x-kom hosting

svchost.exe non stop na 50% co roboić POWRACAJĄCY PROBLEM

kryssttus
utworzono
utworzono

Witam serdecznie mam ogromny problem , a mianowicie ciągle ma problem svchost.exe non stop na 50% . Już raz ten temat poruszałem na forum http://www.forumpc.pl/index.php?showtopic=153517 i Andziorka wyleczyłam mój komputer chwała jej za to . Ale infekcja wrócił nie wiem czemu.
problem był dość dziwny gdyż załadował mi się jakiś program TOOL XP SERVICE czy coś wszystko mi po blokował od Antyvirusa po internet, sam się ładował i skanował komputer wykazując 33pliki zarażone i powstawał problem . Nic po tym nie dało się zrobić a program namawiał do zakupu pełnej wersji ????. A po wyłączeniu komputera nie dało się go włączyć nawet w trybie awaryjnim mi go wywalało , dopiero za entym razem odpali się w trybie awaryjny dalej ładwał ten program TOOL XP SERVICE co wszystko blokował. Wykonałem szybko skan w combofix znalaz jakieś infekcje i je naprawił programy już niema lecz svchost.exe DALEJ CHODZI NA 50% . ZA WSZELKĄ POMOC DZIĘKUJE


P.S dołączam scan z OTL [log]OTL logfile created on: 2010-03-19 18:04:53 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 42,50 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 58,59 Gb Total Space | 26,73 Gb Free Space | 45,62% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 38,43 Gb Free Space | 65,59% Space Free | Partition Type: NTFS
Drive G: | 57,09 Gb Total Space | 56,96 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A-C2ED68E935FE4
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-02-19 12:03:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009-03-27 12:22:08 | 017,567,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-02-06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 01:12:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008-04-14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 01:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
PRC - [2008-04-14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 01:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
PRC - [2008-04-14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 01:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-07-23 03:34:17 | 000,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007-06-26 22:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe
PRC - [2005-10-11 16:40:32 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005-08-05 21:56:34 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005-08-05 21:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005-08-05 21:56:28 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005-08-05 21:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2009-12-08 10:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 09:25:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:51:25 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 13:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 13:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 13:42:06 | 000,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 01:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-14 01:12:45 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 01:12:09 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 01:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 01:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 01:12:07 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 01:12:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 01:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 01:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 01:12:02 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 01:12:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 01:12:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 01:12:01 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 01:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 01:11:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 01:11:51 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 01:10:06 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (G Data Tuner Service)
SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009-11-25 16:34:20 | 000,650,160 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-12-11 20:44:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-04-23 20:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-03-30 18:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008-04-13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-07-23 03:34:17 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007-03-16 18:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbpanel.sys -- (Cardex)
DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2004-08-14 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-27 15:58:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 12:04:00 | 000,000,000 | ---D | M]

