x-kom hosting

Dziwne procesy, programy w autostaracie, znalezione zainfekowane pliki. Infekcja.

antos
utworzono
utworzono (edytowane)

Witam.

Jak zwykle złączam log do sprawdzenia. Chcę go sprawdzić ponieważ dziś zauważyłem, że mam w włączone różne procesy, których nazwy mi nic nie mówią, sprawdzanie w google moim zdaniem nie ma sensu, bo większość wirusów się podszywa lub ma nazwy wygenerowane losowo. Do tego jak dziś za pomocą easy cleanera zajrzałem do tego co mi siedzi w autostarcie to mnie z lekka zdziwiło, bo razem z systemem uruchamia i się tylko avast i kerio. Najbardziej niepokoi mnie proces brs.exe, którego nie da się wyrzucić.
Do tego zauważyłem częstsze przycinki.


[log]OTL logfile created on: 2010-05-06 14:03:51 - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 38,00 Mb Available Physical Memory | 15,00% Memory free
618,00 Mb Paging File | 248,00 Mb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,79 Gb Free Space | 29,85% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 13,98 Gb Free Space | 20,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe
PRC - [2010-03-13 12:58:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe
PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
PRC - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe
PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe
PRC - [2009-10-27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-06-19 11:54:26 | 001,534,464 | ---- | M] (Nokia) -- D:\Programy\PCSUITE\Nokia PC Suite 6\MusicManager.exe
PRC - [2007-06-19 11:17:04 | 001,241,088 | ---- | M] (Time Information Services Ltd.) -- D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-05-04 09:30:46 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-01-02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]
IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M]

[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions
[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions
[2010-05-05 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com
[2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames
[2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry
[2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink
[2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink
[2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink
[2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2
[2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help
[2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun
[2010-03-24 16:57:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\użytkownik\Phone Browser
[2010-03-19 17:52:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-03-19 17:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-03-19 17:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-03-19 17:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia
[2010-03-19 17:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010-03-19 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010-03-19 17:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-03-19 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite
[2010-03-19 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-03-19 17:04:57 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys
[2010-03-19 17:04:56 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys
[2010-03-19 17:04:56 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys
[2010-03-19 17:04:55 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010-03-19 17:04:55 | 000,137,216 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys
[2010-03-19 17:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010-03-19 17:04:53 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010-03-14 13:55:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-03-14 10:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010-03-14 10:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010-03-14 10:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010-03-13 10:29:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-03-13 10:29:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-03-13 10:29:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-03-13 10:29:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-03-13 10:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-03-13 10:27:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 60 Days ==========[/color]

[2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-05-06 12:02:56 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT
[2010-05-06 11:35:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-06 11:35:51 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-05 07:48:46 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Metin2 PL.lnk
[2010-05-04 22:28:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini
[2010-05-04 22:28:26 | 001,575,194 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-05-04 14:20:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-04 14:20:37 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-04 14:17:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-18 09:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys
[2010-04-17 14:33:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010-04-17 14:23:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat
[2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[2010-03-26 12:20:20 | 000,240,562 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie001.jpg
[2010-03-26 12:19:54 | 000,237,086 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie000.jpg
[2010-03-22 19:50:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\pozytywizm.doc
[2010-03-19 17:12:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010-03-19 17:12:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2010-03-19 17:10:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010-03-16 16:37:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$wy Dokument programu Microsoft Word.doc
[2010-03-13 10:37:24 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 18:12:57 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Metin2 PL.lnk
[2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-17 14:33:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010-04-17 14:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys
[2010-04-17 14:23:47 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat
[2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[2010-03-27 12:21:30 | 000,240,562 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie001.jpg
[2010-03-27 12:21:29 | 000,237,086 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie000.jpg
[2010-03-22 19:49:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\pozytywizm.doc
[2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-03-19 17:07:46 | 000,002,237 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-03-16 16:37:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$wy Dokument programu Microsoft Word.doc
[2010-03-13 10:29:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-03-13 10:29:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-03-13 10:29:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-03-13 10:29:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-03-13 10:29:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-03-12 20:27:43 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-07 00:15:46 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color="#e56717"]========== LOP Check ==========[/color]

[2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog
[2010-05-04 22:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
[2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu
[2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia
[2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite
[2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-06 11:35:51 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-05 22:22:07 | 000,029,304 | ---- | M] () -- C:\hpfr3500.log
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-05-06 11:35:49 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys


[color="#a23bec"]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color="#a23bec"]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color="#a23bec"]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color="#a23bec"]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color="#a23bec"]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]


