Atomic utworzono 18 marca 2010 utworzono 18 marca 2010 (edytowane) Witam. Coś ostatnio wolniej mi chodzi komputer oraz pojawia się ikonka że może być zagrożony [quote]OTL logfile created on: 2010-03-18 18:06:08 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 52,00 Mb Available Physical Memory | 20,00% Memory free 618,00 Mb Paging File | 327,00 Mb Available in Paging File | 53,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 1,38 Gb Free Space | 7,05% Space Free | Partition Type: NTFS Drive D: | 17,73 Gb Total Space | 7,06 Gb Free Space | 39,82% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NCK-F58A3EAC7B8 Current User Name: kate@max Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-03-18 18:03:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie\Custom ScansFixes.exe PRC - [2010-03-11 15:10:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-07-09 08:39:12 | 002,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-10-22 11:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-08-23 08:08:54 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2006-08-23 08:02:58 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2005-01-28 00:36:00 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WdfMgr.exe PRC - [2005-01-26 15:15:16 | 000,884,838 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe PRC - [2004-08-22 16:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe PRC - [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-03 23:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-03 23:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-03 23:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-03 23:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-03 23:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-03 23:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-03 23:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-03 23:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2002-07-12 15:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-03-18 18:03:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie\Custom ScansFixes.exe MOD - [2008-02-20 07:53:12 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-02-16 10:32:35 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2007-12-04 19:42:02 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2007-10-25 17:44:11 | 008,488,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2007-07-09 14:11:53 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2007-04-16 17:11:16 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2007-03-08 16:51:57 | 000,579,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2006-08-25 16:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2006-08-23 08:03:36 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll MOD - [2004-08-03 23:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-03 23:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-03 23:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-03 23:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-03 23:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-03 23:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-03 23:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-03 23:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-03 23:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-03 23:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-03 23:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2004-08-03 23:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-03 23:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-03 23:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-03 23:42:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME [color=#E56717]========== Win32 Services (SafeList) ==========[/color] [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007-12-03 15:22:56 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006-10-22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-08-23 10:01:30 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2006-08-23 10:01:28 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2006-08-23 10:01:28 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-08-23 10:01:12 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2006-08-23 10:01:06 | 000,907,584 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT) DRV - [2006-08-23 08:08:24 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006-08-23 08:08:22 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005-12-22 13:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP) DRV - [2005-12-22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005-12-22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005-12-22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005-09-26 16:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111) DRV - [2004-08-22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt) DRV - [2004-08-22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus) DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5) DRV - [2002-07-16 09:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.krakow.pl/ IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks= [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "WWW.DZIENNIK.KRAKOW.PL" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-27 17:19:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-11 15:10:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-02-25 08:52:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-02-25 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Extensions [2010-02-25 08:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-03-17 19:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\extensions [2008-04-23 16:28:58 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} [2008-04-05 16:27:23 | 000,001,360 | ---- | M] () -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\searchplugins\winampsearch.xml [2010-03-17 19:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007-07-03 11:51:00 | 000,630,784 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll [2009-04-01 16:12:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2008-01-23 15:47:48 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll [2007-07-03 13:22:00 | 000,593,920 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll [2007-07-03 13:20:00 | 000,557,056 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll [2007-07-03 12:07:00 | 000,630,784 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-02-02 12:55:07 | 000,161,317 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 abcsearch.com O1 - Hosts: 127.0.0.1 admin.abcsearch.com O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid] O1 - Hosts: 127.0.0.1 www.abcsearch.com O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H] O1 - Hosts: 127.0.0.1 acestats.com O1 - Hosts: 127.0.0.1 www.acestats.com O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames] O1 - Hosts: 127.0.0.1 www.actualnames.com O1 - Hosts: 127.0.0.1 ad-up.com O1 - Hosts: 127.0.0.1 www.ad-up.com O1 - Hosts: 127.0.0.1 adatom.com O1 - Hosts: 127.0.0.1 aesp.adatom.com O1 - Hosts: 127.0.0.1 adbest.com O1 - Hosts: 127.0.0.1 adserv.adbonus.com O1 - Hosts: 127.0.0.1 www.adbonus.com O1 - Hosts: 127.0.0.1 www.adblaster2.info #[Restricted Zone site] O1 - Hosts: 127.0.0.1 ad2.adcept.net O1 - Hosts: 127.0.0.1 ad3.adcept.net O1 - Hosts: 127.0.0.1 www.adcept.net O1 - Hosts: 127.0.0.1 adcomplete.com O1 - Hosts: 127.0.0.1 www.adcomplete.com O1 - Hosts: 127.0.0.1 www.adcopy.info O1 - Hosts: 127.0.0.1 ads.adcorps.com O1 - Hosts: 4671 more lines... O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll () O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll () O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found. O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe File not found O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm () O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab (GameDesire Pool 8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O29 - HKLM SecurityProviders - (mcenspc.dll) - C:\WINDOWS\System32\mcenspc.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-08-28 12:15:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-08-28 12:14:53 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] File not found -- C:\Documents and Settings\kate@max\Pulpit\Rihanna Feat Justin Timberlake -- Rehab [2010-03-18 17:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-03-11 15:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-02-25 09:34:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\IECompatCache [2010-02-25 09:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\PrivacIE [2010-02-25 09:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\IETldCache [2010-02-25 09:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010-02-25 09:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010-02-25 09:18:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010-02-25 08:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie [2009-02-04 13:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [2008-05-16 15:00:54 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2008-05-16 15:00:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2008-01-22 20:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2008-01-22 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-01-22 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-01-22 20:22:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2007-08-28 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] File not found -- C:\Documents and Settings\kate@max\Pulpit\Rihanna Feat Justin Timberlake -- Rehab [2010-03-18 16:21:26 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-03-18 16:19:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-18 