x-kom hosting

Logi do Sprawdzenia . Wolniejszy komputer

Atomic
utworzono
utworzono (edytowane)

Witam. Coś ostatnio wolniej mi chodzi komputer oraz pojawia się ikonka że może być zagrożony

[quote]OTL logfile created on: 2010-03-18 18:06:08 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 52,00 Mb Available Physical Memory | 20,00% Memory free
618,00 Mb Paging File | 327,00 Mb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 1,38 Gb Free Space | 7,05% Space Free | Partition Type: NTFS
Drive D: | 17,73 Gb Total Space | 7,06 Gb Free Space | 39,82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NCK-F58A3EAC7B8
Current User Name: kate@max
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-03-18 18:03:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie\Custom ScansFixes.exe
PRC - [2010-03-11 15:10:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007-07-09 08:39:12 | 002,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-10-22 11:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006-08-23 08:08:54 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2006-08-23 08:02:58 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2005-01-28 00:36:00 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WdfMgr.exe
PRC - [2005-01-26 15:15:16 | 000,884,838 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2004-08-22 16:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004-08-03 23:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-03 23:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2004-08-03 23:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004-08-03 23:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-03 23:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004-08-03 23:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2004-08-03 23:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2004-08-03 23:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2002-07-12 15:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-03-18 18:03:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie\Custom ScansFixes.exe
MOD - [2008-02-20 07:53:12 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-02-16 10:32:35 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2007-12-04 19:42:02 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2007-10-25 17:44:11 | 008,488,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2007-07-09 14:11:53 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2007-04-16 17:11:16 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2007-03-08 16:51:57 | 000,579,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2006-08-25 16:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006-08-23 08:03:36 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004-08-03 23:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004-08-03 23:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004-08-03 23:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2004-08-03 23:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-03 23:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-03 23:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2004-08-03 23:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-03 23:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-03 23:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-03 23:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2004-08-03 23:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2004-08-03 23:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-03 23:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2004-08-03 23:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2004-08-03 23:42:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-12-03 15:22:56 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006-10-22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-08-23 10:01:30 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2006-08-23 10:01:28 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006-08-23 10:01:28 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-08-23 10:01:12 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2006-08-23 10:01:06 | 000,907,584 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2006-08-23 08:08:24 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006-08-23 08:08:22 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005-12-22 13:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2005-12-22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005-12-22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005-12-22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005-09-26 16:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2004-08-22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004-08-22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2003-07-24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002-07-16 09:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.krakow.pl/
IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "WWW.DZIENNIK.KRAKOW.PL"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-27 17:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-11 15:10:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-02-25 08:52:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010-02-25 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Extensions
[2010-02-25 08:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-03-17 19:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\extensions
[2008-04-23 16:28:58 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-04-05 16:27:23 | 000,001,360 | ---- | M] () -- C:\Documents and Settings\kate@max\Dane aplikacji\Mozilla\Firefox\Profiles\a97bye53.default\searchplugins\winampsearch.xml
[2010-03-17 19:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-07-03 11:51:00 | 000,630,784 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll
[2009-04-01 16:12:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2008-01-23 15:47:48 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
[2007-07-03 13:22:00 | 000,593,920 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll
[2007-07-03 13:20:00 | 000,557,056 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll
[2007-07-03 12:07:00 | 000,630,784 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll
[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-02-02 12:55:07 | 000,161,317 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 abcsearch.com
O1 - Hosts: 127.0.0.1 admin.abcsearch.com
O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 127.0.0.1 www.abcsearch.com
O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames]
O1 - Hosts: 127.0.0.1 www.actualnames.com
O1 - Hosts: 127.0.0.1 ad-up.com
O1 - Hosts: 127.0.0.1 www.ad-up.com
O1 - Hosts: 127.0.0.1 adatom.com
O1 - Hosts: 127.0.0.1 aesp.adatom.com
O1 - Hosts: 127.0.0.1 adbest.com
O1 - Hosts: 127.0.0.1 adserv.adbonus.com
O1 - Hosts: 127.0.0.1 www.adbonus.com
O1 - Hosts: 127.0.0.1 www.adblaster2.info #[Restricted Zone site]
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 www.adcept.net
O1 - Hosts: 127.0.0.1 adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcopy.info
O1 - Hosts: 127.0.0.1 ads.adcorps.com
O1 - Hosts: 4671 more lines...
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O2 - BHO: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll ()
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll ()
O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe File not found
O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab (GameDesire Pool 8)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (mcenspc.dll) - C:\WINDOWS\System32\mcenspc.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-08-28 12:15:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-08-28 12:14:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