[log]
OTL Extras logfile created on: 2010-05-06 14:03:51 - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 38,00 Mb Available Physical Memory | 15,00% Memory free
618,00 Mb Paging File | 248,00 Mb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,79 Gb Free Space | 29,85% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 13,98 Gb Free Space | 20,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color="#e56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies)
"D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"3D Driving-School" = 3D Driving-School
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)
"EAGLE 4.16r2" = EAGLE 4.16r2
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Soldat_is1" = Soldat 1.5.0
"SSUtils" = NVIDIA nForce Utilities
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WlatcyMoch_is1" = WlatcyMoch
"Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ System Events ]
Error - 2010-05-06 05:37:46 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058


< End of report >
[/log]

Wiem, że nie jest to najnowsza konstrukcja, ale do tej pory chodził w miarę wporządku. Wiem, że jest też trochę zaśmiecony, ale najpierw chciałbym, go oczyścić z wiadomo czego...




[color="blue"]Edycja[/color]

Dziś rano spojrzałem ponownie do tego autostartu i proces ten obecnie nazywa się monxga32.exe i dalej nie da się go usunąć. I zapomniałem dodać, że jest on pokazywany tak jakby stratował z folderu autostart, jednak ten jest pusty...



[color="blue"]Edycja 2[/color]

Spostrzegłem też, że po każdym restarcie kompa wyłączana jest opcja "pokaż ukryte pliki i folder" Teraz mam pewność, że to infekcja, tylko ja sobie z nią nie mogę poradzić...


[color="blue"]Edycja 3[/color]


Brat mi dziś doniósł, że jak korzystał z komputera to mu Avast pokazał monit o znalezionym wirusie, a on oczywiście nie zwraca na to uwagi i kliknął usuń nawet nie czytając tego, więc nie wiem co to był za plik, ani na jakim był dysku.


[color="blue"]Edycja 4 [/color]

Kolejna 4 już edycja. Dziś zaraz po włączeniu czekał na mnie monit o znalezionym wirusie. jego nazwa to i8ikdjwt.exe wygląda na nazwę wygenerowaną losowo. Jak już wcześniej wspominałem nie działa kompletnie opcja "Pokaż ukryte pliki i foldery" Ponieważ automatycznie się przełącza na opcję nie pokazuj. Do tego dziś w autostarcie jeszcze jeden program. NOD 32 się nazwał, znajduje się w Temp na dysku C: i uruchamiany jest z pliku nodqq.exe.


[color="blue"]Edycja 5[/color]

Plik w auto starcie znów nosi nazwę monxga,exe i ma taka samą ścieżkę jak w pierwszym przypadku.


17 Dni i nikt się nie zajął moim logiem ;/

  • 3 tygodnie później...

Tomek01
komentarz
komentarz (edytowane)

Po 1-sze:
A propo's pokazywania opcji ukrytych plików i folderów: Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm.


Po 2-gie:
Uruchom HiJackThis w trybie awaryjnym i zanzcaz fajke przy podanym wpisie a nastepnie fix checked:
[code]O4 - Startup: C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe ()[/code]


Po 3-cie:
Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b]
W polu input script here wklej taki tekst (bez frazy kod):

[code]Files to delete:
C:\WINDOWS\System32\fjhdyfhsn.bat
C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat
C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe[/code]
Klikasz execute, komputer uruchamia się ponownie.


Po 4-te:
Ponizszy plik przeskanuj na virustotal i podaj wynik.
[code]C:\WINDOWS\System32\drivers\laibdgzd.sys[/code]

Po wszystkim załącz: Raport z Avenger'a, który powstanie po zastosowaniu skryptu, nowy log OTL oraz log RSIT (koniecznie).

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Opcja pokaż ukryte pliki i folder działa poprawnie

Załączam wymagane logi:

[log]
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\fjhdyfhsn.bat" deleted successfully.
File "C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat" deleted successfully.

Error: file "C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe" not found!
Deletion of file "C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
[/log]


Po wysłaniu pliku na virustotal wyskakuje informacja:
0 bytes size received / Se ha recibido un archivo vacio


log z OTL-a
[log]
OTL logfile created on: 2010-05-25 21:02:12 - Run 3
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 37,00 Mb Available Physical Memory | 15,00% Memory free
618,00 Mb Paging File | 354,00 Mb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,43 Gb Free Space | 23,80% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe
PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe
PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe
PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M]

