kryssttus utworzono 19 marca 2010 utworzono 19 marca 2010 Witam serdecznie mam ogromny problem , a mianowicie ciągle ma problem svchost.exe non stop na 50% . Już raz ten temat poruszałem na forum http://www.forumpc.pl/index.php?showtopic=153517 i Andziorka wyleczyłam mój komputer chwała jej za to . Ale infekcja wrócił nie wiem czemu. problem był dość dziwny gdyż załadował mi się jakiś program TOOL XP SERVICE czy coś wszystko mi po blokował od Antyvirusa po internet, sam się ładował i skanował komputer wykazując 33pliki zarażone i powstawał problem . Nic po tym nie dało się zrobić a program namawiał do zakupu pełnej wersji ????. A po wyłączeniu komputera nie dało się go włączyć nawet w trybie awaryjnim mi go wywalało , dopiero za entym razem odpali się w trybie awaryjny dalej ładwał ten program TOOL XP SERVICE co wszystko blokował. Wykonałem szybko skan w combofix znalaz jakieś infekcje i je naprawił programy już niema lecz svchost.exe DALEJ CHODZI NA 50% . ZA WSZELKĄ POMOC DZIĘKUJE P.S dołączam scan z OTL [log]OTL logfile created on: 2010-03-19 18:04:53 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\User\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 42,50 Gb Free Space | 72,53% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 58,59 Gb Total Space | 26,73 Gb Free Space | 45,62% Space Free | Partition Type: NTFS Drive F: | 58,59 Gb Total Space | 38,43 Gb Free Space | 65,59% Space Free | Partition Type: NTFS Drive G: | 57,09 Gb Total Space | 56,96 Gb Free Space | 99,76% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: A-C2ED68E935FE4 Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe PRC - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-02-19 12:03:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe PRC - [2009-03-27 12:22:08 | 017,567,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-02-06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 01:12:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2008-04-14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 01:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008-04-14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 01:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe PRC - [2008-04-14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 01:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-07-23 03:34:17 | 000,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007-06-26 22:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe PRC - [2005-10-11 16:40:32 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe PRC - [2005-08-05 21:56:34 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005-08-05 21:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe PRC - [2005-08-05 21:56:28 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2005-08-05 21:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe MOD - [2009-12-08 10:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 13:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 13:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 13:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 01:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-14 01:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 01:12:09 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 01:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 01:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 01:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 01:12:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 01:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 01:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 01:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 01:12:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 01:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 01:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 01:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 01:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 01:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 01:10:06 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (G Data Tuner Service) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-12-11 20:44:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-04-23 20:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-03-30 18:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-04-13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer) DRV - [2008-04-13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-23 03:34:17 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007-03-16 18:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbpanel.sys -- (Cardex) DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2004-08-14 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-27 15:58:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 12:04:00 | 000,000,000 | ---D | M] [2008-09-19 01:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions [2010-03-19 18:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions [2010-02-13 11:07:25 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2009-08-09 21:35:33 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-10-12 09:21:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-11 20:17:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-08-11 21:22:00 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2010-03-11 20:14:07 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010-03-11 20:14:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009-10-13 21:17:40 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010-01-05 22:55:58 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010-01-07 22:52:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008-09-22 03:20:51 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\FireFox\Profiles\92uf21bd.default\searchplugins\winamp-search.xml [2010-03-19 18:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-23 15:10:12 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-23 15:10:12 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-23 15:10:12 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-23 15:10:12 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-23 15:10:12 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-23 15:10:12 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-19 12:44:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe (http://www.emule-project.net) O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\monnwb32.