File not found -- C:\Documents and Settings\kate@max\Pulpit\Rihanna Feat Justin Timberlake -- Rehab
[2010-03-18 17:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-03-11 15:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-02-25 09:34:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\IECompatCache
[2010-02-25 09:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\PrivacIE
[2010-02-25 09:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kate@max\IETldCache
[2010-02-25 09:22:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-02-25 09:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010-02-25 09:18:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-02-25 08:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kate@max\Moje dokumenty\Pobieranie
[2009-02-04 13:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2008-05-16 15:00:54 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008-05-16 15:00:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008-01-22 20:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-01-22 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-22 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-22 20:22:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2007-08-28 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

File not found -- C:\Documents and Settings\kate@max\Pulpit\Rihanna Feat Justin Timberlake -- Rehab
[2010-03-18 16:21:26 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-03-18 16:19:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-18 16:19:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-18 16:19:02 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-03-17 20:35:45 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\kate@max\NTUSER.DAT
[2010-03-17 20:35:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\kate@max\ntuser.ini
[2010-03-17 19:52:18 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\EVEREST Home Edition.lnk
[2010-03-17 17:38:52 | 000,000,564 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for kate@max.job
[2010-03-15 17:29:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-14 16:01:54 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skoki Narciarskie 2002.lnk
[2010-03-05 17:31:45 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\Pytania do siatkówki.(2).doc
[2010-02-25 09:23:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-25 08:53:34 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2010-02-25 08:52:43 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Thunderbird.lnk
[2010-02-24 14:10:05 | 006,390,582 | -H-- | M] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-20 18:24:54 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-20 15:37:02 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\FRIEND FOREVER - NEW TEAM PROJECT.doc
[2010-02-17 13:45:17 | 000,493,014 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\Teoria_Historia_Szkoły_Ewolucja_Prekursorzy.pdf
[2010-02-14 19:10:22 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\pyt2.doc
[2010-01-25 14:23:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\kate@max\Pulpit\IVQ.xls
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-17 19:52:18 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\EVEREST Home Edition.lnk
[2010-03-14 16:01:54 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skoki Narciarskie 2002.lnk
[2010-02-17 13:45:15 | 000,493,014 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\Teoria_Historia_Szkoły_Ewolucja_Prekursorzy.pdf
[2010-01-23 19:16:47 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\Pytania do siatkówki.(2).doc
[2010-01-22 13:55:50 | 000,644,608 | ---- | C] () -- C:\Documents and Settings\kate@max\Pulpit\FTP.exe
[2009-11-02 17:51:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-09-04 18:47:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-09-04 18:47:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-09-04 18:47:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-09-04 18:47:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2009-07-06 15:30:00 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-04-28 18:38:23 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat
[2009-04-26 10:53:48 | 000,000,731 | ---- | C] () -- C:\WINDOWS\mn02.ini
[2009-02-26 16:20:41 | 000,054,784 | -H-- | C] () -- C:\WINDOWS\System32\mcenspc.dll