16:19:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-18 16:19:02 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-03-17 20:35:45 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\kate@max\NTUSER.DAT [2010-03-17 20:35:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\kate@max\ntuser.ini [2010-03-17 19:52:18 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\EVEREST Home Edition.lnk [2010-03-17 17:38:52 | 000,000,564 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for kate@max.job [2010-03-15 17:29:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-14 16:01:54 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skoki Narciarskie 2002.lnk [2010-03-05 17:31:45 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\Pytania do siatkówki.(2).doc [2010-02-25 09:23:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-25 08:53:34 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-25 08:52:43 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Thunderbird.lnk [2010-02-24 14:10:05 | 006,390,582 | -H-- | M] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-20 18:24:54 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-20 15:37:02 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\FRIEND FOREVER - NEW TEAM PROJECT.doc [2010-02-17 13:45:17 | 000,493,014 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\Teoria_Historia_Szkoły_Ewolucja_Prekursorzy.pdf [2010-02-14 19:10:22 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\pyt2.doc [2010-01-25 14:23:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\IVQ.xls [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-17 19:52:18 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\EVEREST Home Edition.lnk [2010-03-14 16:01:54 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skoki Narciarskie 2002.lnk [2010-02-17 13:45:15 | 000,493,014 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\Teoria_Historia_Szkoły_Ewolucja_Prekursorzy.pdf [2010-01-23 19:16:47 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\Pytania do siatkówki.(2).doc [2010-01-22 13:55:50 | 000,644,608 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\FTP.exe [2009-11-02 17:51:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-09-04 18:47:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009-09-04 18:47:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2009-09-04 18:47:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-09-04 18:47:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-07-06 15:30:00 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-04-28 18:38:23 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat [2009-04-26 10:53:48 | 000,000,731 | ---- | C] () -- C:\WINDOWS\mn02.ini [2009-02-26 16:20:41 | 000,054,784 | -H-- | C] () -- C:\WINDOWS\System32\mcenspc.dll [2008-09-20 18:14:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-09-20 18:14:38 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008-09-06 09:36:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\_pdfxp.dll [2008-09-05 17:12:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll [2008-09-05 17:12:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini [2008-06-07 15:09:49 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01 [2008-05-18 16:02:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008-05-18 16:02:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008-05-18 16:02:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008-04-08 18:48:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2008-04-08 18:46:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008-02-16 17:03:22 | 000,000,913 | ---- | C] () -- C:\WINDOWS\n02.ini [2008-01-19 17:03:41 | 000,003,401 | ---- | C] () -- C:\WINDOWS\messer.ini [2007-12-03 15:22:55 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007-11-07 17:22:49 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007-11-07 17:22:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2007-09-13 06:36:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007-08-29 11:27:22 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL [2007-08-29 11:21:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007-08-29 11:19:56 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2007-08-29 11:19:44 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2007-08-28 16:50:19 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2007-08-28 13:48:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-08-28 13:48:49 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-08-28 12:41:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2007-08-28 12:34:24 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-05-08 14:36:59 | 000,001,601 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2006-10-22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-08-23 08:08:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006-08-21 23:35:54 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005-02-24 06:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005-02-24 06:32:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005-02-24 06:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005-02-24 06:32:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005-02-24 06:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005-02-24 06:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004-08-22 16:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2008-11-01 17:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2008-05-22 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astar Games [2008-01-22 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg7 [2007-11-29 19:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Christmasville [2008-06-07 15:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Flood Light Games [2010-02-25 09:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GamesBar [2008-05-01 15:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gogii [2007-12-30 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HiddenSecretsNightmare [2008-09-17 17:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iWin Games [2008-03-19 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\JollyBear [2008-02-02 12:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite [2009-08-11 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Little Games Company [2008-03-05 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MonteCristo [2008-10-16 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo [2008-09-18 16:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MysteryChronicles [2009-07-02 15:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2009-01-01 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayPond [2009-04-05 17:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PoBros [2009-01-09 19:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Redrum [2008-08-12 18:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Slapdash Games [2008-08-15 17:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpinTop Games [2009-09-12 14:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-08-17 17:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TheRace_dev [2007-10-12 13:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Abra Academy2 [2008-09-25 18:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\AgerWebEdytor [2008-11-16 18:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Artogon [2008-01-22 20:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\AVG7 [2007-12-15 20:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Big Fish Games [2008-05-17 16:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\BitSpirit [2008-12-11 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\cerasus.media [2008-11-09 19:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Cream Software [2008-06-07 15:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Flood Light Games [2008-03-14 16:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\fltk.org [2007-09-14 16:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\ForgottenRiddles [2008-03-23 19:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Friday's games [2007-08-28 13:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Gadu-Gadu [2010-03-10 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\GanymedeNet [2009-09-05 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Gold Casual Games [2008-11-14 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Hide IP NG [2009-01-27 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Island [2008-09-12 13:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\ITTNord [2008-09-06 15:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\iWinArcade [2009-01-27 13:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Jetsetter [2008-11-01 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\JoyBits [2008-11-21 21:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Leadertech [2007-10-17 16:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Legends of pirates [2009-08-11 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Little Games Company [2008-04-18 18:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Moyea [2008-05-16 19:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\MSPWNOUP2006 [2008-05-21 15:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\MysteryStudio [2008-06-06 14:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Opera [2008-12-12 15:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\PlayFirst [2009-04-05 17:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\PoBros [2008-08-27 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Righteous Kill [2010-02-25 17:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Samsung [2009-03-23 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\SerpentOfIsis [2007-10-19 19:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Shareaza [2008-09-06 09:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Softplicity [2008-12-11 18:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Sports Interactive [2008-04-08 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\SprillBermudeEng [2010-02-25 08:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Thunderbird [2008-08-16 18:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\TMInc [2007-08-28 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2008-10-27 09:38:10 | 001,348,370 | ---- | M] () -- C:\Apr2005_d3dx9_25_x64.cab [2008-10-27 09:38:08 | 001,079,978 | ---- | M] () -- C:\Apr2005_d3dx9_25_x86.cab [2008-10-27 09:38:12 | 001,398,846 | ---- | M] () -- C:\Apr2006_d3dx9_30_x64.cab [2008-10-27 09:38:10 | 001,116,237 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab [2008-10-27 09:38:04 | 000,917,446 | ---- | M] () -- C:\Apr2006_MDX1_x86.cab [2008-10-27 09:38:20 | 004,163,646 | ---- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab [2008-10-27 09:37:46 | 000,180,149 | ---- | M] () -- C:\Apr2006_XACT_x64.cab [2008-10-27 09:37:38 | 000,134,119 | ---- | M] () -- C:\Apr2006_XACT_x86.cab [2008-10-27 09:38:02 | 000,088,117 | ---- | M] () -- C:\Apr2006_xinput_x64.cab [2008-10-27 09:38:00 | 000,047,026 | ---- | M] () -- C:\Apr2006_xinput_x86.cab [2008-10-27 09:38:00 | 000,699,628 | ---- | M] () -- C:\APR2007_d3dx10_33_x64.cab [2008-10-27 09:37:58 | 000,696,881 | ---- | M] () -- C:\APR2007_d3dx10_33_x86.cab [2008-10-27 09:38:18 | 001,608,374 | ---- | M] () -- C:\APR2007_d3dx9_33_x64.cab [2008-10-27 09:38:16 | 001,607,055 | ---- | M] () -- C:\APR2007_d3dx9_33_x86.cab [2008-10-27 09:37:48 | 000,196,782 | ---- | M] () -- C:\APR2007_XACT_x64.cab [2008-10-27 09:37:44 | 000,152,241 | ---- | M] () -- C:\APR2007_XACT_x86.cab [2008-10-27 09:38:08 | 000,097,833 | ---- | M] () -- C:\APR2007_xinput_x64.cab [2008-10-27 09:38:02 | 000,054,318 | ---- | M] () -- C:\APR2007_xinput_x86.cab [2008-10-27 09:38:12 | 001,351,558 | ---- | M] () -- C:\Aug2005_d3dx9_27_x64.cab [2008-10-27 09:38:08 | 001,078,660 | ---- | M] () -- C:\Aug2005_d3dx9_27_x86.cab [2008-10-27 09:37:48 | 000,183,919 | ---- | M] () -- C:\AUG2006_XACT_x64.cab [2008-10-27 09:37:42 | 000,138,251 | ---- | M] () -- C:\AUG2006_XACT_x86.cab [2008-10-27 09:38:02 | 000,088,158 | ---- | M] () -- C:\AUG2006_xinput_x64.cab [2008-10-27 09:38:02 | 000,047,074 | ---- | M] () -- C:\AUG2006_xinput_x86.cab [2008-10-27 09:38:04 | 000,853,302 | ---- | M] () -- C:\AUG2007_d3dx10_35_x64.cab [2008-10-27 09:38:00 | 000,797,883 | ---- | M] () -- C:\AUG2007_d3dx10_35_x86.cab [2008-10-27 09:38:18 | 001,801,176 | ---- | M] () -- C:\AUG2007_d3dx9_35_x64.cab [2008-10-27 09:38:18 | 001,709,168 | ---- | M] () -- C:\AUG2007_d3dx9_35_x86.cab [2008-10-27 09:37:52 | 000,199,112 | ---- | M] () -- C:\AUG2007_XACT_x64.cab [2008-10-27 09:37:46 | 000,154,028 | ---- | M] () -- C:\AUG2007_XACT_x86.cab [2008-10-27 09:38:04 | 000,868,628 | ---- | M] () -- C:\Aug2008_d3dx10_39_x64.cab [2008-10-27 09:38:02 | 000,850,183 | ---- | M] () -- C:\Aug2008_d3dx10_39_x86.cab [2008-10-27 09:38:18 | 001,795,100 | ---- | M] () -- C:\Aug2008_d3dx9_39_x64.cab [2008-10-27 09:38:14 | 001,465,688 | ---- | M] () -- C:\Aug2008_d3dx9_39_x86.cab [2008-10-27 09:37:40 | 000,122,840 | ---- | M] () -- C:\Aug2008_XACT_x64.cab [2008-10-27 09:38:02 | 000,094,028 | ---- | M] () -- C:\Aug2008_XACT_x86.cab [2008-10-27 09:37:58 | 000,272,384 | ---- | M] () -- C:\Aug2008_XAudio_x64.cab [2008-10-27 09:37:58 | 000,270,858 | ---- | M] () -- C:\Aug2008_XAudio_x86.cab [2007-08-28 12:15:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008-10-27 09:38:10 | 001,156,507 | ---- | M] () -- C:\BDANT.cab [2008-10-27 09:38:04 | 000,976,164 | ---- | M] () -- C:\BDAXP.cab [2007-08-28 12:06:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2008-11-11 14:22:57 | 000,000,074 | ---- | M] () -- C:\CMLoader.log [2007-08-28 12:15:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008-10-27 09:38:14 | 001,358,992 | ---- | M] () -- C:\Dec2005_d3dx9_28_x64.cab [2008-10-27 09:38:10 | 001,080,472 | ---- | M] () -- C:\Dec2005_d3dx9_28_x86.cab [2008-10-27 09:37:50 | 000,213,823 | ---- | M] () -- C:\DEC2006_d3dx10_00_x64.cab [2008-10-27 09:37:48 | 000,192,736 | ---- | M] () -- C:\DEC2006_d3dx10_00_x86.cab [2008-10-27 09:38:16 | 001,572,170 | ---- | M] () -- C:\DEC2006_d3dx9_32_x64.cab [2008-10-27 09:38:16 | 001,575,392 | ---- | M] () -- C:\DEC2006_d3dx9_32_x86.cab [2008-10-27 09:37:50 | 000,193,491 | ---- | M] () -- C:\DEC2006_XACT_x64.cab [2008-10-27 09:37:42 | 000,146,615 | ---- | M] () -- C:\DEC2006_XACT_x86.cab [2008-10-27 09:38:54 | 000,095,056 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll [2008-10-27 09:37:34 | 001,692,496 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll [2008-10-27 09:38:04 | 000,045,464 | ---- | M] () -- C:\dxdllreg_x86.cab [2008-10-27 09:38:20 | 013,265,184 | ---- | M] () -- C:\dxnt.cab [2008-10-27 09:36:58 | 000,526,160 