[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions
[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions
[2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com
[2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads
[2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp
[2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia
[2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames
[2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry
[2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink
[2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink
[2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink
[2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2
[2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help
[2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun
[2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-05-25 21:01:39 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT
[2010-05-25 20:51:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-25 20:51:08 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-25 20:50:22 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini
[2010-05-25 20:50:19 | 003,775,730 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () -- C:\autorun.inf
[2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat
[2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml
[2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk
[2010-04-22 08:13:12 | 000,128,512 | RHS- | M] () -- C:\vgyn6ewc.exe
[2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-18 09:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys
[2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys
[2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-07 13:32:21 | 000,128,512 | RHS- | C] () -- C:\vgyn6ewc.exe
[2010-05-07 13:32:21 | 000,000,063 | RHS- | C] () -- C:\autorun.inf
[2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-17 14:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys
[2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog
[2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
[2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu
[2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia
[2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite
[2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat
[2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () -- C:\autorun.inf
[2010-05-25 20:50:53 | 000,001,804 | ---- | M] () -- C:\avenger.txt
[2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-25 20:51:08 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-05-25 20:51:05 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2010-04-22 08:13:12 | 000,128,512 | RHS- | M] () -- C:\vgyn6ewc.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]


oraz RSIT

[log]
Logfile of random's system information tool 1.07 (written by random/random)
Run by użytkownik at 2010-05-25 21:08:25
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (24%) free of 6 GB
Total RAM: 255 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:52, on 2010-05-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avast\AvastSvc.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Programy\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Programy\Firefox\firefox.exe
C:\Documents and Settings\użytkownik\Pulpit\Programy\RSIT.exe
C:\Program Files\trend micro\użytkownik.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "D:\Programy\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 3401 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programy\java\bin\jp2ssv.dll [2010-03-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\Programy\Avast\avastUI.exe [2010-01-19 2743104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoFavoritesMenu"=1
"NoSMHelp"=1
"NoDriveAutoRun"=0xFFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service"
"D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"D:\Programy\BitSpirit\BitSpirit.exe"="D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-25 21:08:30 ----D---- C:\Program Files\trend micro
2010-05-25 21:08:25 ----D---- C:\rsit
2010-05-25 20:50:53 ----D---- C:\Avenger
2010-05-25 20:50:52 ----A---- C:\avenger.txt
2010-05-13 15:10:19 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia
2010-05-07 13:32:21 ----RSH---- C:\vgyn6ewc.exe

======List of files/folders modified in the last 1 months======

2010-05-25 21:08:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 21:08:30 ----RD---- C:\Program Files
2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32
2010-05-25 20:50:53 ----D---- C:\WINDOWS
2010-05-25 20:42:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-25 15:41:59 ----D---- C:\WINDOWS\Temp
2010-05-22 22:53:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-20 11:11:21 ----SD---- C:\WINDOWS\Tasks
2010-05-17 14:28:04 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
2010-05-06 13:02:31 ----SHD---- C:\WINDOWS\Installer
2010-05-04 14:36:22 ----D---- C:\Program Files\NAPI-PROJEKT
2010-05-03 22:30:07 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 262144]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/10 12:10:32]; \??\D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 asr4nqn3;asr4nqn3; C:\WINDOWS\system32\drivers\asr4nqn3.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-02 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
R2 KPF4;Kerio Personal Firewall 4; D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe [2004-10-27 1912832]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]

-----------------EOF-----------------
[/log]

[log]
info.txt logfile of random's system information tool 1.06 2010-05-25 21:08:55

======Uninstall list======

-->D:\Programy\Nero 7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Driving-School-->"D:\Gry\3D Driving-School\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALLPlayer V4.X-->"D:\Programy\ALLPlayer\unins000.exe"
ASUS Probe V2.19.07-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Free Antivirus-->D:\Programy\Avast\aswRunDll.exe "D:\Programy\Avast\Setup\setiface.dll" RunSetup
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
EAGLE 4.16r2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EAGLE-4.16r2\DeIsL1.isu"
HD Tune 2.55-->"D:\Programy\HD Tune\unins000.exe"
HijackThis 2.0.2-->"D:\Programy\HijackThis\HijackThis.exe" /uninstall
IrfanView (remove only)-->D:\Programy\Infran Viev\iv_uninstall.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Kerio Personal Firewall-->MsiExec.exe /X{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->D:\Programy\Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Essentials-->MsiExec.exe /X{1DED92A7-05FA-4736-8AEA-1BE2363F1045}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\US.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater-->MsiExec.exe /X{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}
NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0}
Prince of Persia Sands of Time-->"D:\Gry\Prince of Persia Sands of Time\unins000.exe"
Real Alternative 2.0.1 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15
Soldat 1.5.0-->"D:\Gry\Soldat\unins000.exe"
Sterowniki NVIDIA nForce dla Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
Tiberia Client-->D:\Gry\asasa\Uninstal.exe
TIBIA 7.92 OTS24.NET-->D:\Gry\tibia_ots24\unins000.exe
TibiaServer v2.30-->D:\Gry\TibiaServer\Uninstall.exe
WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe
WlatcyMoch-->D:\Gry\WlatcyMoch\unins000.exe
Włatcy Móch - Olimpiada Podwórkowa-->"D:\Gry\Włatcy Móch - Olimpiada Podwórkowa\unins000.exe"