[2008-09-20 18:14:38 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-20 18:14:38 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008-09-06 09:36:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\_pdfxp.dll
[2008-09-05 17:12:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008-09-05 17:12:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008-06-07 15:09:49 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008-05-18 16:02:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008-05-18 16:02:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008-05-18 16:02:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008-04-08 18:48:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2008-04-08 18:46:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008-02-16 17:03:22 | 000,000,913 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008-01-19 17:03:41 | 000,003,401 | ---- | C] () -- C:\WINDOWS\messer.ini
[2007-12-03 15:22:55 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-11-07 17:22:49 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007-11-07 17:22:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007-09-13 06:36:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007-08-29 11:27:22 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2007-08-29 11:21:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007-08-29 11:19:56 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2007-08-29 11:19:44 | 000,000,388 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007-08-28 16:50:19 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007-08-28 13:48:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-08-28 13:48:49 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\kate@max\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-08-28 12:41:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2007-08-28 12:34:24 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-05-08 14:36:59 | 000,001,601 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2006-10-22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-08-23 08:08:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006-08-21 23:35:54 | 000,000,085 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-02-24 06:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-02-24 06:32:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-02-24 06:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-02-24 06:32:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-02-24 06:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-02-24 06:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004-08-22 16:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2008-11-01 17:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2008-05-22 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Astar Games
[2008-01-22 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg7
[2007-11-29 19:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Christmasville
[2008-06-07 15:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Flood Light Games
[2010-02-25 09:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GamesBar
[2008-05-01 15:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gogii
[2007-12-30 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\HiddenSecretsNightmare
[2008-09-17 17:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iWin Games
[2008-03-19 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\JollyBear
[2008-02-02 12:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
[2009-08-11 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Little Games Company
[2008-03-05 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MonteCristo
[2008-10-16 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo
[2008-09-18 16:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MysteryChronicles
[2009-07-02 15:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2009-01-01 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayPond
[2009-04-05 17:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PoBros
[2009-01-09 19:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Redrum
[2008-08-12 18:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Slapdash Games
[2008-08-15 17:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpinTop Games
[2009-09-12 14:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2008-08-17 17:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TheRace_dev
[2007-10-12 13:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Abra Academy2
