antos utworzono 6 maja 2010 utworzono 6 maja 2010 (edytowane) Witam. Jak zwykle złączam log do sprawdzenia. Chcę go sprawdzić ponieważ dziś zauważyłem, że mam w włączone różne procesy, których nazwy mi nic nie mówią, sprawdzanie w google moim zdaniem nie ma sensu, bo większość wirusów się podszywa lub ma nazwy wygenerowane losowo. Do tego jak dziś za pomocą easy cleanera zajrzałem do tego co mi siedzi w autostarcie to mnie z lekka zdziwiło, bo razem z systemem uruchamia i się tylko avast i kerio. Najbardziej niepokoi mnie proces brs.exe, którego nie da się wyrzucić. Do tego zauważyłem częstsze przycinki. [log]OTL logfile created on: 2010-05-06 14:03:51 - Run 2 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 38,00 Mb Available Physical Memory | 15,00% Memory free 618,00 Mb Paging File | 248,00 Mb Available in Paging File | 40,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,79 Gb Free Space | 29,85% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 13,98 Gb Free Space | 20,39% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe PRC - [2010-03-13 12:58:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe PRC - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe PRC - [2009-10-27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-06-19 11:54:26 | 001,534,464 | ---- | M] (Nokia) -- D:\Programy\PCSUITE\Nokia PC Suite 6\MusicManager.exe PRC - [2007-06-19 11:17:04 | 001,241,088 | ---- | M] (Time Information Services Ltd.) -- D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-05-04 09:30:46 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-01-02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™ DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™ DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M] [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions [2010-05-05 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com [2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - Startup: C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames [2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry [2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink [2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink [2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink [2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink [2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink [2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2 [2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help [2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun [2010-03-24 16:57:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\użytkownik\Phone Browser [2010-03-19 17:52:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-03-19 17:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-19 17:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-03-19 17:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia [2010-03-19 17:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite [2010-03-19 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2010-03-19 17:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-03-19 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite [2010-03-19 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-03-19 17:04:57 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys [2010-03-19 17:04:56 | 000,012,288 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys [2010-03-19 17:04:56 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys [2010-03-19 17:04:55 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2010-03-19 17:04:55 | 000,137,216 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys [2010-03-19 17:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010-03-19 17:04:53 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2010-03-14 13:55:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-03-14 10:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010-03-14 10:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2010-03-14 10:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2010-03-13 10:29:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-03-13 10:29:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-03-13 10:29:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-03-13 10:29:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-03-13 10:29:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-03-13 10:27:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 60 Days ==========[/color] [2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-05-06 12:02:56 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT [2010-05-06 11:35:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-05-06 11:35:51 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-05 07:48:46 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Metin2 PL.lnk [2010-05-04 22:28:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini [2010-05-04 22:28:26 | 001,575,194 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-05-04 14:20:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-04 14:20:37 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-04 14:17:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-18 09:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys [2010-04-17 14:33:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat [2010-04-17 14:23:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat [2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [2010-03-26 12:20:20 | 000,240,562 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie001.jpg [2010-03-26 12:19:54 | 000,237,086 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie000.jpg [2010-03-22 19:50:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\pozytywizm.doc [2010-03-19 17:12:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf [2010-03-19 17:12:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf [2010-03-19 17:10:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010-03-16 16:37:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$wy Dokument programu Microsoft Word.doc [2010-03-13 10:37:24 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 18:12:57 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Metin2 PL.lnk [2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-17 14:33:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat [2010-04-17 14:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys [2010-04-17 14:23:47 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat [2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [2010-03-27 12:21:30 | 000,240,562 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie001.jpg [2010-03-27 12:21:29 | 000,237,086 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Zdjęcie000.jpg [2010-03-22 19:49:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\pozytywizm.doc [2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-03-19 17:07:46 | 000,002,237 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-03-16 16:37:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$wy Dokument programu Microsoft Word.doc [2010-03-13 10:29:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-03-13 10:29:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-03-13 10:29:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-03-13 10:29:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-03-13 10:29:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-03-12 20:27:43 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash [2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-02-07 00:15:46 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini [2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color="#e56717"]========== LOP Check ==========[/color] [2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog [2010-05-04 22:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 [2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu [2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia [2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite [2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-06 11:35:51 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-05 22:22:07 | 000,029,304 | ---- | M] () -- C:\hpfr3500.log [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-06 11:35:49 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys [color="#a23bec"]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color="#a23bec"]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color="#a23bec"]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color="#a23bec"]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color="#a23bec"]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2010-05-06 14:03:51 - Run 2 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 38,00 Mb Available Physical Memory | 15,00% Memory free 618,00 Mb Paging File | 248,00 Mb Available in Paging File | 40,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,79 Gb Free Space | 29,85% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 13,98 Gb Free Space | 20,39% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color="#e56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies) "D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies) "D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET) [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1 "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "3D Driving-School" = 3D Driving-School "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "ASUS Probe V2.19.07" = ASUS Probe V2.19.07 "ATI Display Driver" = ATI Display Driver "avast5" = avast! Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "EAGLE 4.16r2" = EAGLE 4.16r2 "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nokia PC Suite" = Nokia PC Suite "NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP "RealAlt_is1" = Real Alternative 2.0.1 Lite "Soldat_is1" = Soldat 1.5.0 "SSUtils" = NVIDIA nForce Utilities "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WlatcyMoch_is1" = WlatcyMoch "Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 2010-05-06 05:37:46 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 < End of report > [/log] Wiem, że nie jest to najnowsza konstrukcja, ale do tej pory chodził w miarę wporządku. Wiem, że jest też trochę zaśmiecony, ale najpierw chciałbym, go oczyścić z wiadomo czego... [color="blue"]Edycja[/color] Dziś rano spojrzałem ponownie do tego autostartu i proces ten obecnie nazywa się monxga32.exe i dalej nie da się go usunąć. I zapomniałem dodać, że jest on pokazywany tak jakby stratował z folderu autostart, jednak ten jest pusty... [color="blue"]Edycja 2[/color] Spostrzegłem też, że po każdym restarcie kompa wyłączana jest opcja "pokaż ukryte pliki i folder" Teraz mam pewność, że to infekcja, tylko ja sobie z nią nie mogę poradzić... [color="blue"]Edycja 3[/color] Brat mi dziś doniósł, że jak korzystał z komputera to mu Avast pokazał monit o znalezionym wirusie, a on oczywiście nie zwraca na to uwagi i kliknął usuń nawet nie czytając tego, więc nie wiem co to był za plik, ani na jakim był dysku. [color="blue"]Edycja 4 [/color] Kolejna 4 już edycja. Dziś zaraz po włączeniu czekał na mnie monit o znalezionym wirusie. jego nazwa to i8ikdjwt.exe wygląda na nazwę wygenerowaną losowo. Jak już wcześniej wspominałem nie działa kompletnie opcja "Pokaż ukryte pliki i foldery" Ponieważ automatycznie się przełącza na opcję nie pokazuj. Do tego dziś w autostarcie jeszcze jeden program. NOD 32 się nazwał, znajduje się w Temp na dysku C: i uruchamiany jest z pliku nodqq.exe. [color="blue"]Edycja 5[/color] Plik w auto starcie znów nosi nazwę monxga,exe i ma taka samą ścieżkę jak w pierwszym przypadku. 17 Dni i nikt się nie zajął moim logiem ;/
Tomek01 komentarz 24 maja 2010 komentarz 24 maja 2010 (edytowane) Po 1-sze: A propo's pokazywania opcji ukrytych plików i folderów: Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm. Po 2-gie: Uruchom HiJackThis w trybie awaryjnym i zanzcaz fajke przy podanym wpisie a nastepnie fix checked: [code]O4 - Startup: C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe ()[/code] Po 3-cie: Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst (bez frazy kod): [code]Files to delete: C:\WINDOWS\System32\fjhdyfhsn.bat C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe[/code] Klikasz execute, komputer uruchamia się ponownie. Po 4-te: Ponizszy plik przeskanuj na virustotal i podaj wynik. [code]C:\WINDOWS\System32\drivers\laibdgzd.sys[/code] Po wszystkim załącz: Raport z Avenger'a, który powstanie po zastosowaniu skryptu, nowy log OTL oraz log RSIT (koniecznie). 1
antos komentarz 25 maja 2010 Autor komentarz 25 maja 2010 Opcja pokaż ukryte pliki i folder działa poprawnie Załączam wymagane logi: [log] Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\System32\fjhdyfhsn.bat" deleted successfully. File "C:\Documents and Settings\użytkownik\Dane aplikacji\avdrn.dat" deleted successfully. Error: file "C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe" not found! Deletion of file "C:\Documents and Settings\użytkownik\Menu Start\Programy\Autostart\monxga32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. [/log] Po wysłaniu pliku na virustotal wyskakuje informacja: 0 bytes size received / Se ha recibido un archivo vacio log z OTL-a [log] OTL logfile created on: 2010-05-25 21:02:12 - Run 3 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 37,00 Mb Available Physical Memory | 15,00% Memory free 618,00 Mb Paging File | 354,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,43 Gb Free Space | 23,80% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM) DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM) DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M] [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions [2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com [2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger [2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads [2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp [2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google [2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames [2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry [2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink [2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink [2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink [2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink [2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink [2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2 [2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help [2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun [2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-05-25 21:01:39 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT [2010-05-25 20:51:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-05-25 20:51:08 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-25 20:50:22 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini [2010-05-25 20:50:19 | 003,775,730 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat [2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml [2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk [2010-04-22 08:13:12 | 000,128,512 | RHS- | M] () -- C:\vgyn6ewc.exe [2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-18 09:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys [2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys [2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-07 13:32:21 | 000,128,512 | RHS- | C] () -- C:\vgyn6ewc.exe [2010-05-07 13:32:21 | 000,000,063 | RHS- | C] () -- C:\autorun.inf [2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-17 14:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\laibdgzd.sys [2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini [2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog [2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 [2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu [2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia [2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite [2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat [2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-11 09:45:44 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2010-05-25 20:50:53 | 000,001,804 | ---- | M] () -- C:\avenger.txt [2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-25 20:51:08 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-25 20:51:05 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys [2010-04-22 08:13:12 | 000,128,512 | RHS- | M] () -- C:\vgyn6ewc.