[2008-09-19 01:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2010-03-19 18:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions
[2010-02-13 11:07:25 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009-08-09 21:35:33 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-10-12 09:21:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-11 20:17:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-08-11 21:22:00 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010-03-11 20:14:07 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010-03-11 20:14:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-10-13 21:17:40 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010-01-05 22:55:58 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010-01-07 22:52:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\92uf21bd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008-09-22 03:20:51 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\FireFox\Profiles\92uf21bd.default\searchplugins\winamp-search.xml
[2010-03-19 18:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-23 15:10:12 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-23 15:10:12 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-23 15:10:12 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-23 15:10:12 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-23 15:10:12 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-23 15:10:12 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-03-19 12:44:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\monnwb32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\MessengerOFF\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\MessengerOFF\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222029725703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254919596421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.66.73.2 195.66.73.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-19 01:04:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-09-18 17:41:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - E:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]nwiz[/b] - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpwd.sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tdpipe.sys - Driver
SafeBootNet: tdtcp.sys - Driver
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-03-19 18:01:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010-03-19 12:43:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-03-19 12:36:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-03-19 12:36:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-03-19 12:36:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-03-19 12:36:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-03-19 12:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-03-19 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010-03-15 21:05:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010-03-14 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010-03-14 12:34:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-14 12:33:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-14 12:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-03-13 17:06:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-03-13 16:59:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-03-13 08:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010-03-12 23:23:34 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-03-12 23:23:34 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-03-12 23:23:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-03-12 23:23:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-03-12 23:23:31 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-03-12 23:23:31 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-03-12 23:23:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-03-12 23:23:23 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-03-12 23:23:23 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-03-12 22:42:06 | 000,022,528 | ---- | C] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2010-03-12 22:42:00 | 000,027,720 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2010-03-12 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA
[2010-03-12 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2010-03-12 22:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010-03-12 16:40:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-03-11 21:50:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-03-11 20:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010-03-11 16:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-02-08 21:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\FullTiltPoker
[2010-02-02 21:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AdobeUM
[2010-01-31 20:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Canneverbe Limited
[2010-01-27 22:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
[2010-01-27 22:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010-01-18 19:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\FFOutput
[2010-01-06 22:23:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010-01-06 22:23:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010-01-06 22:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-12-03 14:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009-11-17 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009-06-17 20:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Ashampoo Antivirus
[2009-05-16 11:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2009-04-25 11:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009-04-24 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009-04-19 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-03-19 18:06:33 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010-03-19 18:01:45 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010-03-19 17:50:31 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010-03-19 17:46:48 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-03-19 17:46:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-19 17:46:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-19 12:45:35 | 000,000,827 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-03-19 12:44:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-03-19 12:44:39 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-03-19 12:30:55 | 000,009,364 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\635429532
[2010-03-19 12:30:31 | 000,009,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3696930130
[2010-03-19 12:29:10 | 000,010,256 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hfJ5Mio0m8B0g
[2010-03-19 12:14:53 | 000,203,264 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\1191510367.dll
[2010-03-19 12:00:32 | 000,013,210 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\qGPvEh
[2010-03-19 12:00:32 | 000,013,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qGPvEh
[2010-03-18 23:16:29 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-17 14:45:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010-03-16 23:15:51 | 000,018,840 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-03-16 23:15:41 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Application Data\avdrn.dat
[2010-03-16 11:30:34 | 000,010,714 | ---- | M] () -- C:\Documents and Settings\User\Desktop\wiesia C.V.odt
[2010-03-16 11:27:18 | 000,010,805 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dorota C.V.!!!!.odt
[2010-03-16 11:26:17 | 000,083,385 | ---- | M] () -- C:\Documents and Settings\User\Desktop\JAGA CV 2!!!!!!!.odt
[2010-03-15 23:18:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-15 21:04:48 | 000,000,990 | RHS- | M] () -- C:\Documents and Settings\User\ntuser.pol
[2010-03-14 16:05:43 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-14 12:34:02 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-03-13 17:38:57 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-13 17:28:43 | 003,414,528 | ---- | M] (Karol Winnicki) -- C:\Documents and Settings\User\Desktop\BESTplayer.exe
[2010-03-13 17:06:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010-03-13 09:08:31 | 004,253,470 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010-03-12 23:23:34 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010-03-12 23:23:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-03-12 22:56:26 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2010-03-12 22:43:55 | 000,053,320 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2010-03-12 22:42:06 | 000,022,528 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2010-03-12 22:42:05 | 000,051,784 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2010-03-12 22:42:00 | 000,027,720 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-03-12 17:09:42 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-03-12 17:09:42 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010-03-12 08:31:15 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\User\Application Data\rbuwzv.dat
[2010-03-09 12:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010-03-09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-03-09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-03-04 20:02:00 | 000,001,855 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-27 18:28:17 | 000,107,711 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy1.skp
[2010-02-27 17:53:06 | 000,092,095 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy1.skb
[2010-02-24 23:14:01 | 000,032,251 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nowy 1.skp
[2010-02-24 19:06:49 | 000,028,260 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Autozapis_Bez tytułu.skp
[2010-02-24 19:00:54 | 009,606,379 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nasz dom.skp
[2010-02-24 17:41:21 | 009,596,459 | ---- | M] () -- C:\Documents and Settings\User\My Documents\nasz dom.skb