======System event log======

Computer Name: HOME-D04C4A7CBD
Event Code: 26
Message: Podręczne okno aplikacji: : Machine Check:

Record Number: 5
Source Name: Application Popup
Time Written: 20100506113618.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 26
Message: Podręczne okno aplikacji: : Machine Check: Regs

Record Number: 4
Source Name: Application Popup
Time Written: 20100506113618.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 26
Message: Podręczne okno aplikacji: : Machine Check:

Record Number: 3
Source Name: Application Popup
Time Written: 20100506113618.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 6005
Message: Uruchomiono usługę Dziennik zdarzeń.

Record Number: 2
Source Name: EventLog
Time Written: 20100506113559.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20100506113559.000000+120
Event Type: informacje
User:

=====Application event log=====

Computer Name: HOME-D04C4A7CBD
Event Code: 1004
Message: Wykrycie produktu „{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}”, funkcja „LaunchApplication”, składnik „{1BD095EA-7BEF-47F6-86F8-2F29F95F0C59}” nie powiodło się. Zasób „HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCSuiteTrayApplication” nie istnieje.

Record Number: 5
Source Name: MsiInstaller
Time Written: 20100506130105.000000+120
Event Type: ostrzeżenie
User: HOME-D04C4A7CBD\użytkownik

Computer Name: HOME-D04C4A7CBD
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 4
Source Name: LightScribeService
Time Written: 20100506113620.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 105
Message: The service was started.

Record Number: 3
Source Name: ATI Smart
Time Written: 20100506113602.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 2
Source Name: LightScribeService
Time Written: 20100505152747.000000+120
Event Type: informacje
User:

Computer Name: HOME-D04C4A7CBD
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20100505152730.000000+120
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

1. Czy Flash Disinfector użyłeś przed wykonaniem logów ? Nie widzę w logach śladów użycia.
Choć jednak widzę, że zainfekowałeś się ponownie.
Używałeś jakiegoś pen'a ?
Zastosuj ponownie Flash Disinfector, koniecznie podłącz wszelkie pamięci USB (nawet z komórką).
2. We wczesniejszym logu widziałem, że uzywaleś Combofix'a, teraz jednak nie widzę, usuwałeś sam te pliki ( wjaki sposób ?). Jak masz jeszcze log z niego to załącz - Combofix.txt


3. Do Avenger'a wklej:

[code]Files to delete:
C:\autorun.inf
C:\vgyn6ewc.exe
C:\WINDOWS\System32\drivers\laibdgzd.sys

Drivers to delete:
catchme[/code]
Execute...

Zalącz raport oraz nowy log OTL.