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] oraz RSIT [log] Logfile of random's system information tool 1.07 (written by random/random) Run by użytkownik at 2010-05-25 21:08:25 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 1 GB (24%) free of 6 GB Total RAM: 255 MB (6% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:08:52, on 2010-05-25 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\Avast\AvastSvc.exe D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe D:\Programy\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe D:\Programy\Firefox\firefox.exe C:\Documents and Settings\użytkownik\Pulpit\Programy\RSIT.exe C:\Program Files\trend micro\użytkownik.exe O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] "D:\Programy\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 3401 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Programy\java\bin\jp2ssv.dll [2010-03-30 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=D:\Programy\Avast\avastUI.exe [2010-01-19 2743104] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoFavoritesMenu"=1 "NoSMHelp"=1 "NoDriveAutoRun"=0xFFFFFFFF "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service" "D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "D:\Programy\BitSpirit\BitSpirit.exe"="D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-05-25 21:08:30 ----D---- C:\Program Files\trend micro 2010-05-25 21:08:25 ----D---- C:\rsit 2010-05-25 20:50:53 ----D---- C:\Avenger 2010-05-25 20:50:52 ----A---- C:\avenger.txt 2010-05-13 15:10:19 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia 2010-05-07 13:32:21 ----RSH---- C:\vgyn6ewc.exe ======List of files/folders modified in the last 1 months====== 2010-05-25 21:08:52 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-25 21:08:30 ----RD---- C:\Program Files 2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32\drivers 2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32 2010-05-25 20:50:53 ----D---- C:\WINDOWS 2010-05-25 20:42:43 ----A---- C:\WINDOWS\ntbtlog.txt 2010-05-25 15:41:59 ----D---- C:\WINDOWS\Temp 2010-05-22 22:53:22 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-20 11:11:21 ----SD---- C:\WINDOWS\Tasks 2010-05-17 14:28:04 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 2010-05-06 13:02:31 ----SHD---- C:\WINDOWS\Installer 2010-05-04 14:36:22 ----D---- C:\Program Files\NAPI-PROJEKT 2010-05-03 22:30:07 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240] R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 262144] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/10 12:10:32]; \??\D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl [] R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304] R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056] R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007] S3 asr4nqn3;asr4nqn3; C:\WINDOWS\system32\drivers\asr4nqn3.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\catchme.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-02 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696] R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] R2 KPF4;Kerio Personal Firewall 4; D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe [2004-10-27 1912832] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800] -----------------EOF----------------- [/log] [log] info.txt logfile of random's system information tool 1.06 2010-05-25 21:08:55 ======Uninstall list====== -->D:\Programy\Nero 7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Driving-School-->"D:\Gry\3D Driving-School\uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ALLPlayer V4.X-->"D:\Programy\ALLPlayer\unins000.exe" ASUS Probe V2.19.07-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll" ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Free Antivirus-->D:\Programy\Avast\aswRunDll.exe "D:\Programy\Avast\Setup\setiface.dll" RunSetup CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall EAGLE 4.16r2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EAGLE-4.16r2\DeIsL1.isu" HD Tune 2.55-->"D:\Programy\HD Tune\unins000.exe" HijackThis 2.0.2-->"D:\Programy\HijackThis\HijackThis.exe" /uninstall IrfanView (remove only)-->D:\Programy\Infran Viev\iv_uninstall.exe Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Kerio Personal Firewall-->MsiExec.exe /X{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.3)-->D:\Programy\Firefox\uninstall\helper.exe MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nero 7 Essentials-->MsiExec.exe /X{1DED92A7-05FA-4736-8AEA-1BE2363F1045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\US.exe Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72} Nokia Software Updater-->MsiExec.exe /X{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7} NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0} Prince of Persia Sands of Time-->"D:\Gry\Prince of Persia Sands of Time\unins000.exe" Real Alternative 2.0.1 Lite-->"C:\Program Files\Real Alternative\unins000.exe" SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15 Soldat 1.5.0-->"D:\Gry\Soldat\unins000.exe" Sterowniki NVIDIA nForce dla Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush Tiberia Client-->D:\Gry\asasa\Uninstal.exe TIBIA 7.92 OTS24.NET-->D:\Gry\tibia_ots24\unins000.exe TibiaServer v2.30-->D:\Gry\TibiaServer\Uninstall.exe WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe WlatcyMoch-->D:\Gry\WlatcyMoch\unins000.exe Włatcy Móch - Olimpiada Podwórkowa-->"D:\Gry\Włatcy Móch - Olimpiada Podwórkowa\unins000.exe" ======System event log====== Computer Name: HOME-D04C4A7CBD Event Code: 26 Message: Podręczne okno aplikacji: : Machine Check: Record Number: 5 Source Name: Application Popup Time Written: 20100506113618.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 26 Message: Podręczne okno aplikacji: : Machine Check: Regs Record Number: 4 Source Name: Application Popup Time Written: 20100506113618.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 26 Message: Podręczne okno aplikacji: : Machine Check: Record Number: 3 Source Name: Application Popup Time Written: 20100506113618.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 2 Source Name: EventLog Time Written: 20100506113559.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20100506113559.000000+120 Event Type: informacje User: =====Application event log===== Computer Name: HOME-D04C4A7CBD Event Code: 1004 Message: Wykrycie produktu „{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}”, funkcja „LaunchApplication”, składnik „{1BD095EA-7BEF-47F6-86F8-2F29F95F0C59}” nie powiodło się. Zasób „HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCSuiteTrayApplication” nie istnieje. Record Number: 5 Source Name: MsiInstaller Time Written: 20100506130105.000000+120 Event Type: ostrzeżenie User: HOME-D04C4A7CBD\użytkownik Computer Name: HOME-D04C4A7CBD Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 4 Source Name: LightScribeService Time Written: 20100506113620.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 105 Message: The service was started. Record Number: 3 Source Name: ATI Smart Time Written: 20100506113602.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 2 Source Name: LightScribeService Time Written: 20100505152747.000000+120 Event Type: informacje User: Computer Name: HOME-D04C4A7CBD Event Code: 105 Message: The service was started. Record Number: 1 Source Name: ATI Smart Time Written: 20100505152730.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log]
Tomek01 komentarz 25 maja 2010 komentarz 25 maja 2010 1. Czy Flash Disinfector użyłeś przed wykonaniem logów ? Nie widzę w logach śladów użycia. Choć jednak widzę, że zainfekowałeś się ponownie. Używałeś jakiegoś pen'a ? Zastosuj ponownie Flash Disinfector, koniecznie podłącz wszelkie pamięci USB (nawet z komórką). 2. We wczesniejszym logu widziałem, że uzywaleś Combofix'a, teraz jednak nie widzę, usuwałeś sam te pliki ( wjaki sposób ?). Jak masz jeszcze log z niego to załącz - Combofix.txt 3. Do Avenger'a wklej: [code]Files to delete: C:\autorun.inf C:\vgyn6ewc.exe C:\WINDOWS\System32\drivers\laibdgzd.sys Drivers to delete: catchme[/code] Execute... Zalącz raport oraz nowy log OTL. 1