[2010-02-20 12:16:35 | 000,000,431 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp.lnk
[2010-02-15 12:11:36 | 000,013,710 | ---- | M] () -- C:\Documents and Settings\User\My Documents\jankowice.odt
[2010-02-15 12:11:03 | 000,013,702 | ---- | M] () -- C:\Documents and Settings\User\My Documents\marcel.odt
[2010-02-15 12:10:03 | 000,013,756 | ---- | M] () -- C:\Documents and Settings\User\My Documents\podanie. Krystian Kijewski 1.odt
[2010-02-08 15:11:04 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010-01-24 16:10:55 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010-01-18 19:46:21 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Format Factory.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-19 12:36:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-03-19 12:36:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-03-19 12:36:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-03-19 12:28:41 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\635429532
[2010-03-19 12:27:34 | 000,009,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3696930130
[2010-03-19 12:27:18 | 000,010,256 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hfJ5Mio0m8B0g
[2010-03-19 12:27:18 | 000,010,256 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hfJ5Mio0m8B0g
[2010-03-18 23:18:05 | 000,203,264 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\1191510367.dll
[2010-03-17 13:47:59 | 000,013,210 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\qGPvEh
[2010-03-16 23:15:49 | 000,013,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qGPvEh
[2010-03-16 23:15:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\avdrn.dat
[2010-03-16 11:30:33 | 000,010,714 | ---- | C] () -- C:\Documents and Settings\User\Desktop\wiesia C.V.odt
[2010-03-16 11:27:18 | 000,010,805 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dorota C.V.!!!!.odt
[2010-03-16 11:26:16 | 000,083,385 | ---- | C] () -- C:\Documents and Settings\User\Desktop\JAGA CV 2!!!!!!!.odt
[2010-03-14 12:34:02 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-03-13 17:06:48 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010-03-13 17:06:46 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-03-13 16:59:56 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-03-13 16:59:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-03-12 23:26:46 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
[2010-03-12 23:23:34 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010-03-12 22:45:13 | 000,002,626 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak
[2010-03-12 22:45:13 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak
[2010-03-12 22:45:13 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hosts.bak
[2010-03-12 17:34:10 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010-03-12 08:31:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\rbuwzv.dat
[2010-02-25 23:44:51 | 000,092,095 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy1.skb
[2010-02-25 01:32:30 | 000,107,711 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy1.skp
[2010-02-24 23:14:01 | 000,032,251 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nowy 1.skp
[2010-02-24 19:06:49 | 000,028,260 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Autozapis_Bez tytułu.skp
[2010-02-20 16:44:31 | 009,596,459 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nasz dom.skb
[2010-02-20 15:32:58 | 009,606,379 | ---- | C] () -- C:\Documents and Settings\User\My Documents\nasz dom.skp
[2010-02-20 12:16:35 | 000,000,431 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp.lnk
[2010-02-16 12:03:37 | 000,013,702 | ---- | C] () -- C:\Documents and Settings\User\My Documents\marcel.odt
[2010-02-16 12:03:32 | 000,013,710 | ---- | C] () -- C:\Documents and Settings\User\My Documents\jankowice.odt
[2010-02-16 12:03:23 | 000,013,756 | ---- | C] () -- C:\Documents and Settings\User\My Documents\podanie. Krystian Kijewski 1.odt
[2010-02-12 09:31:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\sgcpom.dat
[2010-02-10 12:09:39 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2010-02-10 10:24:19 | 000,001,855 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-02-08 15:11:04 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010-01-18 19:46:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Format Factory.lnk
[2009-12-09 22:24:44 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009-11-30 19:38:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cbqozg.dat
[2009-11-28 23:47:05 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009-11-28 08:56:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\cbqozg.dat
[2009-11-16 14:13:26 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009-11-03 10:24:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-11-03 10:24:51 | 000,000,193 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-10-20 12:45:39 | 000,016,384 | ---- | C] () -- C:\Program Files\uik.dat
[2009-10-20 12:44:44 | 000,000,004 | ---- | C] () -- C:\Program Files\is.dat
[2009-10-19 20:36:10 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009-10-07 14:33:36 | 000,022,418 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-10-07 14:33:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-10-07 13:38:42 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-08-09 22:56:53 | 000,073,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-08-02 11:50:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-08-01 20:21:56 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009-08-01 20:21:56 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1492164A74.sys
[2009-07-18 10:57:17 | 000,018,704 | ---- | C] () -- C:\WINDOWS\System32\mksidsf.sys
[2009-04-30 10:38:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCVCDVW.INI
[2009-04-30 10:38:21 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2009-01-31 14:34:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-01-31 14:34:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-11-15 12:31:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008-10-12 23:53:26 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-10-12 23:53:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008-10-03 18:19:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-09-22 01:16:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-09-22 00:44:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-22 00:44:20 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-19 01:38:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2008-09-19 01:24:22 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2008-09-19 01:18:22 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008-09-19 01:16:56 | 000,016,060 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-09-19 01:16:45 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-11-26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007-09-07 19:40:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007-09-07 19:40:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007-09-06 19:04:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-09-06 19:01:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-07-23 03:34:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-07-23 03:34:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-07-23 03:34:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-07-23 03:34:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-07-23 03:34:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-08-05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004-12-19 14:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004-12-19 14:17:10 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-12 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-01-27 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009-05-16 11:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010-03-12 23:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010-01-04 12:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008-09-22 02:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009-01-10 16:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010-02-21 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BESTplayer
[2010-01-31 20:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe Limited
[2010-01-27 22:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
[2008-09-28 19:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gadu-Gadu
[2008-11-03 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HateML
[2008-10-04 13:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HEXelon
[2009-11-30 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iolo
[2008-11-06 10:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IrfanView
[2008-12-19 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009-02-08 20:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2009-01-10 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft
[2009-08-09 21:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uniblue
[2009-07-04 11:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2008-09-19 01:04:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-12 17:09:42 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010-03-13 17:06:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-03-19 12:49:29 | 000,013,298 | ---- | M] () -- C:\ComboFix.txt
[2008-09-19 01:04:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-09-19 01:04:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-09-19 01:04:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-10 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-09-28 09:43:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-03-19 17:46:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004-08-10 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-09-28 09:39:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[quote]:Processes
explorer.exe