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Mam jednego pendriva. Podłączyłem go do kompa włączyłem ten program i jak wyskoczyło done, to odłączyłem i koniec. Nie podłączałem potem nic do USB, zresztą używałem tego nie dalej jak 30 minut temu przed wykonaniem wszelkich logów.
Combofixa nie używałem, ani wtedy, ani teraz. Co prawda mam go na dysku, ale nie używam jak mi ktoś nie każe, bo średnio się na tym znam i wolę nie ruszać. Tak w zasadzie to o jakie pliki Ci chodzi? Nie usuwałem samodzielnie żadnych plików, przynajmniej umyślnie. Zrobiłem wszystko w takiej kolejności jak kazałeś według wszelakich wskazówek.
Znalazłem log o który Ci chodziło. Pochodzi on z 13.03.2010. Już nie pamiętam po co wtedy go używałem. W każdym bądź razie załączam ów plik.
[log]ComboFix 10-03-12.04 - użytkownik 2010-03-13 9:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.255.65 [GMT 1:00]
Uruchomiony z: c:\documents and settings\użytkownik\Pulpit\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-13 do 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-05 19:38 . 2010-03-05 19:38 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-01 13:52 . 2010-03-01 13:52 -------- d-----w- c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ATI
2010-03-01 13:52 . 2010-03-01 13:52 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\ATI
2010-02-22 08:43 . 2010-02-22 08:44 -------- d-----w- c:\windows\system32\NtmsData
2010-02-21 12:46 . 2010-02-21 13:35 -------- d-----w- c:\windows\system32\Adobe
2010-02-17 10:59 . 2010-02-17 10:59 0 ----a-r- C:\logwmemory.bin
2010-02-16 15:28 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-13 12:33 . 2010-02-13 12:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LightScribe
2010-02-13 12:30 . 2010-02-13 12:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-02-13 12:27 . 2010-02-13 12:28 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-13 12:27 . 2010-02-13 12:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-02-13 08:50 . 2010-02-13 08:50 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 08:19 . 2010-01-24 20:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 15:31 . 2010-02-03 13:45 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 15:13 . 2001-10-26 16:15 448004 ----a-w- c:\windows\system32\perfh015.dat
2010-02-28 15:13 . 2001-10-26 16:15 74230 ----a-w- c:\windows\system32\perfc015.dat
2010-02-17 19:00 . 2010-01-30 10:35 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-02-10 15:18 . 2010-01-29 16:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-03 13:45 . 2010-01-24 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-30 10:48 . 2010-01-30 10:35 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-30 10:48 . 2010-01-30 10:48 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-30 10:47 . 2010-01-30 10:47 493080 ----a-w- c:\windows\system32\evr.dll
2010-01-30 10:47 . 2010-01-30 10:47 207360 ----a-w- c:\windows\system32\evrprop.dll
2010-01-30 10:47 . 2010-01-30 10:47 73752 ----a-w- c:\windows\system32\dxva2.dll
2010-01-30 10:47 . 2010-01-30 10:47 258048 ----a-w- c:\windows\system32\libFLAC.dll
2010-01-30 10:47 . 2010-01-30 10:47 79360 ----a-w- c:\windows\system32\mkzlib.dll
2010-01-30 10:46 . 2010-01-30 10:46 23552 ----a-w- c:\windows\system32\mkunicode.dll
2010-01-30 10:44 . 2010-01-30 10:44 -------- d-----w- c:\program files\Real Alternative
2010-01-29 19:19 . 2010-01-29 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 19:51 . 2010-01-27 19:51 -------- d-----w- c:\program files\Microsoft.NET
2010-01-25 17:29 . 2010-01-24 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-19 11:42 . 2010-01-24 18:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2010-01-24 18:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

------- Sigcheck -------

[-] 2008-05-02 . 99BD46C2C790E52363DD1021DDCA3E8F . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\programy\Alcohol 120\axcmd.exe" [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="d:\programy\Avast\avastUI.exe" [2010-01-19 2743104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"d:\\Programy\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"d:\\Programy\\BitSpirit\\BitSpirit.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-01-24 162640]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-24 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-03-05 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 16:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: d:\programy\acrobat\Reader\browser\nppdf32.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
d:\programy\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programy\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programy\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programy\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programy\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programy\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programy\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programy\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programy\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programy\Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programy\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programy\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programy\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programy\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programy\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programy\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programy\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programy\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-03-13 09:37
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2010-03-13 09:39:42
ComboFix-quarantined-files.txt 2010-03-13 08:39

Przed: 2 209 005 568 bajtów wolnych
Po: 2 254 962 688 bajtów wolnych

- - End Of File - - 991A728A3527D928D8D106B65B4A5C03
[/log]

Za chwilę zaktualizuję post i wkleję loga z OTL-a i Avengera.




[color="blue"]Aktualizacja[/color]


Użyłem Disinfectroa tak jak mówiłeś. Podłączyłem pendrive i włączyłem jak wyskoczyło done to odłączyłem pendriva i koniec.

Później wkleiłem do avengera ten skrypt, restart i po pierwszym uruchomieniu BSOD. Pierwszy od bardzo długiego czasu.
Stop: c000021a {B
Proces systemowy Windows Logon Process zakończył się niespodziewanie ze stanem 0x00000402 (0x00000000 0x00000000). Zbieg okoliczności?
Potem restart z mojej strony i uruchomił się bez problemu. Wyświetlił taki oto log z Avengera:

[log] Logfile of The Avenger Version 2.0, © by Swandog46
[url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\autorun.inf" deleted successfully.
File "C:\vgyn6ewc.exe" deleted successfully.
File "C:\WINDOWS\System32\drivers\laibdgzd.sys" deleted successfully.
Driver "catchme" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
[/log]

Wklejam świeżego OTL-a

[log]
OTL logfile created on: 2010-05-25 22:17:24 - Run 4
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 50,00 Mb Available Physical Memory | 19,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,44 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe
PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe
PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe
PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]
IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M]