antos komentarz 25 maja 2010 Autor komentarz 25 maja 2010 Mam jednego pendriva. Podłączyłem go do kompa włączyłem ten program i jak wyskoczyło done, to odłączyłem i koniec. Nie podłączałem potem nic do USB, zresztą używałem tego nie dalej jak 30 minut temu przed wykonaniem wszelkich logów. Combofixa nie używałem, ani wtedy, ani teraz. Co prawda mam go na dysku, ale nie używam jak mi ktoś nie każe, bo średnio się na tym znam i wolę nie ruszać. Tak w zasadzie to o jakie pliki Ci chodzi? Nie usuwałem samodzielnie żadnych plików, przynajmniej umyślnie. Zrobiłem wszystko w takiej kolejności jak kazałeś według wszelakich wskazówek. Znalazłem log o który Ci chodziło. Pochodzi on z 13.03.2010. Już nie pamiętam po co wtedy go używałem. W każdym bądź razie załączam ów plik. [log]ComboFix 10-03-12.04 - użytkownik 2010-03-13 9:32.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.255.65 [GMT 1:00] Uruchomiony z: c:\documents and settings\użytkownik\Pulpit\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Kerio Personal Firewall *disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA} * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\sstray.exe . ((((((((((((((((((((((((( Pliki utworzone od 2010-02-13 do 2010-03-13 ))))))))))))))))))))))))))))))) . 2010-03-05 19:38 . 2010-03-05 19:38 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-01 13:52 . 2010-03-01 13:52 -------- d-----w- c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\ATI 2010-03-01 13:52 . 2010-03-01 13:52 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\ATI 2010-02-22 08:43 . 2010-02-22 08:44 -------- d-----w- c:\windows\system32\NtmsData 2010-02-21 12:46 . 2010-02-21 13:35 -------- d-----w- c:\windows\system32\Adobe 2010-02-17 10:59 . 2010-02-17 10:59 0 ----a-r- C:\logwmemory.bin 2010-02-16 15:28 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-02-13 12:33 . 2010-02-13 12:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LightScribe 2010-02-13 12:30 . 2010-02-13 12:30 -------- d-----w- c:\program files\Common Files\LightScribe 2010-02-13 12:27 . 2010-02-13 12:28 -------- d-----w- c:\program files\Common Files\Ahead 2010-02-13 12:27 . 2010-02-13 12:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-02-13 08:50 . 2010-02-13 08:50 -------- d-----w- C:\found.000 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 08:19 . 2010-01-24 20:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-28 15:31 . 2010-02-03 13:45 -------- d-----w- c:\program files\ATI Technologies 2010-02-28 15:13 . 2001-10-26 16:15 448004 ----a-w- c:\windows\system32\perfh015.dat 2010-02-28 15:13 . 2001-10-26 16:15 74230 ----a-w- c:\windows\system32\perfc015.dat 2010-02-17 19:00 . 2010-01-30 10:35 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-02-10 15:18 . 2010-01-29 16:05 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-02-03 13:45 . 2010-01-24 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-30 10:48 . 2010-01-30 10:35 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-30 10:48 . 2010-01-30 10:48 130048 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-30 10:47 . 2010-01-30 10:47 493080 ----a-w- c:\windows\system32\evr.dll 2010-01-30 10:47 . 2010-01-30 10:47 207360 ----a-w- c:\windows\system32\evrprop.dll 2010-01-30 10:47 . 2010-01-30 10:47 73752 ----a-w- c:\windows\system32\dxva2.dll 2010-01-30 10:47 . 2010-01-30 10:47 258048 ----a-w- c:\windows\system32\libFLAC.dll 2010-01-30 10:47 . 2010-01-30 10:47 79360 ----a-w- c:\windows\system32\mkzlib.dll 2010-01-30 10:46 . 2010-01-30 10:46 23552 ----a-w- c:\windows\system32\mkunicode.dll 2010-01-30 10:44 . 2010-01-30 10:44 -------- d-----w- c:\program files\Real Alternative 2010-01-29 19:19 . 2010-01-29 19:19 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-27 19:51 . 2010-01-27 19:51 -------- d-----w- c:\program files\Microsoft.NET 2010-01-25 17:29 . 2010-01-24 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-19 11:42 . 2010-01-24 18:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-01-19 11:42 . 2010-01-24 18:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys . ------- Sigcheck ------- [-] 2008-05-02 . 99BD46C2C790E52363DD1021DDCA3E8F . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="d:\programy\Alcohol 120\axcmd.exe" [2007-08-01 222592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="d:\programy\Avast\avastUI.exe" [2010-01-19 2743104] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-03-01 124928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Programy\\Kerio\\Personal Firewall 4\\kpf4ss.exe"= "d:\\Programy\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "d:\\Programy\\BitSpirit\\BitSpirit.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-01-24 162640] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-24 19024] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-03-05 685816] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-05-15 16:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - component: c:\documents and settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: d:\programy\acrobat\Reader\browser\nppdf32.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- d:\programy\Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\programy\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\programy\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\programy\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\programy\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\programy\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\programy\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\programy\Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\programy\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\programy\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\programy\Firefox\greprefs\all.js - pref("html5.enable", false); d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\programy\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\programy\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\programy\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\programy\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\programy\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\programy\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\programy\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\programy\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\programy\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\programy\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-13 09:37 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2010-03-13 09:39:42 ComboFix-quarantined-files.txt 2010-03-13 08:39 Przed: 2 209 005 568 bajtów wolnych Po: 2 254 962 688 bajtów wolnych - - End Of File - - 991A728A3527D928D8D106B65B4A5C03 [/log] Za chwilę zaktualizuję post i wkleję loga z OTL-a i Avengera. [color="blue"]Aktualizacja[/color] Użyłem Disinfectroa tak jak mówiłeś. Podłączyłem pendrive i włączyłem jak wyskoczyło done to odłączyłem pendriva i koniec. Później wkleiłem do avengera ten skrypt, restart i po pierwszym uruchomieniu BSOD. Pierwszy od bardzo długiego czasu. Stop: c000021a {B Proces systemowy Windows Logon Process zakończył się niespodziewanie ze stanem 0x00000402 (0x00000000 0x00000000). Zbieg okoliczności? Potem restart z mojej strony i uruchomił się bez problemu. Wyświetlił taki oto log z Avengera: [log] Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\autorun.inf" deleted successfully. File "C:\vgyn6ewc.exe" deleted successfully. File "C:\WINDOWS\System32\drivers\laibdgzd.sys" deleted successfully. Driver "catchme" deleted successfully. Completed script processing. ******************* Finished! Terminate. [/log] Wklejam świeżego OTL-a [log] OTL logfile created on: 2010-05-25 22:17:24 - Run 4 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 50,00 Mb Available Physical Memory | 19,00% Memory free 618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,44 Gb Free Space | 23,92% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™ DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™ DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M] [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions [2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com [2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-05-25 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-05-25 21:08:25 | 000,000,000 | ---D | C] -- C:\rsit [2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger [2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads [2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp [2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google [2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames [2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry [2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink [2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink [2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink [2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink [2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink [2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2 [2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help [2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun [2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 60 Days ==========[/color] [2010-05-25 22:07:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-05-25 22:07:50 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-25 22:07:47 | 048,840,704 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010-05-25 22:02:34 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT [2010-05-25 22:02:34 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini [2010-05-25 22:02:28 | 004,310,212 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat [2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml [2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys [2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini [2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color="#e56717"]========== LOP Check ==========[/color] [2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog [2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 [2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu [2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia [2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite [2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat [2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-25 22:07:37 | 000,001,290 | ---- | M] () -- C:\avenger.txt [2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-25 22:07:50 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-25 22:07:47 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys [color="#a23bec"]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color="#a23bec"]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color="#a23bec"]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color="#a23bec"]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color="#a23bec"]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2010-05-25 22:17:24 - Run 4 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 50,00 Mb Available Physical Memory | 19,00% Memory free 618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,44 Gb Free Space | 23,92% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color="#e56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies) "D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies) "D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET) [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1 "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "3D Driving-School" = 3D Driving-School "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "ASUS Probe V2.19.07" = ASUS Probe V2.19.07 "ATI Display Driver" = ATI Display Driver "avast5" = avast! Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "EAGLE 4.16r2" = EAGLE 4.16r2 "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nokia PC Suite" = Nokia PC Suite "NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP "ots24.net_is1" = TIBIA 7.92 OTS24.NET "Prince of Persia Sands of Time_is1" = Prince of Persia Sands of Time "RealAlt_is1" = Real Alternative 2.0.1 Lite "Soldat_is1" = Soldat 1.5.0 "SSUtils" = NVIDIA nForce Utilities "Tiberia Client" = Tiberia Client "TibiaServer v2.30" = TibiaServer v2.30 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WlatcyMoch_is1" = WlatcyMoch "Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 [color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-05-21 04:37:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-22 05:22:09 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-22 11:11:16 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-23 03:55:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = [ System Events ] Error - 2010-05-25 14:43:41 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-05-25 14:43:41 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 2010-05-25 14:44:40 | Computer Name = HOME-D04C4A7CBD | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-05-25 14:49:07 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-25 14:51:22 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-05-25 14:52:51 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-25 14:52:51 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Si3112 Error - 2010-05-25 16:08:07 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Si3112 < End of report > [/log] Opcja pokaż ukryte pliki i foldery znowu działa poprawnie. Jednak tym razem wraz z ukrytymi plikami coś mi wyłączyło także pokazywanie rozszerzeń znanych plików. Znalazłem dwa ukryte pliki na dysku D: i8ikdjwt.exe vgyn6ewc.exe [color=blue] aktualizacja 2[/color] Dałem odśwież i koniec. Znikły ukryte pliki i rozszerzenia.
Tomek01 komentarz 25 maja 2010 komentarz 25 maja 2010 To są pliki po uruchomieniu Combofix'a: C:\WINDOWS\SWREG.exe C:\WINDOWS\NIRCMD.exe C:\WINDOWS\SWXCACLS.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\ERDNT C:\Qoobox (ten jeśli jest powinien być usunięty, choć w drugim logu OTL już go nie ma ). Czy masz najnowsze aktualizacje Microsoft zainstalowane? Do Avenger'a wklej: [code]Files to delete: i8ikdjwt.exe vgyn6ewc.exe[/code] Execute... Załącz raport z Avenger'a oraz log OTL, ale po włączeniu opcji pokaż ukryte pliki i foldery. 1
antos komentarz 25 maja 2010 Autor komentarz 25 maja 2010 System jest nieaktualizowany od ponad roku. Tak mi się wydaje, bo automatyczne wyłączyłem, a ręcznie mi się nie chce. C:\Qoobox istnieje i ma się dobrze. Mam usunąć ręcznie dobrze rozumie? Wraz z pozostałymi wypisanymi plikami?[i] [/i][color="blue"] aktualizacja[/color] No więc uruchomiłem avengera tak jak poleciłeś. [log]Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "i8ikdjwt.exe" not found! Deletion of file "i8ikdjwt.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "vgyn6ewc.exe" not found! Deletion of file "vgyn6ewc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.[/log] Angielski znam na tyle, żeby domyślić się, że po prostu program nie znalazł tych plików. Jednakże na dysku D: ciągle ich nie było. Włączyłem więc pokazywanie ukrytych plików i folderów (które teraz działa poprawnie), pokazywanie rozszerzeń i pokazywanie plików systemowych. Wtedy oba pliki na dysku D się pojawiły. Uruchomiłem Avengera jeszcze raz i [log]Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "i8ikdjwt.exe" not found! Deletion of file "i8ikdjwt.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "vgyn6ewc.exe" not found! Deletion of file "vgyn6ewc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.[/log] Znowu ich nie znalazł, jednak one fizycznie tam są. Żeby potwierdzić załączam screena: [url="http://img263.imageshack.us/i/wirusy.jpg/"][img]http://img263.imageshack.us/img263/452/wirusy.th.jpg[/img][/url] Z tymi wszystkimi opcjami włączyłem OTL-a. [log]OTL logfile created on: 2010-05-26 13:55:25 - Run 5 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 35,00 Mb Available Physical Memory | 14,00% Memory free 618,00 Mb Paging File | 351,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,50 Gb Free Space | 24,98% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-04-02 19:17:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe PRC - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe PRC - [2010-01-19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastUI.exe PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Programy\Avast\AvastSvc.exe PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-15 18:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2006-05-03 18:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe PRC - [2004-10-27 11:56:00 | 002,899,968 | ---- | M] (Kerio Technologies) -- D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-03-12 18:42:41 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\użytkownik\Pulpit\Programy\OTL.exe