[2008-09-25 18:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\AgerWebEdytor
[2008-11-16 18:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Artogon
[2008-01-22 20:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\AVG7
[2007-12-15 20:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Big Fish Games
[2008-05-17 16:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\BitSpirit
[2008-12-11 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\cerasus.media
[2008-11-09 19:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Cream Software
[2008-06-07 15:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Flood Light Games
[2008-03-14 16:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\fltk.org
[2007-09-14 16:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\ForgottenRiddles
[2008-03-23 19:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Friday's games
[2007-08-28 13:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Gadu-Gadu
[2010-03-10 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\GanymedeNet
[2009-09-05 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Gold Casual Games
[2008-11-14 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Hide IP NG
[2009-01-27 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Island
[2008-09-12 13:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\ITTNord
[2008-09-06 15:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\iWinArcade
[2009-01-27 13:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Jetsetter
[2008-11-01 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\JoyBits
[2008-11-21 21:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Leadertech
[2007-10-17 16:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Legends of pirates
[2009-08-11 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Little Games Company
[2008-04-18 18:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Moyea
[2008-05-16 19:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\MSPWNOUP2006
[2008-05-21 15:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\MysteryStudio
[2008-06-06 14:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Opera
[2008-12-12 15:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\PlayFirst
[2009-04-05 17:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\PoBros
[2008-08-27 19:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Righteous Kill
[2010-02-25 17:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Samsung
[2009-03-23 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\SerpentOfIsis
[2007-10-19 19:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Shareaza
[2008-09-06 09:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Softplicity
[2008-12-11 18:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Sports Interactive
[2008-04-08 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\SprillBermudeEng
[2010-02-25 08:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\Thunderbird
[2008-08-16 18:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kate@max\Dane aplikacji\TMInc
[2007-08-28 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2008-10-27 09:38:10 | 001,348,370 | ---- | M] () -- C:\Apr2005_d3dx9_25_x64.cab
[2008-10-27 09:38:08 | 001,079,978 | ---- | M] () -- C:\Apr2005_d3dx9_25_x86.cab
[2008-10-27 09:38:12 | 001,398,846 | ---- | M] () -- C:\Apr2006_d3dx9_30_x64.cab
[2008-10-27 09:38:10 | 001,116,237 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2008-10-27 09:38:04 | 000,917,446 | ---- | M] () -- C:\Apr2006_MDX1_x86.cab
[2008-10-27 09:38:20 | 004,163,646 | ---- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab
[2008-10-27 09:37:46 | 000,180,149 | ---- | M] () -- C:\Apr2006_XACT_x64.cab
[2008-10-27 09:37:38 | 000,134,119 | ---- | M] () -- C:\Apr2006_XACT_x86.cab
[2008-10-27 09:38:02 | 000,088,117 | ---- | M] () -- C:\Apr2006_xinput_x64.cab
[2008-10-27 09:38:00 | 000,047,026 | ---- | M] () -- C:\Apr2006_xinput_x86.cab
[2008-10-27 09:38:00 | 000,699,628 | ---- | M] () -- C:\APR2007_d3dx10_33_x64.cab
[2008-10-27 09:37:58 | 000,696,881 | ---- | M] () -- C:\APR2007_d3dx10_33_x86.cab
[2008-10-27 09:38:18 | 001,608,374 | ---- | M] () -- C:\APR2007_d3dx9_33_x64.cab
[2008-10-27 09:38:16 | 001,607,055 | ---- | M] () -- C:\APR2007_d3dx9_33_x86.cab
[2008-10-27 09:37:48 | 000,196,782 | ---- | M] () -- C:\APR2007_XACT_x64.cab
[2008-10-27 09:37:44 | 000,152,241 | ---- | M] () -- C:\APR2007_XACT_x86.cab
[2008-10-27 09:38:08 | 000,097,833 | ---- | M] () -- C:\APR2007_xinput_x64.cab