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe [2008-10-27 09:38:04 | 000,096,053 | ---- | M] () -- C:\dxupdate.cab [2009-02-22 18:24:46 | 000,000,062 | ---- | M] () -- C:\error.txt [2008-10-27 09:38:10 | 001,248,515 | ---- | M] () -- C:\Feb2005_d3dx9_24_x64.cab [2008-10-27 09:38:08 | 001,014,241 | ---- | M] () -- C:\Feb2005_d3dx9_24_x86.cab [2008-10-27 09:38:14 | 001,363,812 | ---- | M] () -- C:\Feb2006_d3dx9_29_x64.cab [2008-10-27 09:38:08 | 001,085,736 | ---- | M] () -- C:\Feb2006_d3dx9_29_x86.cab [2008-10-27 09:37:46 | 000,179,375 | ---- | M] () -- C:\Feb2006_XACT_x64.cab [2008-10-27 09:37:40 | 000,133,425 | ---- | M] () -- C:\Feb2006_XACT_x86.cab [2008-10-27 09:37:48 | 000,195,691 | ---- | M] () -- C:\FEB2007_XACT_x64.cab [2008-10-27 09:37:42 | 000,148,999 | ---- | M] () -- C:\FEB2007_XACT_x86.cab [2010-03-18 16:19:02 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2007-08-28 12:15:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-12-30 19:15:22 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini [2008-10-27 09:38:10 | 001,337,018 | ---- | M] () -- C:\Jun2005_d3dx9_26_x64.cab [2008-10-27 09:38:08 | 001,065,941 | ---- | M] () -- C:\Jun2005_d3dx9_26_x86.cab [2008-10-27 09:37:46 | 000,181,801 | ---- | M] () -- C:\JUN2006_XACT_x64.cab [2008-10-27 09:37:40 | 000,134,687 | ---- | M] () -- C:\JUN2006_XACT_x86.cab [2008-10-27 09:38:00 | 000,700,060 | ---- | M] () -- C:\JUN2007_d3dx10_34_x64.cab [2008-10-27 09:37:58 | 000,699,488 | ---- | M] () -- C:\JUN2007_d3dx10_34_x86.cab [2008-10-27 09:38:16 | 001,608,790 | ---- | M] () -- C:\JUN2007_d3dx9_34_x64.cab [2008-10-27 09:38:16 | 001,608,302 | ---- | M] () -- C:\JUN2007_d3dx9_34_x86.cab [2008-10-27 09:37:50 | 000,198,138 | ---- | M] () -- C:\JUN2007_XACT_x64.cab [2008-10-27 09:37:44 | 000,153,925 | ---- | M] () -- C:\JUN2007_XACT_x86.cab [2008-10-27 09:38:04 | 000,868,844 | ---- | M] () -- C:\JUN2008_d3dx10_38_x64.cab [2008-10-27 09:38:04 | 000,850,935 | ---- | M] () -- C:\JUN2008_d3dx10_38_x86.cab [2008-10-27 09:38:18 | 001,793,624 | ---- | M] () -- C:\JUN2008_d3dx9_38_x64.cab [2008-10-27 09:38:14 | 001,464,894 | ---- | M] () -- C:\JUN2008_d3dx9_38_x86.cab [2008-10-27 09:38:02 | 000,056,170 | ---- | M] () -- C:\JUN2008_X3DAudio_x64.cab [2008-10-27 09:38:02 | 000,022,921 | ---- | M] () -- C:\JUN2008_X3DAudio_x86.cab [2008-10-27 09:37:40 | 000,122,070 | ---- | M] () -- C:\JUN2008_XACT_x64.cab [2008-10-27 09:38:04 | 000,094,144 | ---- | M] () -- C:\JUN2008_XACT_x86.cab [2008-10-27 09:37:58 | 000,270,644 | ---- | M] () -- C:\JUN2008_XAudio_x64.cab [2008-10-27 09:37:52 | 000,270,040 | ---- | M] () -- C:\JUN2008_XAudio_x86.cab [2007-10-04 17:32:32 | 000,038,912 | ---- | M] () -- C:\kons.1.doc [2008-10-27 09:38:02 | 000,845,900 | ---- | M] () -- C:\Mar2008_d3dx10_37_x64.cab [2008-10-27 09:38:02 | 000,819,276 | ---- | M] () -- C:\Mar2008_d3dx10_37_x86.cab [2008-10-27 09:38:18 | 001,770,878 | ---- | M] () -- C:\Mar2008_d3dx9_37_x64.cab [2008-10-27 09:38:12 | 001,444,298 | ---- | M] () -- C:\Mar2008_d3dx9_37_x86.cab [2008-10-27 09:38:02 | 000,056,074 | ---- | M] () -- C:\Mar2008_X3DAudio_x64.cab [2008-10-27 09:38:00 | 000,022,883 | ---- | M] () -- C:\Mar2008_X3DAudio_x86.cab [2008-10-27 09:37:40 | 000,123,352 | ---- | M] () -- C:\Mar2008_XACT_x64.cab [2008-10-27 09:38:08 | 000,094,750 | ---- | M] () -- C:\Mar2008_XACT_x86.cab [2008-10-27 09:37:52 | 000,252,210 | ---- | M] () -- C:\Mar2008_XAudio_x64.cab [2008-10-27 09:37:52 | 000,227,266 | ---- | M] () -- C:\Mar2008_XAudio_x86.cab [2007-08-28 12:15:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-10-27 09:38:04 | 000,865,616 | ---- | M] () -- C:\Nov2007_d3dx10_36_x64.cab [2008-10-27 09:38:00 | 000,804,900 | ---- | M] () -- C:\Nov2007_d3dx10_36_x86.cab [2008-10-27 09:38:20 | 001,803,074 | ---- | M] () -- C:\Nov2007_d3dx9_36_x64.cab [2008-10-27 09:38:18 | 001,710,376 | ---- | M] () -- C:\Nov2007_d3dx9_36_x86.cab [2008-10-27 09:38:02 | 000,047,160 | ---- | M] () -- C:\NOV2007_X3DAudio_x64.cab [2008-10-27 09:38:02 | 000,019,512 | ---- | M] () -- C:\NOV2007_X3DAudio_x86.cab [2008-10-27 09:37:48 | 000,197,778 | ---- | M] () -- C:\NOV2007_XACT_x64.cab [2008-10-27 09:37:42 | 000,149,280 | ---- | M] () -- C:\NOV2007_XACT_x86.cab [2008-10-27 09:38:08 | 000,995,154 | ---- | M] () -- C:\Nov2008_d3dx10_40_x64.cab [2008-10-27 09:38:04 | 000,966,445 | ---- | M] () -- C:\Nov2008_d3dx10_40_x86.cab [2008-10-27 09:38:20 | 001,907,944 | ---- | M] () -- C:\Nov2008_d3dx9_40_x64.cab [2008-10-27 09:38:14 | 001,551,228 | ---- | M] () -- C:\Nov2008_d3dx9_40_x86.cab [2008-10-27 09:38:04 | 000,055,538 | ---- | M] () -- C:\Nov2008_X3DAudio_x64.cab [2008-10-27 09:38:02 | 000,022,867 | ---- | M] () -- C:\Nov2008_X3DAudio_x86.cab [2008-10-27 09:38:08 | 000,122,810 | ---- | M] () -- C:\Nov2008_XACT_x64.cab [2008-10-27 09:38:02 | 000,093,700 | ---- | M] () -- C:\Nov2008_XACT_x86.cab [2008-10-27 09:37:54 | 000,274,976 | ---- | M] () -- C:\Nov2008_XAudio_x64.cab [2008-10-27 09:37:54 | 000,273,627 | ---- | M] () -- C:\Nov2008_XAudio_x86.cab [2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 21:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2008-10-27 09:38:02 | 000,087,053 | ---- | M] () -- C:\Oct2005_xinput_x64.cab [2008-10-27 09:38:02 | 000,046,375 | ---- | M] () -- C:\Oct2005_xinput_x86.cab [2008-10-27 09:38:14 | 001,413,918 | ---- | M] () -- C:\OCT2006_d3dx9_31_x64.cab [2008-10-27 09:38:10 | 001,128,233 | ---- | M] () -- C:\OCT2006_d3dx9_31_x86.cab [2008-10-27 09:37:48 | 000,183,377 | ---- | M] () -- C:\OCT2006_XACT_x64.cab [2008-10-27 09:37:42 | 000,139,033 | ---- | M] () -- C:\OCT2006_XACT_x86.cab [2009-08-30 16:58:46 | 000,002,236 | ---- | M] () -- C:\OLY2000.CFG [2010-03-18 16:18:53 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys [2007-08-28 12:44:59 | 000,000,090 | ---- | M] () -- C:\Setup.log [2009-08-03 18:09:37 | 000,000,002 | ---- | M] () -- C:\wersja.txt [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2006-08-23 10:01:26 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BD9F7E4E @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:067F588D @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:88698068 @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:17C48B08 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3D36932D @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:241FA548 @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A296A63F @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CEF2A14E @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4FE30352 @Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6283A8D3 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:62672BC8 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A56D6987 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EF5B3572 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD000392 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C5EC3CD @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:620EC79A @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3539CD43 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EC0A74A1 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9398DBB4 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:22313216 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C22674B6 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8BA6C9F8 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:39C7B7C6 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DE47A3DA @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B2735F9E @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:85C3B823 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6FE17A89 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EC2381A4 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90B52091 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:61F0C8FB @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FC4EA67C @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9ACB70D7 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8944C195 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:55E3C0E0 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FDDD8917 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D31BE97C @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7972CF54 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3E06C78F @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:561B1D2B @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FA42DF8E @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90D89144 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7A0EFE63 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:52641FBE @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:80B291A7 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:09064307 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:289041F7 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:40D8F125 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E32966C0 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0EB1DE @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A7DA2BCD @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2BC498A4 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0A73A758 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB16385F @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2E49D185 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:918B7566 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C6EBC69 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B812EE0 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D48500F8 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:43982D5E @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3313A48D < End of report > [/quote] [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:48:21, on 2010-03-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.krakow.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_pl;_rv:1.9.0.14)_Gecko/2009082707_Firefox/2.0.0.14;MEGAUPLOAD_1.0" -"http://www.intel.com/personal/computing/emea/pol/racing/index.html?iid=gg_about-PL+intel_aboutintel" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6377 bytes [/quote]
