36:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\CodeBlocks.lnk [2010-01-25 07:36:17 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Revo Uninstaller.lnk [2010-01-24 15:16:44 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys [2010-01-24 14:54:47 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Quake III Arena.lnk [2010-01-24 14:54:44 | 000,000,801 | ---- | M] () -- C:\WINDOWS\QIII.INI [2010-01-23 22:55:45 | 000,000,594 | ---- | M] () -- C:\WINDOWS\win.ini [2010-01-22 02:33:06 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll [2010-01-20 20:48:51 | 000,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010-01-20 20:48:51 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2010-01-20 20:48:51 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2010-01-20 20:48:51 | 000,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2010-01-20 16:27:29 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2010-01-20 15:50:32 | 000,053,320 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2010-01-20 15:50:27 | 000,051,784 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2010-01-20 15:50:17 | 000,027,720 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2010-01-13 16:58:14 | 000,064,760 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-01-13 16:58:02 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-02-11 20:50:13 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-02-11 20:49:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-02-11 20:49:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-02-11 20:49:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-02-11 20:49:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-02-11 20:49:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-02-11 20:04:09 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\GoldWave.lnk [2010-02-11 19:55:11 | 000,118,284 | ---- | C] () -- C:\WINDOWS\System32\VlJ6D-5cKcc9_.exe [2010-02-09 22:51:51 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Music.m3u [2010-02-05 15:06:54 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OCCT.lnk [2010-01-25 18:12:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\Default.PLS [2010-01-24 15:16:44 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys [2010-01-24 14:54:47 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Quake III Arena.lnk [2010-01-24 14:45:13 | 000,000,801 | ---- | C] () -- C:\WINDOWS\QIII.INI [2010-01-22 02:33:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-01-21 22:14:11 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\CodeBlocks.lnk [2010-01-20 20:38:38 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010-01-20 20:38:38 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010-01-20 20:38:03 | 006,659,104 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-01-20 20:38:03 | 000,565,280 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010-01-20 20:38:03 | 000,057,296 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010-01-20 20:38:03 | 000,006,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010-01-20 15:50:39 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak [2010-01-20 15:50:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak [2010-01-20 15:50:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak [2010-01-12 22:07:48 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Player.lnk [2010-01-12 22:07:48 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Video Converter.lnk [2010-01-12 17:05:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-01-06 23:00:38 | 000,735,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-12-12 21:36:07 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-12-12 21:11:18 | 000,000,266 | ---- | C] () -- C:\WINDOWS\game.ini [2009-12-06 19:16:17 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-01 21:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TeleText.INI [2009-12-01 21:14:23 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini [2009-11-30 20:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2009-11-30 20:21:05 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-30 20:21:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-30 20:21:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-11-30 20:21:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-11-30 20:21:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-30 20:21:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-30 19:09:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-11-30 19:04:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2009-11-30 17:59:35 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-11-30 17:45:48 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-11-30 17:11:00 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2009-11-30 17:11:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2009-11-30 17:00:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2009-11-30 16:59:57 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-11-30 16:54:18 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006-08-11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006-05-23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005-09-02 10:37:14 | 000,005,562 | ---- | C] () -- C:\WINDOWS\AVerTV.ini [2005-06-16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini [color="#e56717"]========== LOP Check ==========[/color] [2009-11-30 18:57:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2009-12-08 20:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJScan [2010-01-07 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2010-01-20 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA [2010-01-03 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-02-10 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-12-02 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TeamViewer [2009-12-06 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\BESTplayer [2009-12-08 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Canon [2010-02-11 20:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DMCache [2009-11-30 19:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu [2010-02-01 21:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10 [2009-11-30 17:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\HEXelon [2009-11-30 19:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\IDM [2010-01-03 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\ipla [2009-12-11 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Leadertech [2009-11-30 19:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mp3tag [2010-02-10 07:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\MyPhoneExplorer [2010-01-10 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu [2009-12-16 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenArena [2010-01-07 12:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\SpeedSim [2010-01-09 17:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\TeamViewer [2010-02-07 19:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\The Bat! [2010-02-03 19:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Thunderbird [2010-01-19 22:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\TS3Client [2010-02-10 23:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent [2009-11-30 19:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\VSRevoGroup [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2009-11-30 16:17:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-12-06 10:51:57 | 000,000,355 | ---- | M] () -- C:\Boot.bak [2010-02-11 20:50:16 | 000,000,425 | RHS- | M] () -- C:\boot.ini [2004-08-04 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009-12-06 10:51:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-02-11 20:56:07 | 000,028,444 | ---- | M] () -- C:\ComboFix.txt [2009-11-30 16:17:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-30 16:17:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-30 16:17:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-11-30 20:38:57 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-11 20:53:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color="#e56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8FF81EB0 < End of report > [/log] Log z ComboFix [log] ComboFix 10-02-11.02 - Marcin 2010-02-11 20:50:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1693 [GMT 1:00] Uruchomiony z: d:\moje\Downloads\Internet Download Manager\Programs\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2517779441-3560812243-1181515526-1000 c:\$recycle.bin\S-1-5-21-35094280-4140891209-2606706195-1000 c:\documents and settings\Marcin\Dane aplikacji\EurekaLog c:\windows\system32\tmp71.tmp . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-11 do 2010-02-11 ))))))))))))))))))))))))))))))) . 2010-02-11 19:04 . 2010-02-11 19:12 -------- d-----w- c:\program files\GoldWave 2010-02-11 18:55 . 2010-02-11 18:55 118284 ----a-w- c:\windows\system32\VlJ6D-5cKcc9_.exe 2010-02-08 21:12 . 2010-02-08 21:12 -------- d-----w- c:\program files\Nero 2010-02-08 20:35 . 2010-02-08 21:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-02-07 19:58 . 2010-02-07 19:58 -------- d-sh--w- c:\documents and settings\Marcin\UserData 2010-02-05 14:06 . 2010-02-05 14:06 -------- d-----w- c:\program files\OCCT 2010-02-04 21:14 . 2010-02-04 21:14 5115824 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-03 18:20 . 2010-02-07 18:24 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Thunderbird 2010-02-03 18:20 . 2010-02-03 18:20 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Thunderbird 2010-02-03 18:16 . 2010-02-07 18:17 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\The Bat! 2010-02-01 20:24 . 2010-02-01 20:25 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10 2010-02-01 20:24 . 2010-02-01 20:25 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-01-25 17:12 . 2010-01-25 17:12 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\CyberLink 2010-01-24 14:16 . 2010-01-24 14:16 139152 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\PnkBstrK.sys 2010-01-24 13:59 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe 2010-01-24 13:54 . 2010-01-24 13:54 -------- d-----w- c:\program files\Mplayer 2010-01-24 13:45 . 1999-10-09 16:30 305152 ----a-w- c:\windows\IsUninst.exe 2010-01-24 11:24 . 2010-01-24 11:24 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help 2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-01-21 21:14 . 2010-01-22 22:53 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\codeblocks 2010-01-21 21:14 . 