[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions
[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions
[2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com
[2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-05-25 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-05-25 21:08:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads
[2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp
[2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia
[2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames
[2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry
[2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink
[2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink
[2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink
[2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2
[2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help
[2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun
[2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 60 Days ==========[/color]

[2010-05-25 22:07:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-25 22:07:50 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-25 22:07:47 | 048,840,704 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-25 22:02:34 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT
[2010-05-25 22:02:34 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini
[2010-05-25 22:02:28 | 004,310,212 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat
[2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml
[2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys
[2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color="#e56717"]========== LOP Check ==========[/color]

[2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog
[2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
[2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu
[2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia
[2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite
[2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat
[2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-05-25 22:07:37 | 000,001,290 | ---- | M] () -- C:\avenger.txt
[2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-25 22:07:50 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-05-25 22:07:47 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys


[color="#a23bec"]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color="#a23bec"]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color="#a23bec"]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color="#a23bec"]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color="#a23bec"]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >

[/log]

[log]
OTL Extras logfile created on: 2010-05-25 22:17:24 - Run 4
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 50,00 Mb Available Physical Memory | 19,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,44 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color="#e56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies)
"D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"3D Driving-School" = 3D Driving-School
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)
"EAGLE 4.16r2" = EAGLE 4.16r2
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP
"ots24.net_is1" = TIBIA 7.92 OTS24.NET
"Prince of Persia Sands of Time_is1" = Prince of Persia Sands of Time
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Soldat_is1" = Soldat 1.5.0
"SSUtils" = NVIDIA nForce Utilities
"Tiberia Client" = Tiberia Client
"TibiaServer v2.30" = TibiaServer v2.30
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WlatcyMoch_is1" = WlatcyMoch
"Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

[color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-05-21 04:37:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-22 05:22:09 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-22 11:11:16 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-23 03:55:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2010-05-25 14:43:41 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2010-05-25 14:43:41 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip

Error - 2010-05-25 14:44:40 | Computer Name = HOME-D04C4A7CBD | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-05-25 14:49:07 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-25 14:51:22 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-05-25 14:52:51 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-25 14:52:51 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112

Error - 2010-05-25 16:08:07 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112


< End of report >
[/log]

Opcja pokaż ukryte pliki i foldery znowu działa poprawnie. Jednak tym razem wraz z ukrytymi plikami coś mi wyłączyło także pokazywanie rozszerzeń znanych plików.
Znalazłem dwa ukryte pliki na dysku D:
i8ikdjwt.exe
vgyn6ewc.exe


[color=blue]
aktualizacja 2[/color]

Dałem odśwież i koniec. Znikły ukryte pliki i rozszerzenia.

Tomek01
komentarz
komentarz

To są pliki po uruchomieniu Combofix'a:
C:\WINDOWS\SWREG.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\ERDNT
C:\Qoobox (ten jeśli jest powinien być usunięty, choć w drugim logu OTL już go nie ma :huh: ).


Czy masz najnowsze aktualizacje Microsoft zainstalowane?

Do Avenger'a wklej:
[code]Files to delete:
i8ikdjwt.exe
vgyn6ewc.exe[/code]
Execute...

Załącz raport z Avenger'a oraz log OTL, ale po włączeniu opcji pokaż ukryte pliki i foldery.

  • Dobra wypowiedź 1
antos
komentarz
komentarz

System jest nieaktualizowany od ponad roku. Tak mi się wydaje, bo automatyczne wyłączyłem, a ręcznie mi się nie chce.

C:\Qoobox istnieje i ma się dobrze. Mam usunąć ręcznie dobrze rozumie? Wraz z pozostałymi wypisanymi plikami?[i]


[/i][color="blue"] aktualizacja[/color]

No więc uruchomiłem avengera tak jak poleciłeś.

[log]Logfile of The Avenger Version 2.0, © by Swandog46
[url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "i8ikdjwt.exe" not found!
Deletion of file "i8ikdjwt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "vgyn6ewc.exe" not found!
Deletion of file "vgyn6ewc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.[/log]


Angielski znam na tyle, żeby domyślić się, że po prostu program nie znalazł tych plików. Jednakże na dysku D: ciągle ich nie było. Włączyłem więc pokazywanie ukrytych plików i folderów (które teraz działa poprawnie), pokazywanie rozszerzeń i pokazywanie plików systemowych. Wtedy oba pliki na dysku D się pojawiły. Uruchomiłem Avengera jeszcze raz i



[log]Logfile of The Avenger Version 2.0, © by Swandog46
[url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "i8ikdjwt.exe" not found!
Deletion of file "i8ikdjwt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "vgyn6ewc.exe" not found!
Deletion of file "vgyn6ewc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.[/log]

Znowu ich nie znalazł, jednak one fizycznie tam są. Żeby potwierdzić załączam screena: [url="http://img263.imageshack.us/i/wirusy.jpg/"][img]http://img263.imageshack.us/img263/452/wirusy.th.jpg[/img][/url]



Z tymi wszystkimi opcjami włączyłem OTL-a.