:OTL
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\monnwb32.exe ()
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

:Commands
[emptytemp]
[start explorer]
[Reboot][/quote]

Pobierz: http://www.freedrweb.pl/livecd.php nagraj na płytę, reset kompa, podczas uruchamiania wciskaj F11, odpali się program i wykona skanowanie. Wszystko co znajdzie usuń.

kryssttus
komentarz
komentarz

Dzięki za pomoc wszystko zrobiłem zgodnie z wytycznymi tylko program Dr.web mi się nie odpala przy rescie. Pozdrowienia :blink:

Psycholandia
komentarz
komentarz

Ustawiłeś bootowanie z płyty w biosie? Wciskasz F11 kiedy komputer się uruchamia, a płyta jest w napędzie?

kryssttus
komentarz
komentarz

Hmm bios znam tylko z nazwy tak dobrze na komputerze się nie znam niestety :(

Psycholandia
komentarz
komentarz

Podczas uruchamiania komputera wciskasz klawisz Delete (Del) , uruchamia się Bios i tam w - [b]First Boot Device[/b] ustawiasz jako pierwszy cd rom. Następnie zapisujesz ustawienia, reset, wkładasz płytę i wciskasz F11.

kryssttus
komentarz
komentarz

Zgodnie z wytycznymi wykonałem i nie odpala z płytki , coś się zmieniło bo przy ładowaniu windowsa wyskakuje czarna strona i słuchać prace cd że odpala ale nic żadnych efektów , może wina mojej płyt ??? nie wiem . Mimo wszystko dzięki jeszcze raz za POMOC ??? :)

Psycholandia
komentarz
komentarz

To już akurat nie moja wina, że Ci płyty nie czyta. Może źle nagrałeś.
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

kryssttus
komentarz
komentarz

Ok dzięki , jeszcze popróbuje . Dzięki za wszystko :D

[log]Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3865
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-19 19:30:21
mbam-log-2010-03-19 (19-30-21).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|G:\|)
Przeskanowane obiekty: 189695
Upłynęło: 39 minute(s), 17 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
[/log]

Psycholandia
komentarz
komentarz

Czysto. :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.