[2008-10-27 09:38:02 | 000,054,318 | ---- | M] () -- C:\APR2007_xinput_x86.cab
[2008-10-27 09:38:12 | 001,351,558 | ---- | M] () -- C:\Aug2005_d3dx9_27_x64.cab
[2008-10-27 09:38:08 | 001,078,660 | ---- | M] () -- C:\Aug2005_d3dx9_27_x86.cab
[2008-10-27 09:37:48 | 000,183,919 | ---- | M] () -- C:\AUG2006_XACT_x64.cab
[2008-10-27 09:37:42 | 000,138,251 | ---- | M] () -- C:\AUG2006_XACT_x86.cab
[2008-10-27 09:38:02 | 000,088,158 | ---- | M] () -- C:\AUG2006_xinput_x64.cab
[2008-10-27 09:38:02 | 000,047,074 | ---- | M] () -- C:\AUG2006_xinput_x86.cab
[2008-10-27 09:38:04 | 000,853,302 | ---- | M] () -- C:\AUG2007_d3dx10_35_x64.cab
[2008-10-27 09:38:00 | 000,797,883 | ---- | M] () -- C:\AUG2007_d3dx10_35_x86.cab
[2008-10-27 09:38:18 | 001,801,176 | ---- | M] () -- C:\AUG2007_d3dx9_35_x64.cab
[2008-10-27 09:38:18 | 001,709,168 | ---- | M] () -- C:\AUG2007_d3dx9_35_x86.cab
[2008-10-27 09:37:52 | 000,199,112 | ---- | M] () -- C:\AUG2007_XACT_x64.cab
[2008-10-27 09:37:46 | 000,154,028 | ---- | M] () -- C:\AUG2007_XACT_x86.cab
[2008-10-27 09:38:04 | 000,868,628 | ---- | M] () -- C:\Aug2008_d3dx10_39_x64.cab
[2008-10-27 09:38:02 | 000,850,183 | ---- | M] () -- C:\Aug2008_d3dx10_39_x86.cab
[2008-10-27 09:38:18 | 001,795,100 | ---- | M] () -- C:\Aug2008_d3dx9_39_x64.cab
[2008-10-27 09:38:14 | 001,465,688 | ---- | M] () -- C:\Aug2008_d3dx9_39_x86.cab
[2008-10-27 09:37:40 | 000,122,840 | ---- | M] () -- C:\Aug2008_XACT_x64.cab
[2008-10-27 09:38:02 | 000,094,028 | ---- | M] () -- C:\Aug2008_XACT_x86.cab
[2008-10-27 09:37:58 | 000,272,384 | ---- | M] () -- C:\Aug2008_XAudio_x64.cab
[2008-10-27 09:37:58 | 000,270,858 | ---- | M] () -- C:\Aug2008_XAudio_x86.cab
[2007-08-28 12:15:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-10-27 09:38:10 | 001,156,507 | ---- | M] () -- C:\BDANT.cab
[2008-10-27 09:38:04 | 000,976,164 | ---- | M] () -- C:\BDAXP.cab
[2007-08-28 12:06:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-11-11 14:22:57 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2007-08-28 12:15:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-10-27 09:38:14 | 001,358,992 | ---- | M] () -- C:\Dec2005_d3dx9_28_x64.cab
[2008-10-27 09:38:10 | 001,080,472 | ---- | M] () -- C:\Dec2005_d3dx9_28_x86.cab
[2008-10-27 09:37:50 | 000,213,823 | ---- | M] () -- C:\DEC2006_d3dx10_00_x64.cab
[2008-10-27 09:37:48 | 000,192,736 | ---- | M] () -- C:\DEC2006_d3dx10_00_x86.cab
[2008-10-27 09:38:16 | 001,572,170 | ---- | M] () -- C:\DEC2006_d3dx9_32_x64.cab
[2008-10-27 09:38:16 | 001,575,392 | ---- | M] () -- C:\DEC2006_d3dx9_32_x86.cab
[2008-10-27 09:37:50 | 000,193,491 | ---- | M] () -- C:\DEC2006_XACT_x64.cab
[2008-10-27 09:37:42 | 000,146,615 | ---- | M] () -- C:\DEC2006_XACT_x86.cab
[2008-10-27 09:38:54 | 000,095,056 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2008-10-27 09:37:34 | 001,692,496 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2008-10-27 09:38:04 | 000,045,464 | ---- | M] () -- C:\dxdllreg_x86.cab
[2008-10-27 09:38:20 | 013,265,184 | ---- | M] () -- C:\dxnt.cab
[2008-10-27 09:36:58 | 000,526,160 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2008-10-27 09:38:04 | 000,096,053 | ---- | M] () -- C:\dxupdate.cab
[2009-02-22 18:24:46 | 000,000,062 | ---- | M] () -- C:\error.txt
[2008-10-27 09:38:10 | 001,248,515 | ---- | M] () -- C:\Feb2005_d3dx9_24_x64.cab
[2008-10-27 09:38:08 | 001,014,241 | ---- | M] () -- C:\Feb2005_d3dx9_24_x86.cab
[2008-10-27 09:38:14 | 001,363,812 | ---- | M] () -- C:\Feb2006_d3dx9_29_x64.cab
[2008-10-27 09:38:08 | 001,085,736 | ---- | M] () -- C:\Feb2006_d3dx9_29_x86.cab
[2008-10-27 09:37:46 | 000,179,375 | ---- | M] () -- C:\Feb2006_XACT_x64.cab
[2008-10-27 09:37:40 | 000,133,425 | ---- | M] () -- C:\Feb2006_XACT_x86.cab
[2008-10-27 09:37:48 | 000,195,691 | ---- | M] () -- C:\FEB2007_XACT_x64.cab
[2008-10-27 09:37:42 | 000,148,999 | ---- | M] () -- C:\FEB2007_XACT_x86.cab
[2010-03-18 16:19:02 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2007-08-28 12:15:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007-12-30 19:15:22 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2008-10-27 09:38:10 | 001,337,018 | ---- | M] () -- C:\Jun2005_d3dx9_26_x64.cab
[2008-10-27 09:38:08 | 001,065,941 | ---- | M] () -- C:\Jun2005_d3dx9_26_x86.cab
[2008-10-27 09:37:46 | 000,181,801 | ---- | M] () -- C:\JUN2006_XACT_x64.cab
[2008-10-27 09:37:40 | 000,134,687 | ---- | M] () -- C:\JUN2006_XACT_x86.cab