Psycholandia komentarz 18 marca 2010 komentarz 18 marca 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [quote]:Processes explorer.exe :OTL O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O2 - BHO: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll () O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll () O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found. O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found) O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.) O29 - HKLM SecurityProviders - (mcenspc.dll) - C:\WINDOWS\System32\mcenspc.dll () :Files C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat :Commands [emptytemp] [start explorer] [Reboot][/quote] Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń.
Atomic komentarz 20 marca 2010 Autor komentarz 20 marca 2010 Początek rozumiem ale to po co? Jest to potrzebne? [quote]Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń. [/quote]
Psycholandia komentarz 20 marca 2010 komentarz 20 marca 2010 Daj loga z Combofixa: http://www.forumpc.pl/index.php?showtopic=153621 a następnie ponownie z OTL.
Atomic komentarz 21 marca 2010 Autor komentarz 21 marca 2010 (edytowane) Kurczę no właśnie nic nie zrobiłem bo pierwszy raz spotykam się z takim sposobem i nagrywaniem czegoś na płytkę itp. Zawsze wklejałem coś do Combo i się kasowało. Nie ma innego sposobu? Samo to wklejenie do OTL wystarczy? [log]All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully. C:\Program Files\GamesBar\oberontb.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully. File C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found. File C:\Program Files\GamesBar\oberontb.dll not found. Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-5736-4205-0008-F7ED0776FB27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-5736-4205-0008-F7ED0776FB27}\ not found. Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. File C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully. Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcenspc.dll deleted successfully. C:\WINDOWS\system32\mcenspc.dll moved successfully. ========== FILES ========== C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: kate@max ->Temp folder emptied: 651375394 bytes ->Temporary Internet Files folder emptied: 694039807 bytes ->Java cache emptied: 10156376 bytes ->FireFox cache emptied: 72721203 bytes ->Flash cache emptied: 1943211 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 7029784 bytes %systemroot%\System32 .tmp files removed: 35364 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 718814 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 371,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03212010_203358 Files\Folders moved on Reboot... C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AX6B0TQZ\index[3].htm moved successfully. C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8HWF4ZWZ\minDrWebLiveCD-5.0.2[1].iso moved successfully. C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... [/log]
Psycholandia komentarz 21 marca 2010 komentarz 21 marca 2010 Bo to skaner , jeden z najlepszych, który doskonale usuwa wirusy, jeśli nie chcesz płyty na niego zużywać przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
Atomic komentarz 22 marca 2010 Autor komentarz 22 marca 2010 No przeskanowałem i dałem je do kasowania ale pisało że chyba nie wszystkie dało radę. Oto log : [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3510 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 8.0.6001.18702 2010-03-22 18:36:55 mbam-log-2010-03-22 (18-36-55).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 102035 Upłynęło: 25 minute(s), 27 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 1 Zainfekowane klucze rejestru: 22 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 6 Zainfekowane pliki: 16 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll,) Good: (msapsspc.dll, ,schannel.dll, ,digest.dll, ,msnsspc.dll, ,.dll) -> Quarantined and deleted successfully. Zainfekowane foldery: C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Zainfekowane pliki: C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\000347F5 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\001854FE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\002DA186.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\002DAB6B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\002DBF0E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\kate@max\results.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully. [/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.