2010-01-21 21:14 -------- d-----w- c:\program files\CodeBlocks 2010-01-20 19:48 . 2010-01-20 19:48 59920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll 2010-01-20 19:48 . 2010-01-20 19:48 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll 2010-01-20 19:48 . 2010-01-20 19:48 33808 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 2010-01-20 19:48 . 2010-01-20 19:48 208616 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe 2010-01-20 19:48 . 2010-01-20 19:48 226832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 2010-01-20 19:38 . 2010-01-20 19:48 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-01-20 19:38 . 2010-01-20 19:48 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-01-20 19:38 . 2010-02-11 19:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2010-01-20 19:38 . 2010-02-11 19:52 6659104 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-20 19:38 . 2010-02-11 19:52 565280 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-01-20 19:38 . 2010-01-20 19:38 -------- d-----w- c:\program files\Kaspersky Lab 2010-01-20 15:19 . 2010-01-20 19:34 -------- d-----w- c:\program files\Common Files\G DATA 2010-01-20 14:57 . 2010-01-20 15:27 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2010-01-20 14:50 . 2010-01-20 14:50 53320 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2010-01-20 14:50 . 2010-01-20 14:50 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2010-01-20 14:50 . 2010-01-20 14:50 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2010-01-20 14:50 . 2010-01-20 19:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA 2010-01-13 17:35 . 2010-01-13 17:35 -------- d-----w- c:\program files\MSXML 4.0 2010-01-12 21:07 . 2010-01-20 22:41 -------- d-----w- c:\program files\Total Video Converter 2010-01-12 20:12 . 2010-01-12 20:12 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\Identities . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-11 19:52 . 2010-01-20 19:38 6156 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-11 19:52 . 2010-01-20 19:38 57296 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-11 19:42 . 2009-11-30 16:48 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\DMCache 2010-02-10 22:58 . 2010-01-09 21:35 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\uTorrent 2010-02-10 22:11 . 2009-12-16 17:58 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-02-10 06:41 . 2009-12-16 17:58 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\MyPhoneExplorer 2010-02-09 17:01 . 2009-12-20 11:41 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-02-08 21:41 . 2009-12-12 19:13 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Xfire 2010-02-08 21:13 . 2009-11-30 17:07 -------- d-----w- c:\program files\Common Files\Ahead 2010-02-08 15:15 . 2009-12-12 20:36 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-08 15:15 . 2009-12-12 20:36 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-02-07 19:58 . 2009-12-12 19:13 -------- d-----w- c:\program files\Xfire 2010-02-04 21:17 . 2009-12-01 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-24 13:12 . 2009-11-30 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-24 11:24 . 2009-11-30 16:51 -------- d-----w- c:\program files\TC UP 2010-01-24 09:52 . 2009-11-30 19:16 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-23 19:48 . 2010-01-04 17:55 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Skype 2010-01-20 19:48 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2010-01-19 21:19 . 2009-12-20 11:41 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\TS3Client 2010-01-15 14:07 . 2009-11-30 16:43 -------- d-----w- c:\program files\Unlocker 2010-01-13 15:58 . 2009-11-30 15:34 64760 ----a-w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-12 16:25 . 2010-01-12 16:25 -------- d-----w- c:\program files\UltraISO 2010-01-12 16:25 . 2010-01-12 16:25 -------- d-----w- c:\program files\Common Files\EZB Systems 2010-01-10 11:24 . 2010-01-10 11:20 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu 2010-01-09 21:36 . 2010-01-09 21:36 -------- d-----w- c:\program files\uTorrent 2010-01-09 16:01 . 2009-12-02 14:56 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\TeamViewer 2010-01-09 16:01 . 2009-12-02 14:56 -------- d-----w- c:\program files\TeamViewer 2010-01-07 16:54 . 2004-08-04 11:00 83880 ----a-w- c:\windows\system32\perfc015.dat 2010-01-07 16:54 . 2004-08-04 11:00 490628 ----a-w- c:\windows\system32\perfh015.dat 2010-01-07 15:07 . 2009-12-01 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-12-01 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 12:08 . 2009-12-04 14:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters 2010-01-07 11:36 . 2010-01-07 11:34 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\SpeedSim 2010-01-06 22:00 . 2010-01-06 22:00 735264 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-01-06 19:20 . 2010-01-06 19:20 -------- d--h--r- c:\documents and settings\Marcin\Dane aplikacji\SecuROM 2010-01-06 19:20 . 2010-01-06 19:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-04 17:55 . 2010-01-04 17:55 -------- d-----w- c:\program files\Common Files\Skype 2010-01-04 17:55 . 2010-01-04 17:55 -------- d-----w- c:\program files\Skype 2010-01-04 17:55 . 