[2008-10-27 09:38:00 | 000,700,060 | ---- | M] () -- C:\JUN2007_d3dx10_34_x64.cab
[2008-10-27 09:37:58 | 000,699,488 | ---- | M] () -- C:\JUN2007_d3dx10_34_x86.cab
[2008-10-27 09:38:16 | 001,608,790 | ---- | M] () -- C:\JUN2007_d3dx9_34_x64.cab
[2008-10-27 09:38:16 | 001,608,302 | ---- | M] () -- C:\JUN2007_d3dx9_34_x86.cab
[2008-10-27 09:37:50 | 000,198,138 | ---- | M] () -- C:\JUN2007_XACT_x64.cab
[2008-10-27 09:37:44 | 000,153,925 | ---- | M] () -- C:\JUN2007_XACT_x86.cab
[2008-10-27 09:38:04 | 000,868,844 | ---- | M] () -- C:\JUN2008_d3dx10_38_x64.cab
[2008-10-27 09:38:04 | 000,850,935 | ---- | M] () -- C:\JUN2008_d3dx10_38_x86.cab
[2008-10-27 09:38:18 | 001,793,624 | ---- | M] () -- C:\JUN2008_d3dx9_38_x64.cab
[2008-10-27 09:38:14 | 001,464,894 | ---- | M] () -- C:\JUN2008_d3dx9_38_x86.cab
[2008-10-27 09:38:02 | 000,056,170 | ---- | M] () -- C:\JUN2008_X3DAudio_x64.cab
[2008-10-27 09:38:02 | 000,022,921 | ---- | M] () -- C:\JUN2008_X3DAudio_x86.cab
[2008-10-27 09:37:40 | 000,122,070 | ---- | M] () -- C:\JUN2008_XACT_x64.cab
[2008-10-27 09:38:04 | 000,094,144 | ---- | M] () -- C:\JUN2008_XACT_x86.cab
[2008-10-27 09:37:58 | 000,270,644 | ---- | M] () -- C:\JUN2008_XAudio_x64.cab
[2008-10-27 09:37:52 | 000,270,040 | ---- | M] () -- C:\JUN2008_XAudio_x86.cab
[2007-10-04 17:32:32 | 000,038,912 | ---- | M] () -- C:\kons.1.doc
[2008-10-27 09:38:02 | 000,845,900 | ---- | M] () -- C:\Mar2008_d3dx10_37_x64.cab
[2008-10-27 09:38:02 | 000,819,276 | ---- | M] () -- C:\Mar2008_d3dx10_37_x86.cab
[2008-10-27 09:38:18 | 001,770,878 | ---- | M] () -- C:\Mar2008_d3dx9_37_x64.cab
[2008-10-27 09:38:12 | 001,444,298 | ---- | M] () -- C:\Mar2008_d3dx9_37_x86.cab
[2008-10-27 09:38:02 | 000,056,074 | ---- | M] () -- C:\Mar2008_X3DAudio_x64.cab
[2008-10-27 09:38:00 | 000,022,883 | ---- | M] () -- C:\Mar2008_X3DAudio_x86.cab
[2008-10-27 09:37:40 | 000,123,352 | ---- | M] () -- C:\Mar2008_XACT_x64.cab
[2008-10-27 09:38:08 | 000,094,750 | ---- | M] () -- C:\Mar2008_XACT_x86.cab
[2008-10-27 09:37:52 | 000,252,210 | ---- | M] () -- C:\Mar2008_XAudio_x64.cab
[2008-10-27 09:37:52 | 000,227,266 | ---- | M] () -- C:\Mar2008_XAudio_x86.cab
[2007-08-28 12:15:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-10-27 09:38:04 | 000,865,616 | ---- | M] () -- C:\Nov2007_d3dx10_36_x64.cab
[2008-10-27 09:38:00 | 000,804,900 | ---- | M] () -- C:\Nov2007_d3dx10_36_x86.cab
[2008-10-27 09:38:20 | 001,803,074 | ---- | M] () -- C:\Nov2007_d3dx9_36_x64.cab
[2008-10-27 09:38:18 | 001,710,376 | ---- | M] () -- C:\Nov2007_d3dx9_36_x86.cab
[2008-10-27 09:38:02 | 000,047,160 | ---- | M] () -- C:\NOV2007_X3DAudio_x64.cab
[2008-10-27 09:38:02 | 000,019,512 | ---- | M] () -- C:\NOV2007_X3DAudio_x86.cab
[2008-10-27 09:37:48 | 000,197,778 | ---- | M] () -- C:\NOV2007_XACT_x64.cab
[2008-10-27 09:37:42 | 000,149,280 | ---- | M] () -- C:\NOV2007_XACT_x86.cab
[2008-10-27 09:38:08 | 000,995,154 | ---- | M] () -- C:\Nov2008_d3dx10_40_x64.cab
[2008-10-27 09:38:04 | 000,966,445 | ---- | M] () -- C:\Nov2008_d3dx10_40_x86.cab
[2008-10-27 09:38:20 | 001,907,944 | ---- | M] () -- C:\Nov2008_d3dx9_40_x64.cab
[2008-10-27 09:38:14 | 001,551,228 | ---- | M] () -- C:\Nov2008_d3dx9_40_x86.cab
[2008-10-27 09:38:04 | 000,055,538 | ---- | M] () -- C:\Nov2008_X3DAudio_x64.cab
[2008-10-27 09:38:02 | 000,022,867 | ---- | M] () -- C:\Nov2008_X3DAudio_x86.cab
[2008-10-27 09:38:08 | 000,122,810 | ---- | M] () -- C:\Nov2008_XACT_x64.cab
[2008-10-27 09:38:02 | 000,093,700 | ---- | M] () -- C:\Nov2008_XACT_x86.cab
[2008-10-27 09:37:54 | 000,274,976 | ---- | M] () -- C:\Nov2008_XAudio_x64.cab
[2008-10-27 09:37:54 | 000,273,627 | ---- | M] () -- C:\Nov2008_XAudio_x86.cab
[2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2008-10-27 09:38:02 | 000,087,053 | ---- | M] () -- C:\Oct2005_xinput_x64.cab
[2008-10-27 09:38:02 | 000,046,375 | ---- | M] () -- C:\Oct2005_xinput_x86.cab
[2008-10-27 09:38:14 | 001,413,918 | ---- | M] () -- C:\OCT2006_d3dx9_31_x64.cab
[2008-10-27 09:38:10 | 001,128,233 | ---- | M] () -- C:\OCT2006_d3dx9_31_x86.cab
[2008-10-27 09:37:48 | 000,183,377 | ---- | M] () -- C:\OCT2006_XACT_x64.cab
[2008-10-27 09:37:42 | 000,139,033 | ---- | M] () -- C:\OCT2006_XACT_x86.cab
[2009-08-30 16:58:46 | 000,002,236 | ---- | M] () -- C:\OLY2000.CFG
[2010-03-18 16:18:53 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2007-08-28 12:44:59 | 000,000,090 | ---- | M] () -- C:\Setup.log
[2009-08-03 18:09:37 | 000,000,002 | ---- | M] () -- C:\wersja.txt