[log]OTL logfile created on: 2010-05-26 13:55:25 - Run 5
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 35,00 Mb Available Physical Memory | 14,00% Memory free
618,00 Mb Paging File | 351,00 Mb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,50 Gb Free Space | 24,98% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe
PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe
PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe
PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe
MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]
IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M]

[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions
[2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions
[2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com
[2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-05-25 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-05-25 21:08:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads
[2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp
[2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google
[2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia
[2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames
[2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry
[2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink
[2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink
[2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink
[2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2
[2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help
[2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun
[2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 60 Days ==========[/color]

[2010-05-26 13:50:12 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT
[2010-05-26 13:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-26 13:43:13 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-26 13:42:30 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini
[2010-05-26 13:42:26 | 004,277,500 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-25 23:50:37 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Nowy Dokument programu Microsoft Word.doc
[2010-05-25 22:07:47 | 048,840,704 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat
[2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml
[2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-05-25 22:43:57 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Nowy Dokument programu Microsoft Word.doc
[2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys
[2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar
[2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk
[2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk
[2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk
[2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job
[2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi
[2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi
[2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi
[2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi
[2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi
[2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi
[2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi
[2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi
[2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc
[2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc
[2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc
[2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha
[2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc
[2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk
[2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc
[2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr
[2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p
[2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc
[2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db
[2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll
[2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color="#e56717"]========== LOP Check ==========[/color]

[2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica
[2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog
[2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
[2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu
[2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia
[2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite
[2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat
[2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-05-26 13:43:01 | 000,001,562 | ---- | M] () -- C:\avenger.txt
[2010-05-26 13:39:29 | 000,001,562 | ---- | M] () -- C:\avenger1.txt
[2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt
[2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-26 13:43:13 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-05-26 13:43:11 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys


[color="#a23bec"]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color="#a23bec"]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color="#a23bec"]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color="#a23bec"]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color="#a23bec"]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]
[log]OTL Extras logfile created on: 2010-05-26 13:55:25 - Run 5
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 35,00 Mb Available Physical Memory | 14,00% Memory free
618,00 Mb Paging File | 351,00 Mb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6,01 Gb Total Space | 1,50 Gb Free Space | 24,98% Space Free | Partition Type: NTFS
Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D04C4A7CBD
Current User Name: użytkownik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#e56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation)

[color="#e56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#e56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color="#e56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies)
"D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET)


[color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"3D Driving-School" = 3D Driving-School
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)
"EAGLE 4.16r2" = EAGLE 4.16r2
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP
"ots24.net_is1" = TIBIA 7.92 OTS24.NET
"Prince of Persia Sands of Time_is1" = Prince of Persia Sands of Time
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Soldat_is1" = Soldat 1.5.0
"SSUtils" = NVIDIA nForce Utilities
"Tiberia Client" = Tiberia Client
"TibiaServer v2.30" = TibiaServer v2.30
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WlatcyMoch_is1" = WlatcyMoch
"Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

[color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color="#e56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-05-21 04:37:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-22 05:22:09 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-22 11:11:16 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

Error - 2010-05-23 03:55:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2010-05-25 16:08:07 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112

Error - 2010-05-26 04:17:50 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-26 07:39:58 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-05-26 07:41:27 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-26 07:41:27 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112

Error - 2010-05-26 07:43:30 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2010-05-26 07:45:04 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2010-05-26 07:45:04 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112


< End of report >
[/log]

Podsumowując opcja pokaż ukryte pliki i folder działa poprawnia, pokazuje rozszeżenia. Działa jakby trochę lepiej, ale wolę miec pewność, że log jest czysty




[i]

[/i]

Tomek01
komentarz
komentarz

Więc jesli chodzi o Avenger'a to:
Error: file "vgyn6ewc.exe" not found!
Ale: Deletion of file "vgyn6ewc.exe" failed! :)

Tak więc jest czysto.
W OTL użyj opcji Clean Up.

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Ok dzięki.
Ale nurtuje mnie to, że te dwa pliki są ciągle widoczne na dysku D:
Nie wiem jak to się ma do ich obecności, ale ciągle tam są. Pliki widmo :P

Tomek01
komentarz
komentarz

A załącz jeszcze log RSIT.