MOD - [2008-05-02 08:48:16 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Programy\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2004-10-27 11:56:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-13 12:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/10 12:10:32] [Kernel | Auto | Running] -- D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010-03-05 21:38:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-01-19 13:43:12 | 000,100,304 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-01-19 13:42:40 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-12-30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-12-30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-11-02 11:00:52 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2004-03-02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2004-03-02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2002-12-05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™ DRV - [2002-12-05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™ DRV - [2002-09-06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [1997-04-22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox\components [2010-04-07 16:37:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-04-02 19:17:18 | 000,000,000 | ---D | M] [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Extensions [2010-01-24 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\7r2r3lde.default\extensions [2010-05-25 17:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-24 22:13:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-24 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\bkmrksync@nokia.com [2010-01-24 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\h65ehtwz.default\extensions\piclens@cooliris.com O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avast5] D:\Programy\Avast\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home O24 - Desktop WallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-12-08 21:01:10 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-01-24 19:24:31 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-05-25 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-05-25 21:08:25 | 000,000,000 | ---D | C] -- C:\rsit [2010-05-25 20:50:53 | 000,000,000 | ---D | C] -- C:\Avenger [2010-05-20 11:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Downloads [2010-05-20 11:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Temp [2010-05-20 11:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Google [2010-05-13 15:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [2010-04-18 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\Max Payne 2 Savegames [2010-04-18 12:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Pulpit\Gry [2010-04-10 12:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Cyberlink [2010-04-10 12:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Moje dokumenty\CyberLink [2010-04-10 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\CyberLink [2010-04-10 12:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2010-04-10 12:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink [2010-04-10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink [2010-04-10 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-08 11:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-03 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-4.16r2 [2010-03-30 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-30 19:48:17 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010-03-30 19:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-03-30 19:04:39 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-03-30 19:04:39 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-03-30 19:04:34 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-03-30 19:04:33 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-03-30 19:04:31 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-03-30 19:04:28 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010-03-30 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2010-03-30 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010-03-30 16:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\Help [2010-03-30 16:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Help [2010-03-30 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-30 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-30 16:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Sun [2010-03-19 17:10:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-24 19:27:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-01-24 19:27:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-24 19:25:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 60 Days ==========[/color] [2010-05-26 13:50:12 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\użytkownik\NTUSER.DAT [2010-05-26 13:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-05-26 13:43:13 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-26 13:42:30 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\użytkownik\ntuser.ini [2010-05-26 13:42:26 | 004,277,500 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-05-25 23:50:37 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Nowy Dokument programu Microsoft Word.doc [2010-05-25 22:07:47 | 048,840,704 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010-05-25 17:49:27 | 002,836,634 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-25 11:37:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-05-24 21:19:16 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-22 22:53:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-21 23:18:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-20 20:51:19 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:11 | 000,243,176 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:58 | 000,213,386 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:49 | 000,203,594 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:35 | 000,244,154 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:26 | 000,236,368 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:07 | 000,242,532 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:08 | 000,206,484 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 20:33:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 17:27:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:26:52 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-11 17:21:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-07 07:44:28 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\edacded0_x.dat [2010-05-07 07:44:27 | 000,000,228 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7_x.xml [2010-05-06 13:44:37 | 000,897,918 | ---- | M] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-05-06 13:02:31 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-05-04 18:40:25 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-05-03 22:30:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-28 19:11:41 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\AQQ.