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006-08-23 10:01:26 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-08-23 08:18:54 | 016,728,779 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:BD9F7E4E
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:067F588D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:88698068
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3D36932D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:241FA548
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A296A63F
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CEF2A14E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4FE30352
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6283A8D3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:62672BC8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A56D6987
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EF5B3572
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FD000392
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C5EC3CD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3539CD43
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EC0A74A1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9398DBB4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:22313216
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C22674B6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8BA6C9F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:39C7B7C6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DE47A3DA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B2735F9E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:85C3B823
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6FE17A89
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EC2381A4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90B52091
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:61F0C8FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FC4EA67C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9ACB70D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8944C195
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:55E3C0E0
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FDDD8917
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D31BE97C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7972CF54
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3E06C78F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:561B1D2B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FA42DF8E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7A0EFE63
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:52641FBE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:80B291A7
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:09064307
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:289041F7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:40D8F125
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E32966C0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0EB1DE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A7DA2BCD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2BC498A4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0A73A758
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB16385F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2E49D185
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:918B7566
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:5C6EBC69
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B812EE0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D48500F8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:43982D5E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3313A48D
< End of report >
[/quote]

[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:21, on 2010-03-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dziennik.krakow.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_pl;_rv:1.9.0.14)_Gecko/2009082707_Firefox/2.0.0.14;MEGAUPLOAD_1.0" -"http://www.intel.com/personal/computing/emea/pol/racing/index.html?iid=gg_about-PL+intel_aboutintel"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6377 bytes
[/quote]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[quote]:Processes
explorer.exe