2010-01-04 17:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2010-01-03 10:12 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\ipla 2010-01-03 10:12 . 2010-01-02 19:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2010-01-02 19:08 . 2010-01-02 19:08 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-01-02 19:08 . 2010-01-02 19:08 1060864 ----a-w- c:\windows\system32\mfc71.dll 2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-24 10:05 . 2009-12-24 10:05 -------- d-----w- c:\program files\HD Tune 2009-12-23 18:37 . 2009-12-23 18:37 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2009-12-23 18:37 . 2009-12-23 18:37 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-23 18:37 . 2009-12-23 18:37 -------- d-----w- c:\program files\OpenAL 2009-12-21 19:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-19 22:25 . 2009-11-30 16:20 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-12-17 16:40 . 2009-12-17 16:40 -------- d-----w- c:\program files\Alcohol Soft 2009-12-17 16:38 . 2009-11-30 16:45 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-17 07:42 . 2009-11-30 15:13 345088 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 17:58 . 2009-12-16 17:58 -------- d-----w- c:\program files\MyPhoneExplorer 2009-12-16 14:22 . 2009-12-16 14:22 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\OpenArena 2009-12-14 07:10 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-12 20:30 . 2009-12-12 20:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-09 10:11 . 2004-08-04 11:00 2146816 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:11 . 2004-08-04 00:39 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 18:28 . 2009-12-07 18:28 1924440 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-12-04 18:22 . 2004-08-04 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-30 19:41 . 2009-11-30 15:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-30 19:03 . 2009-11-30 19:03 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-30 19:02 . 2009-11-30 19:02 152576 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-30 19:00 . 2009-11-30 19:00 79488 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-30 16:44 . 2009-11-30 16:44 0 ----a-w- c:\windows\nsreg.dat 2009-11-30 16:25 . 2009-11-30 16:25 656 ----a-w- c:\windows\unins000.dat 2009-11-30 16:25 . 2002-02-10 00:00 72748 ----a-w- c:\windows\unins000.exe 2009-11-30 15:57 . 2009-11-30 15:57 184 ----a-w- c:\windows\system32\e000001.dat 2009-11-30 15:14 . 2009-11-30 15:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-29 11:43 . 2009-11-29 11:43 304920 ----a-w- c:\windows\system32\drivers\iaStor.sys 2009-11-27 17:14 . 2004-08-04 11:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:14 . 2004-08-04 00:44 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:09 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:09 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:09 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:09 . 2004-08-04 00:44 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:09 . 2001-10-26 17:29 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 16:03 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-18 14:52 . 2009-11-18 14:52 37376 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-11-18 14:52 . 2009-11-18 14:52 11776 ----a-w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-12-08 7336448] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="NvMCTray.dll" [2009-08-17 86016] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2010-01-20 208616] c:\documents and settings\Marcin\Menu Start\Programy\Autostart\ TC UP.lnk - c:\program files\TC UP\TC UP.exe [2007-11-29 34816] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ QuickTV.lnk - c:\program files\AVerTV\QuickTV.exe [2005-8-30 405504] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\ AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Quake III Arena\\quake3.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-30 691696] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872] R2 CX88XBAR;AVerMedia, AVerTV Crossbar (88x);c:\windows\system32\drivers\cx88xbar.sys [2009-11-30 9312] R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-08-11 8192] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-12-24 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-12-24 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-12-24 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-12-24 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-12-24 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-12-24 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-12-24 97704] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.Google.com IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm FF - ProfilePath - c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\iojvfu08.marcin\ FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/ FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search= FF - component: c:\documents and settings\Marcin\Dane aplikacji\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\Mozilla Firefox\extensions\{8b3f1d75-635d-035a-f9d9-f7b4366df442}\components\-lWD__.dll FF - plugin: c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-NWEReboot - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-11 20:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdx.sys