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-17 14:23:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-04-11 17:10:20 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2010-04-03 19:27:51 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:42:40 | 000,000,259 | ---- | M] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:49:54 | 000,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-30 20:49:54 | 000,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-30 20:49:54 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-30 20:49:54 | 000,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-30 20:49:54 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-30 20:47:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-30 20:47:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-29 19:29:55 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-05-25 22:43:57 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Nowy Dokument programu Microsoft Word.doc [2010-05-25 20:47:24 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys [2010-05-25 17:50:54 | 002,836,634 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\sprawdziany z anglika.rar [2010-05-24 21:19:16 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia Sands of Time.lnk [2010-05-20 20:51:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\TibiaServer v2.30.lnk [2010-05-20 11:17:56 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Google Chrome.lnk [2010-05-20 11:11:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job [2010-05-18 17:25:10 | 000,243,176 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 532 12M ŁADOW...mdi [2010-05-18 17:24:57 | 000,213,386 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny ŁADOWARKA TE...mdi [2010-05-18 17:24:48 | 000,203,594 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Liebherr L509 STE...mdi [2010-05-18 17:24:34 | 000,244,154 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB 528-70, Inny,...mdi [2010-05-18 17:24:25 | 000,236,368 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 2CX Airma...mdi [2010-05-18 17:24:14 | 000,199,488 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka CAT, Volvo, Zeppe...mdi [2010-05-18 17:24:01 | 000,242,532 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka JCB JCB 407 2000r...mdi [2010-05-18 17:16:07 | 000,206,484 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\Ładowarka Inny KRAMER 318, ...mdi [2010-05-11 17:27:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$mowy plan wypowiedzi.doc.doc [2010-05-11 17:10:57 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\aneks z wyborem cytatów.doc.doc [2010-05-11 16:18:38 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ramowy plan wypowiedzi.doc.doc [2010-05-11 12:06:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\DSC07084.JPG.sha [2010-05-08 15:30:30 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\Polski usnty.doc.doc [2010-05-04 18:35:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2010-05-04 14:36:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\ALLPlayer V4.3.lnk [2010-04-20 16:12:43 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\~$bliografia.doc [2010-04-03 18:50:51 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\użytkownik\Moje dokumenty\eaglerc.usr [2010-03-30 21:30:40 | 000,000,259 | ---- | C] () -- C:\WINDOWS\p [2010-03-30 20:56:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010-03-30 20:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf [2010-03-30 20:47:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010-03-30 20:47:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-03-29 15:49:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\użytkownik\Pulpit\bibliografia.doc [2010-03-20 19:02:50 | 000,897,918 | ---- | C] () -- C:\Documents and Settings\użytkownik\Dane aplikacji\NMM-MetaData.db [2010-03-05 21:38:29 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-17 22:14:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-02-07 00:15:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\użytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-01 19:04:34 | 000,005,276 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2010-02-01 19:04:19 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2010-01-30 12:48:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-30 12:47:53 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2010-01-30 12:47:45 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2010-01-30 12:47:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2010-01-30 12:46:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2010-01-30 12:35:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-27 22:02:23 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-01-24 19:46:11 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2010-01-24 19:46:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2010-01-24 19:46:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2010-01-24 19:46:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\adiras.ini [2010-01-24 19:46:07 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2010-01-24 19:39:47 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2010-01-24 19:36:34 | 000,018,253 | R--- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2010-01-24 19:35:40 | 000,003,272 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-24 19:35:33 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-11-02 11:00:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color="#e56717"]========== LOP Check ==========[/color] [2010-01-24 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-03-30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-02-13 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-03-30 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-19 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-04-08 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Schematica [2010-04-10 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-04-16 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\EurekaLog [2010-05-17 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 [2010-01-25 11:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Gadu-Gadu [2010-03-21 11:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Nokia [2010-04-07 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\PC Suite [2010-02-17 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Soldat [2010-05-13 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-26 13:43:01 | 000,001,562 | ---- | M] () -- C:\avenger.txt [2010-05-26 13:39:29 | 000,001,562 | ---- | M] () -- C:\avenger1.txt [2010-01-24 19:19:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-13 10:39:43 | 000,010,439 | ---- | M] () -- C:\ComboFix.txt [2010-01-24 19:25:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-26 13:43:13 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-18 17:51:32 | 000,036,955 | ---- | M] () -- C:\hpfr3500.log [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-17 12:59:31 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2010-01-24 19:25:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-26 13:43:11 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys [color="#a23bec"]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color="#a23bec"]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color="#a23bec"]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color="#a23bec"]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color="#a23bec"]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2010-05-26 13:55:25 - Run 5 OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\użytkownik\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255,00 Mb Total Physical Memory | 35,00 Mb Available Physical Memory | 14,00% Memory free 618,00 Mb Paging File | 351,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,01 Gb Total Space | 1,50 Gb Free Space | 24,98% Space Free | Partition Type: NTFS Drive D: | 68,55 Gb Total Space | 10,08 Gb Free Space | 14,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-D04C4A7CBD Current User Name: użytkownik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programy\Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Programy\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color="#e56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service -- (Kerio Technologies) "D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies) "D:\Programy\BitSpirit\BitSpirit.exe" = D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client -- (LANSPIRIT.NET) [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1DED92A7-05FA-4736-8AEA-1BE2363F1045}" = Nero 7 Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1 "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "3D Driving-School" = 3D Driving-School "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "ASUS Probe V2.19.07" = ASUS Probe V2.19.07 "ATI Display Driver" = ATI Display Driver "avast5" = avast! Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "EAGLE 4.16r2" = EAGLE 4.16r2 "HD Tune_is1" = HD Tune 2.55 "HijackThis" = HijackThis 2.0.2 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nokia PC Suite" = Nokia PC Suite "NVIDIAnForce" = Sterowniki NVIDIA nForce dla Windows 2000/XP "ots24.net_is1" = TIBIA 7.92 OTS24.NET "Prince of Persia Sands of Time_is1" = Prince of Persia Sands of Time "RealAlt_is1" = Real Alternative 2.0.1 Lite "Soldat_is1" = Soldat 1.5.0 "SSUtils" = NVIDIA nForce Utilities "Tiberia Client" = Tiberia Client "TibiaServer v2.30" = TibiaServer v2.30 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WlatcyMoch_is1" = WlatcyMoch "Włatcy Móch - Olimpiada Podwórkowa_is1" = Włatcy Móch - Olimpiada Podwórkowa "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 [color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-682003330-583907252-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-05-21 04:37:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-22 05:22:09 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-22 11:11:16 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = Error - 2010-05-23 03:55:25 | Computer Name = HOME-D04C4A7CBD | Source = Google Update | ID = 20 Description = [ System Events ] Error - 2010-05-25 16:08:07 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-25 16:09:35 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Si3112 Error - 2010-05-26 04:17:50 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-26 07:39:58 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-05-26 07:41:27 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-26 07:41:27 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Si3112 Error - 2010-05-26 07:43:30 | Computer Name = HOME-D04C4A7CBD | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-05-26 07:45:04 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2010-05-26 07:45:04 | Computer Name = HOME-D04C4A7CBD | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Si3112 < End of report > [/log] Podsumowując opcja pokaż ukryte pliki i folder działa poprawnia, pokazuje rozszeżenia. Działa jakby trochę lepiej, ale wolę miec pewność, że log jest czysty [i] [/i]
Tomek01 komentarz 26 maja 2010 komentarz 26 maja 2010 Więc jesli chodzi o Avenger'a to: Error: file "vgyn6ewc.exe" not found! Ale: Deletion of file "vgyn6ewc.exe" failed! Tak więc jest czysto. W OTL użyj opcji Clean Up. 1
antos komentarz 26 maja 2010 Autor komentarz 26 maja 2010 Ok dzięki. Ale nurtuje mnie to, że te dwa pliki są ciągle widoczne na dysku D: Nie wiem jak to się ma do ich obecności, ale ciągle tam są. Pliki widmo
antos komentarz 26 maja 2010 Autor komentarz 26 maja 2010 Proszę bardzo. [log] Logfile of random's system information tool 1.07 (written by random/random) Run by użytkownik at 2010-05-26 23:34:08 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 1 GB (24%) free of 6 GB Total RAM: 255 MB (16% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:34:33, on 2010-05-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\Avast\AvastSvc.exe D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe D:\Programy\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe D:\Programy\Firefox\firefox.exe D:\Programy\WapSter AQQ\AQQ.exe C:\Documents and Settings\użytkownik\Pulpit\Programy\RSIT.exe C:\Program Files\trend micro\użytkownik.exe O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\java\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] "D:\Programy\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\PCSUITE\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CS2\Services\Tcpip\..\{08185C5C-B3E8-4071-9E8E-924AEA3A5DA5}: NameServer = 194.204.159.1 194.204.152.34 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\AvastSvc.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 3507 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-583907252-1417001333-1003Core.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Programy\java\bin\jp2ssv.dll [2010-03-30 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=D:\Programy\Avast\avastUI.exe [2010-01-19 2743104] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoFavoritesMenu"=1 "NoSMHelp"=1 "NoDriveAutoRun"=0xFFFFFFFF "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service" "D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Programy\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "D:\Programy\BitSpirit\BitSpirit.exe"="D:\Programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-05-26 13:43:00 ----A---- C:\avenger.txt 2010-05-26 13:39:28 ----A---- C:\avenger1.txt 2010-05-25 21:08:30 ----D---- C:\Program Files\trend micro 2010-05-25 21:08:25 ----D---- C:\rsit 2010-05-25 20:50:53 ----D---- C:\Avenger 2010-05-13 15:10:19 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\Tibia ======List of files/folders modified in the last 1 months====== 2010-05-26 13:44:04 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-26 13:43:01 ----D---- C:\WINDOWS\system32\drivers 2010-05-26 13:43:01 ----D---- C:\WINDOWS 2010-05-26 13:39:29 ----RD---- C:\Program Files 2010-05-26 11:15:30 ----D---- C:\WINDOWS\Temp 2010-05-25 22:07:57 ----D---- C:\WINDOWS\Minidump 2010-05-25 20:50:53 ----D---- C:\WINDOWS\system32 2010-05-25 20:42:43 ----A---- C:\WINDOWS\ntbtlog.txt 2010-05-22 22:53:22 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-20 11:11:21 ----SD---- C:\WINDOWS\Tasks 2010-05-17 14:28:04 ----D---- C:\Documents and Settings\użytkownik\Dane aplikacji\foobar2000 2010-05-06 13:02:31 ----SHD---- C:\WINDOWS\Installer 2010-05-04 14:36:22 ----D---- C:\Program Files\NAPI-PROJEKT 2010-05-03 22:30:07 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240] R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 262144] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/10 12:10:32]; \??\D:\Programy\powerdvd10\PowerDVD10\NavFilter\000.fcl [] R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304] R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056] R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007] S3 aiy4j82d;aiy4j82d; C:\WINDOWS\system32\drivers\aiy4j82d.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-02 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696] R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] R2 KPF4;Kerio Personal Firewall 4; D:\Programy\Kerio\Personal Firewall 4\kpf4ss.exe [2004-10-27 1912832] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\AvastSvc.exe [2010-01-19 40384] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800] -----------------EOF----------------- [/log]
Tomek01 komentarz 27 maja 2010 komentarz 27 maja 2010 (edytowane) Teraz patrzę, mała pomyłka, ale robiłem to późno i byłem po całym dniu pracy. Przepraszam. Wklej do Avenger'a: [code]Files to delete: C:\i8ikdjwt.exe C:\vgyn6ewc.exe D:\i8ikdjwt.exe D:\vgyn6ewc.exe[/code] execute... Raport z Avenger'a poproszę. Co do BSOD'u. W katalogu C:\Windows\Minidump powstają zrzuty pamięci o rozszerzeniu .dmp Obrób ostatni Bsod (data jest w nazwie pliku), Windows Debbuger'em i wynik wrzuć na forum. W zakladce Files\Symbols file path, wstaw SRV*c:\symbols*http://msdl.microsoft.com/download/symbols , następnie Open Crash Dump i dalej już samo się zrobi 1
antos komentarz 27 maja 2010 Autor komentarz 27 maja 2010 Co tylko zechcesz. [log] Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\i8ikdjwt.exe" not found! Deletion of file "C:\i8ikdjwt.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\vgyn6ewc.exe" not found! Deletion of file "C:\vgyn6ewc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\i8ikdjwt.exe" not found! Deletion of file "C:\i8ikdjwt.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\vgyn6ewc.exe" not found! Deletion of file "C:\vgyn6ewc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "D:\i8ikdjwt.exe" deleted successfully. File "D:\vgyn6ewc.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. [/log] [log] Microsoft ® Windows Debugger Version 6.11.0001.404 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\Minidump\Mini052510-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible Product: WinNt Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055b1c0 Debug session time: Tue May 25 22:03:11.406 2010 (GMT+2) System Uptime: 0 days 0:00:26.015 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C000021A, {e15e9d40, 402, 0, 0} *** WARNING: Unable to verify timestamp for mssmbios.sys *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys ***** Kernel symbols are WRONG. Please fix symbols to do analysis. unable to get nt!KiCurrentEtwBufferOffset unable to get nt!KiCurrentEtwBufferBase ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Probably caused by : ntoskrnl.exe ( nt+5c80e ) Followup: MachineOwner --------- [/log] Pliki z dysku D zniknęły.
Tomek01 komentarz 27 maja 2010 komentarz 27 maja 2010 No to teraz jest czysto. W OTL użyj opcji Clean Up. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.