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\MessengerOFF\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\MessengerOFF\msmsgs.exe (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222029725703 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254919596421 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.66.73.2 195.66.73.11 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-19 01:04:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-09-18 17:41:13 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - E:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: ip6fw.sys - Driver SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpwd.sys - Driver SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: tdpipe.sys - Driver SafeBootNet: tdtcp.sys - Driver SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-03-19 18:01:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2010-03-19 12:43:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-03-19 12:36:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-03-19 12:36:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-03-19 12:36:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-03-19 12:36:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-03-19 12:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-03-19 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010-03-15 21:05:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010-03-14 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes [2010-03-14 12:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-14 12:33:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-14 12:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010-03-13 17:06:45 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-03-13 16:59:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-03-13 08:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2010-03-12 23:23:34 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-03-12 23:23:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-03-12 23:23:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-03-12 23:23:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-03-12 23:23:31 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-03-12 23:23:31 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-03-12 23:23:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-03-12 23:23:23 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-03-12 23:23:23 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-03-12 22:42:06 | 000,022,528 | ---- | C] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2010-03-12 22:42:00 | 000,027,720 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2010-03-12 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA [2010-03-12 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\G Data [2010-03-12 22:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA [2010-03-12 16:40:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-03-11 21:50:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010-03-11 20:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010-03-11 16:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010-02-08 21:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\FullTiltPoker [2010-02-02 21:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AdobeUM [2010-01-31 20:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Canneverbe Limited [2010-01-27 22:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited [2010-01-27 22:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010-01-18 19:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\FFOutput [2010-01-06 22:23:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010-01-06 22:23:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010-01-06 22:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009-12-03 14:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2009-11-17 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2009-06-17 20:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Ashampoo Antivirus [2009-05-16 11:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure [2009-04-25 11:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009-04-24 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009-04-19 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-03-19 18:06:33 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2010-03-19 17:50:31 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT [2010-03-19 17:46:48 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-19 17:46:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-19 17:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-19 12:45:35 | 000,000,827 | ---- | M] () -- C:\WINDOWS\system.ini [2010-03-19 12:44:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-03-19 12:44:39 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-19 12:30:55 | 000,009,364 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\635429532 [2010-03-19 12:30:31 | 000,009,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3696930130 [2010-03-19 12:29:10 | 000,010,256 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hfJ5Mio0m8B0g [2010-03-19 12:14:53 | 000,203,264 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\1191510367.dll [2010-03-19 12:00:32 | 000,013,210 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\qGPvEh [2010-03-19 12:00:32 | 000,013,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qGPvEh [2010-03-18 23:16:29 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-17 14:45:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini [2010-03-16 23:15:51 | 000,018,840 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010-03-16 23:15:41 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Application Data\avdrn.dat [2010-03-16 11:30:34 | 000,010,714 | ---- | M] () -- C:\Documents and Settings\User\Desktop\wiesia C.V.odt [2010-03-16 11:27:18 | 000,010,805 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dorota C.V.!!!!.odt [2010-03-16 11:26:17 | 000,083,385 | ---- | M] () -- C:\Documents and Settings\User\Desktop\JAGA CV 2!!!!!!!.odt [2010-03-15 23:18:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-03-15 21:04:48 | 000,000,990 | RHS- | M] () -- C:\Documents and Settings\User\ntuser.pol [2010-03-14 16:05:43 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-14 12:34:02 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-03-13 17:38:57 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-13 17:28:43 | 003,414,528 | ---- | M] (Karol Winnicki) -- C:\Documents and Settings\User\Desktop\BESTplayer.exe [2010-03-13 17:06:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini [2010-03-13 09:08:31 | 004,253,470 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db [2010-03-12 23:23:34 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2010-03-12 23:23:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-03-12 22:56:26 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys [2010-03-12 22:43:55 | 000,053,320 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys [2010-03-12 22:42:06 | 000,022,528 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys [2010-03-12 22:42:05 | 000,051,784 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2010-03-12 22:42:00 | 000,027,720 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys [2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010-03-12 17:09:42 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini [2010-03-12 17:09:42 | 000,000,209 | ---- | M] () -- C:\Boot.bak [2010-03-12 08:31:15 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\User\Application Data\rbuwzv.dat [2010-03-09 12:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-03-09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-03-09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-03-04 20:02:00 | 000,001,855 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-27 18:28:17 | 000,107,711 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy1.skp [2010-02-27 17:53:06 | 000,092,095 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy1.skb [2010-02-24 23:14:01 | 000,032,251 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy 1.skp [2010-02-24 19:06:49 | 000,028,260 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Autozapis_Bez tytułu.skp [2010-02-24 19:00:54 | 009,606,379 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nasz dom.skp [2010-02-24 17:41:21 | 009,596,459 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nasz dom.skb [2010-02-20 12:16:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp.lnk [2010-02-15 12:11:36 | 000,013,710 | ---- | M] () -- C:\Documents and Settings\User\My Documents\jankowice.odt [2010-02-15 12:11:03 | 000,013,702 | ---- | M] () -- C:\Documents and Settings\User\My Documents\marcel.odt [2010-02-15 12:10:03 | 000,013,756 | ---- | M] () -- C:\Documents and Settings\User\My Documents\podanie. Krystian Kijewski 1.odt [2010-02-08 15:11:04 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010-01-24 16:10:55 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2010-01-18 19:46:21 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Format Factory.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-19 12:36:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-03-19 12:36:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-03-19 12:36:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-03-19 12:28:41 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\635429532 [2010-03-19 12:27:34 | 000,009,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3696930130 [2010-03-19 12:27:18 | 000,010,256 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hfJ5Mio0m8B0g [2010-03-19 12:27:18 | 000,010,256 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hfJ5Mio0m8B0g [2010-03-18 23:18:05 | 000,203,264 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\1191510367.dll [2010-03-17 13:47:59 | 000,013,210 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\qGPvEh [2010-03-16 23:15:49 | 000,013,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qGPvEh [2010-03-16 23:15:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\avdrn.dat [2010-03-16 11:30:33 | 000,010,714 | ---- | C] () -- C:\Documents and Settings\User\Desktop\wiesia C.V.odt [2010-03-16 11:27:18 | 000,010,805 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dorota C.V.!!!!.odt [2010-03-16 11:26:16 | 000,083,385 | ---- | C] () -- C:\Documents and Settings\User\Desktop\JAGA CV 2!!!!!!!.odt [2010-03-14 12:34:02 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-03-13 17:06:48 | 000,000,209 | ---- | C] () -- C:\Boot.bak [2010-03-13 17:06:46 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-03-13 16:59:56 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-03-13 16:59:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-03-12 23:26:46 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat [2010-03-12 23:23:34 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2010-03-12 22:45:13 | 000,002,626 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak [2010-03-12 22:45:13 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak [2010-03-12 22:45:13 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hosts.bak [2010-03-12 17:34:10 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat [2010-03-12 08:31:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\rbuwzv.dat [2010-02-25 23:44:51 | 000,092,095 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy1.skb [2010-02-25 01:32:30 | 000,107,711 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy1.skp [2010-02-24 23:14:01 | 000,032,251 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy 1.skp [2010-02-24 19:06:49 | 000,028,260 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Autozapis_Bez tytułu.skp [2010-02-20 16:44:31 | 009,596,459 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nasz dom.skb [2010-02-20 15:32:58 | 009,606,379 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nasz dom.skp [2010-02-20 12:16:35 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp.lnk [2010-02-16 12:03:37 | 000,013,702 | ---- | C] () -- C:\Documents and Settings\User\My Documents\marcel.odt [2010-02-16 12:03:32 | 000,013,710 | ---- | C] () -- C:\Documents and Settings\User\My Documents\jankowice.odt [2010-02-16 12:03:23 | 000,013,756 | ---- | C] () -- C:\Documents and Settings\User\My Documents\podanie. Krystian Kijewski 1.odt [2010-02-12 09:31:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\sgcpom.dat [2010-02-10 12:09:39 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat [2010-02-10 10:24:19 | 000,001,855 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-02-08 15:11:04 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010-01-18 19:46:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Format Factory.lnk [2009-12-09 22:24:44 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009-11-30 19:38:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cbqozg.dat [2009-11-28 23:47:05 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2009-11-28 08:56:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cbqozg.dat [2009-11-16 14:13:26 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI [2009-11-03 10:24:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\disney.ini [2009-11-03 10:24:51 | 000,000,193 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009-10-20 12:45:39 | 000,016,384 | ---- | C] () -- C:\Program Files\uik.dat [2009-10-20 12:44:44 | 000,000,004 | ---- | C] () -- C:\Program Files\is.dat [2009-10-19 20:36:10 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009-10-07 14:33:36 | 000,022,418 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009-10-07 14:33:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-10-07 13:38:42 