hal.dll >>UNKNOWN [0x8A965938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28 \Driver\ACPI -> ACPI.sys @ 0xb7e73cb8 \Driver\atapi -> atapi.sys @ 0xb7e08b40 \Driver\iaStor -> iaStor.sys @ 0xb7d7c6d0 IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a NDIS: Generic Marvell Yukon 88E8056 based Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7c4abb0 PacketIndicateHandler -> NDIS.sys @ 0xb7c57a21 SendHandler -> NDIS.sys @ 0xb7c3587b user & kernel MBR OK ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1993962763-1202660629-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:96,7f,50,68,c7,19,81,2d,11,2e,db,aa,e3,c5,bc,45,57,0d,fb,a5,84, 51,3f,9c,b3,ac,ca,e1,41,cf,8b,cd,d4,d7,71,68,39,60,cb,2b,7f,0a,65,37,ef,a9,\ "rkeysecu"=hex:af,ea,70,2c,3c,b1,12,9f,1b,aa,a6,ac,da,fc,41,65 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):45,f3,d0,54,37,8e,4a,e8,a8,a7,fa,f5,d2,a2,21,83,0e,b6,0e,e7,08, 7e,a7,3e,be,82,e6,d6,6e,ee,f5,f0,3c,aa,8d,18,5f,54,9b,63,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f33cd67c-d2cb-476e-a1bd-41f5b2174027}] @Denied: (Full) (Everyone) "Model"=dword:00000021 "Therad"=dword:00000003 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="790413DBCB66448F745AFC9B5B74C7BDE77C2D92ED20DB9B0602573FD08ECEEDD8CBE8B231A3C7CBFBD18F1A73E2A378A390FC5A6A57AC3CF7000BB7D51A9E5EBB13A594B0DB782444D7853655042864C2143B25EAE0F52BDC829193A763CEE89618B7DA61FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DA2D97226D213B555D3A089DD112010D81A8B388C23F49912878E86794518D3BDAA9C34167AE6E42664CEDE5123BF44B11CA9B17FBEAAB9E717AF2912C6D762DC544B659F916C52DA797B8B3DCB9E36E352DF3AA87DA115835F888BBB9FE21770F41923BB451660796945D86BCE927E49538B6577B27EDDF3D6CFA52DD4CB5A5A06BDEE85E985525ACEFCEFF8EFE9584DFA3A24AE365C6AD83A71566CEE99BA11441E30E7DACC0E68882862D87D64A4EFE8ACD164E346B167898CDD557AC4E99DB15930A474719F233781224FC3356547FE5BA9059A3D506A0AF5E298083C3FA013BE9E509970351EC1F485F71504C4796570CA4DBDB709BEC1346D39ABE1B24A71D28D532EB7217F53A4CABE496D8C4407CABBD1B71EBFD4FD82EC0F7F8BE3E199CE726A9DABDB03586610663B022EF613FBE37870CCFB32505130C59E0392411E1F28265522FE780343D784C8453CF5FBCA107C5A95EC700BC3ED5DAA87A65652636E6DC5664A434AF88A02D4AE70BAF9B1EF6BE73CE23CC532C0A9C8C9A925517165F5E5B7205AE878731FC52AA5CF08DF98A9107C5258DEA5A3522070C7C175D095CEAEC78748DBE8C1EA07995AD664B702ECCF005498F3DFF9D3DD95D5D7E23E68D79D402BACE522884C0650358393CF88C0276AA5E66B5308FB33C647257DAA2BC5B4B95ABB8C33BF7DB6947C1E5B72EC83184F2840EC29F770D406B77B6DBA922179C4873C1B5BC30B8FA49C83C79D54E62A38DEB6E33BD5A87B4963C221C533477563CA899F92D1D88AAE25A2A704C574EBA2F3EE01991570E1FBADF34AD98869B68C5D12EA810E9AA6D84A018E0DAE04697EB321B78889E6CB7A9B1DDCB5708B4FAC9EDA140581DA66B863365352DD4639B2901C41FCEC007B18D6E192502D0653A113F8F42F9477D0DBED6F11A20A3D71951DC01AA65D053B192F77E7CFE5875EBE5F19AA461A226FC287EB26814940ADF5948480E05B8FD53914A79E92A38E0C4B50F99A424360D2E0F40037241A780E945270F842CD901DA69CD23CA75671008153EF68D1A60D8C1D9F942BF45B6636A6D621CC907B4A6682836809D34F57DD117BE07D56425433D411A52D13D15CCDD4C8C9884793D7896224F01211C6BE519D80488A64743960D77B44AA51A681803CEFAD7A9727A162D08306AA8A547787BC3DB600470011B4E9309359B665" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(4060) c:\windows\system32\WININET.dll c:\program files\Gadu-Gadu\ggwhook.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\TC UP\totalcmd.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\oodag.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2010-02-11 20:56:07 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-11 19:56 Przed: 26 761 388 032 bajtów wolnych Po: 27 294 359 552 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 2C05246070CB54697AFBBBD955F3BD3B [/log] Proszę o sprawdzenie, czy jeszcze coś pozostało w tych logach.
Psycholandia komentarz 12 lutego 2010 komentarz 12 lutego 2010 Uruchom OTL i klik na CleanUP. Czysto. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware) 1
HQ19 komentarz 13 lutego 2010 Autor komentarz 13 lutego 2010 (edytowane) Malwarebyte'm skanowałem i usunąłem kilka. Dzięki Andziorka za sprawdzenie logów Możecie mi powiedzieć jak poprzez OTL usunąć te wpisy: [code]FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/" FF - prefs.js..browser.search.selectedEngine: "Search" <-- nie wiem czy ten usunąć FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..keyword.enabled: true <-- nie wiem czy ten usunąć FF - prefs.js..browser.search.defaultenginename: "Search" <-- nie wiem czy ten usunąć FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="[/code]
Mateusz J. komentarz 14 lutego 2010 komentarz 14 lutego 2010 Uruchom OTL i w oknie Custom Scans/Fixes wklej[code] :OTL FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/" FF - prefs.js..browser.search.selectedEngine: "Search" <-- nie wiem czy ten usunąć FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..keyword.enabled: true <-- nie wiem czy ten usunąć FF - prefs.js..browser.search.defaultenginename: "Search" <-- nie wiem czy ten usunąć FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search=" :Commands [emptytemp] [Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera. Jeśli chcesz możesz spróbować usunąć bez resetu, wtedy ze skryptu usuń [Reboot] 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.