:OTL
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O2 - BHO: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll ()
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll ()
O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKU\S-1-5-21-1177238915-746137067-1060284298-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O29 - HKLM SecurityProviders - (mcenspc.dll) - C:\WINDOWS\System32\mcenspc.dll ()

:Files
C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat

:Commands
[emptytemp]
[start explorer]
[Reboot][/quote]

Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń.

Atomic
komentarz
komentarz

Początek rozumiem ale to po co? Jest to potrzebne?


[quote]Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń. [/quote]

Psycholandia
komentarz
komentarz

Daj loga z Combofixa: http://www.forumpc.pl/index.php?showtopic=153621 a następnie ponownie z OTL.

Atomic
komentarz
komentarz (edytowane)

Kurczę no właśnie nic nie zrobiłem bo pierwszy raz spotykam się z takim sposobem i nagrywaniem czegoś na płytkę itp. Zawsze wklejałem coś do Combo i się kasowało. Nie ma innego sposobu? Samo to wklejenie do OTL wystarczy?

[log]All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
C:\Program Files\GamesBar\oberontb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully.
File C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found.
File C:\Program Files\GamesBar\oberontb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-5736-4205-0008-F7ED0776FB27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-5736-4205-0008-F7ED0776FB27}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found.
File C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1177238915-746137067-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcenspc.dll deleted successfully.
C:\WINDOWS\system32\mcenspc.dll moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\sysqcl1129139270.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: kate@max
->Temp folder emptied: 651375394 bytes
->Temporary Internet Files folder emptied: 694039807 bytes
->Java cache emptied: 10156376 bytes
->FireFox cache emptied: 72721203 bytes
->Flash cache emptied: 1943211 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7029784 bytes
%systemroot%\System32 .tmp files removed: 35364 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 718814 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 371,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03212010_203358

Files\Folders moved on Reboot...
C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AX6B0TQZ\index[3].htm moved successfully.
C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8HWF4ZWZ\minDrWebLiveCD-5.0.2[1].iso moved successfully.
C:\Documents and Settings\kate@max\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
[/log]

Psycholandia
komentarz
komentarz

Bo to skaner , jeden z najlepszych, który doskonale usuwa wirusy, jeśli nie chcesz płyty na niego zużywać przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Atomic
komentarz
komentarz

No przeskanowałem i dałem je do kasowania ale pisało że chyba nie wszystkie dało radę. Oto log :
[log]Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3510
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 8.0.6001.18702

2010-03-22 18:36:55
mbam-log-2010-03-22 (18-36-55).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 102035
Upłynęło: 25 minute(s), 27 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 1
Zainfekowane klucze rejestru: 22
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 6
Zainfekowane pliki: 16

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll,) Good: (msapsspc.dll, ,schannel.dll, ,digest.dll, ,msnsspc.dll, ,.dll) -> Quarantined and deleted successfully.

Zainfekowane foldery:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane pliki:
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\000347F5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\001854FE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\002DA186.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\002DAB6B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\002DBF0E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kate@max\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.
[/log]

Psycholandia
komentarz
komentarz

Uruchom OTL i klik na CleanUP. Czysto.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.