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009-08-09 22:56:53 | 000,073,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009-08-02 11:50:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-08-01 20:21:56 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2009-08-01 20:21:56 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1492164A74.sys [2009-07-18 10:57:17 | 000,018,704 | ---- | C] () -- C:\WINDOWS\System32\mksidsf.sys [2009-04-30 10:38:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCVCDVW.INI [2009-04-30 10:38:21 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI [2009-01-31 14:34:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-01-31 14:34:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-11-15 12:31:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008-10-12 23:53:26 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-10-12 23:53:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2008-10-03 18:19:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008-09-22 01:16:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-09-22 00:44:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-09-22 00:44:20 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-09-19 01:38:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat [2008-09-19 01:24:22 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2008-09-19 01:18:22 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2008-09-19 01:16:56 | 000,016,060 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008-09-19 01:16:45 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-11-26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-09-07 19:40:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007-09-07 19:40:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2007-09-06 19:04:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-09-06 19:01:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007-07-23 03:34:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-07-23 03:34:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-07-23 03:34:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-07-23 03:34:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-07-23 03:34:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005-08-05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004-12-19 14:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004-12-19 14:17:10 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [color=#E56717]========== LOP Check ==========[/color] [2010-03-12 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010-01-27 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2009-05-16 11:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2010-03-12 23:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA [2010-01-04 12:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2008-09-22 02:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks [2009-01-10 16:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2010-02-21 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BESTplayer [2010-01-31 20:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe Limited [2010-01-27 22:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited [2008-09-28 19:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gadu-Gadu [2008-11-03 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HateML [2008-10-04 13:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HEXelon [2009-11-30 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iolo [2008-11-06 10:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IrfanView [2008-12-19 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech [2009-02-08 20:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org [2009-01-10 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft [2009-08-09 21:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uniblue [2009-07-04 11:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2008-09-19 01:04:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-03-12 17:09:42 | 000,000,209 | ---- | M] () -- C:\Boot.bak [2010-03-13 17:06:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-03-19 12:49:29 | 000,013,298 | ---- | M] () -- C:\ComboFix.txt [2008-09-19 01:04:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008-09-19 01:04:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008-09-19 01:04:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-10 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-09-28 09:43:06 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010-03-19 17:46:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log]
Psycholandia komentarz 19 marca 2010 komentarz 19 marca 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [quote]:Processes explorer.exe :OTL O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\monnwb32.exe () O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found :Commands [emptytemp] [start explorer] [Reboot][/quote] Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń.
kryssttus komentarz 20 marca 2010 Autor komentarz 20 marca 2010 Dzięki za pomoc wszystko zrobiłem zgodnie z wytycznymi tylko program Dr.web mi się nie odpala przy rescie. Pozdrowienia
Psycholandia komentarz 20 marca 2010 komentarz 20 marca 2010 Ustawiłeś bootowanie z płyty w biosie? Wciskasz F11 kiedy komputer się uruchamia, a płyta jest w napędzie?
kryssttus komentarz 20 marca 2010 Autor komentarz 20 marca 2010 Hmm bios znam tylko z nazwy tak dobrze na komputerze się nie znam niestety
Psycholandia komentarz 20 marca 2010 komentarz 20 marca 2010 Podczas uruchamiania komputera wciskasz klawisz Delete (Del) , uruchamia się Bios i tam w - [b]First Boot Device[/b] ustawiasz jako pierwszy cd rom. Następnie zapisujesz ustawienia, reset, wkładasz płytę i wciskasz F11.
kryssttus komentarz 22 marca 2010 Autor komentarz 22 marca 2010 Zgodnie z wytycznymi wykonałem i nie odpala z płytki , coś się zmieniło bo przy ładowaniu windowsa wyskakuje czarna strona i słuchać prace cd że odpala ale nic żadnych efektów , może wina mojej płyt ??? nie wiem . Mimo wszystko dzięki jeszcze raz za POMOC ???
Psycholandia komentarz 22 marca 2010 komentarz 22 marca 2010 To już akurat nie moja wina, że Ci płyty nie czyta. Może źle nagrałeś. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
kryssttus komentarz 23 marca 2010 Autor komentarz 23 marca 2010 Ok dzięki , jeszcze popróbuje . Dzięki za wszystko [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3865 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-03-19 19:30:21 mbam-log-2010-03-19 (19-30-21).txt Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|G:\|) Przeskanowane obiekty: 189695 Upłynęło: 39 minute(s), 17 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. [/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.