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Proszę bardzo.

[log]
Logfile of random's system information tool 1.07 (written by random/random)
Run by użytkownik at 2010-05-26 23:34:08
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (24%) free of 6 GB
Total RAM: 255 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:33, on 2010-05-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avast\AvastSvc.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Programy\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Programy\Firefox\firefox.exe
D:\Programy\WapSter AQQ\AQQ.exe
C:\Documents and Settings\użytkownik\Pulpit\Programy\RSIT.exe
C:\Program Files\trend micro\użytkownik.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "D:\Programy\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 3507 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programy\java\bin\jp2ssv.dll [2010-03-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\Programy\Avast\avastUI.exe [2010-01-19 2743104]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoFavoritesMenu"=1
"NoSMHelp"=1
"NoDriveAutoRun"=0xFFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service"
"D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"D:\Programy\BitSpirit\BitSpirit.exe"="D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-26 13:43:00 ----A---- C:\avenger.txt
2010-05-26 13:39:28 ----A---- C:\avenger1.txt
2010-05-25 21:08:30 ----D---- C:\Program Files\trend micro
2010-05-25 21:08:25 ----D---- C:\rsit
2010-05-25 20:50:53 ----D---- C:\Avenger
2010-05-13 15:10:19 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia

======List of files/folders modified in the last 1 months======

2010-05-26 13:44:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-26 13:43:01 ----D---- C:\WINDOWS\system32\drivers
2010-05-26 13:43:01 ----D---- C:\WINDOWS
2010-05-26 13:39:29 ----RD---- C:\Program Files
2010-05-26 11:15:30 ----D---- C:\WINDOWS\Temp
2010-05-25 22:07:57 ----D---- C:\WINDOWS\Minidump
2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32
2010-05-25 20:42:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-22 22:53:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-20 11:11:21 ----SD---- C:\WINDOWS\Tasks
2010-05-17 14:28:04 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000
2010-05-06 13:02:31 ----SHD---- C:\WINDOWS\Installer
2010-05-04 14:36:22 ----D---- C:\Program Files\NAPI-PROJEKT
2010-05-03 22:30:07 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 262144]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/10 12:10:32]; \??\D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 aiy4j82d;aiy4j82d; C:\WINDOWS\system32\drivers\aiy4j82d.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-02 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
R2 KPF4;Kerio Personal Firewall 4; D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe [2004-10-27 1912832]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz (edytowane)

Teraz patrzę, mała pomyłka, ale robiłem to późno i byłem po całym dniu pracy. Przepraszam.


Wklej do Avenger'a:
[code]Files to delete:
C:\i8ikdjwt.exe
C:\vgyn6ewc.exe
D:\i8ikdjwt.exe
D:\vgyn6ewc.exe[/code]
execute...

Raport z Avenger'a poproszę.

Co do BSOD'u. W katalogu C:\Windows\Minidump powstają zrzuty pamięci o rozszerzeniu .dmp
Obrób ostatni Bsod (data jest w nazwie pliku), Windows Debbuger'em i wynik wrzuć na forum.
W zakladce Files\Symbols file path, wstaw SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
, następnie Open Crash Dump i dalej już samo się zrobi :)

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Co tylko zechcesz.
[log]
Logfile of The Avenger Version 2.0, © by Swandog46
[url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\i8ikdjwt.exe" not found!
Deletion of file "C:\i8ikdjwt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\vgyn6ewc.exe" not found!
Deletion of file "C:\vgyn6ewc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist




Logfile of The Avenger Version 2.0, © by Swandog46
[url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\i8ikdjwt.exe" not found!
Deletion of file "C:\i8ikdjwt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\vgyn6ewc.exe" not found!
Deletion of file "C:\vgyn6ewc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "D:\i8ikdjwt.exe" deleted successfully.
File "D:\vgyn6ewc.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
[/log]

[log]
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini052510-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0
Debug session time: Tue May 25 22:03:11.406 2010 (GMT+2)
System Uptime: 0 days 0:00:26.015
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C000021A, {e15e9d40, 402, 0, 0}

*** WARNING: Unable to verify timestamp for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntoskrnl.exe ( nt+5c80e )

Followup: MachineOwner
---------

[/log]



Pliki z dysku D zniknęły.

Tomek01
komentarz
komentarz

No to teraz jest czysto.
W OTL użyj opcji Clean Up.

  • Dobra wypowiedź 1
antos
komentarz
komentarz

Ok dzięki.
Problem rozwiązany.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.