xad utworzono 23 maja 2010 utworzono 23 maja 2010 Witam, od kilku dni pojawia mi się następujący komunikat: Exception Processing Message c0000013 Parameters 75b3bf7c 4 75b3bf7c 75b3bf7c; [URL=http://img245.imageshack.us/i/excep.png/][IMG]http://img245.imageshack.us/img245/1492/excep.png[/IMG][/URL] Po kliknięciu kilka razy na "Anuluj" okienko wyłącza się, lecz po kilku minutach znowu wraca, jest to bardzo uciążliwe. [log]C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.215.123.44:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Pomocnik rejestrowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] rem "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] rem "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] rem "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] rem "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [BrMfcWnd] rem C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] rem C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Kuba\USTAWI~1\Temp\olhrwef.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O24 - Desktop Component 0: (no name) - http://www.runescape.com/a=12/img/main/kbase/downloads_and_wallpapers/wallpaper_barrows/Barrows_Brothers_1280x1024.jpg -- End of file - 7821 bytes [/log] Proszę o pomoc
genesis komentarz 23 maja 2010 komentarz 23 maja 2010 (edytowane) Hmm.. Prawdopodobnie masz Sality. Jest to infekcja której można się pozbyć tylko poprze format wszystkich partycji. Ale spróbuj zastosować się do tego: [url="http://support.kaspersky.com/pl/faq/?qid=208279886"]http://support.kaspe.../?qid=208279886[/url] Format samej partycji C nie wystarczy, bo pliki wykonywalne masz na każdej partycji. Pozdrawiam. [color="#ff0000"] //ostrzegałem Cię kilka razy, może 14 dni wakacji Cię otrzeźwi //nie znasz się a się wypowiadasz //+20% i 14 dni odpoczynku //dan[/color]
Sohei komentarz 23 maja 2010 komentarz 23 maja 2010 (edytowane) Do cholery!! gdzie ty tu widzisz sterownik sality?? I po cholere dajesz rady odrazu z formatem... Do autora wątku zapoznaj sie z bosługą combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Pobierz go i odapl. Jest tutaj dość poważna infekcja Do UP O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs tutaj masz infekcje. I nie ma ona za duzo z sliaty powiazan Do tego do autora do loga z combofix dolacz jeszcze loga z OTL; ) bedzie mi łatwiej sprawdzac
xad komentarz 23 maja 2010 Autor komentarz 23 maja 2010 ComboFix: [log]ComboFix 10-05-22.03 - Kuba 2010-05-23 15:49:44.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.255.101 [GMT 2:00] Uruchomiony z: c:\documents and settings\Kuba\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\All Users\Menu Start\Programy\Ardamax Keylogger c:\documents and settings\All Users\Menu Start\Programy\Ardamax Keylogger\Help.lnk c:\documents and settings\Kuba\Dane aplikacji\.# c:\documents and settings\Kuba\Dane aplikacji\Microsoft\HTML Help\hh.dat c:\documents and settings\Kuba\Ustawienia lokalne\Temporary Internet Files\susp_20091205150518-007C7751.aup c:\documents and settings\Kuba\Ustawienia lokalne\Temporary Internet Files\susp_20091205192800-0002E22B.aup c:\documents and settings\Kuba\Ustawienia lokalne\Temporary Internet Files\susp_20091205193155-00067885.aup C:\MS32DLL.dll.vbs c:\program files\HTV c:\program files\HTV\akv.cfg c:\program files\HTV\htv.001 c:\program files\HTV\HTV.002 c:\program files\HTV\HTV.005 c:\program files\HTV\HTV.006 c:\program files\HTV\HTV.009 c:\program files\HTV\HTV.chm c:\program files\HTV\menu.gif c:\program files\HTV\qs.html c:\program files\HTV\tray.gif c:\program files\HTV\Uninstall.exe C:\Q1ALX.EXE c:\windows\MS32DLL.dll.vbs c:\windows\system32\Vb40032.dll D:\Autorun.inf D:\MS32DLL.dll.vbs D:\q1alx.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Pliki utworzone od 2010-04-23 do 2010-05-23 ))))))))))))))))))))))))))))))) . 2010-05-23 13:41 . 2010-05-23 13:41 396288 ----a-w- c:\windows\system32\CF24227.exe 2010-05-21 14:25 . 2010-05-21 14:25 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\Apple Computer 2010-05-21 14:13 . 2010-05-21 14:14 -------- d-----w- c:\program files\QuickTime 2010-05-21 14:13 . 2010-05-21 14:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-05-21 14:12 . 2010-05-21 14:12 -------- d-----w- c:\program files\Common Files\Apple 2010-05-21 14:11 . 2010-05-21 14:11 -------- d-----w- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple 2010-05-21 14:11 . 2010-05-21 14:11 -------- d-----w- c:\program files\Apple Software Update 2010-05-21 14:11 . 2010-05-21 14:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple 2010-05-21 14:10 . 2010-05-21 14:10 -------- d-----w- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple Computer 2010-05-17 13:58 . 2010-05-17 13:58 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-05-17 13:57 . 2010-05-17 13:57 -------- d-----w- c:\program files\Microsoft.NET 2010-05-17 13:57 . 2010-05-17 13:57 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-05-17 13:57 . 2010-05-17 13:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-05-17 13:57 . 2010-05-17 13:57 -------- d-----w- c:\documents and settings\All Users\Microsoft 2010-05-17 13:54 . 2010-05-17 13:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-05-17 13:50 . 2010-05-17 13:50 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-05-17 13:47 . 2010-05-17 13:47 -------- d-----r- C:\MSOCache 2010-05-16 19:57 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-05-16 19:57 . 2009-10-15 16:33 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-16 19:57 . 2009-10-15 16:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-16 19:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-05-16 19:57 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-05-16 19:57 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-05-16 19:56 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys 2010-05-16 19:56 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2010-05-16 19:54 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-16 19:54 . 2010-02-17 12:09 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-05-16 19:54 . 2009-03-06 14:22 285696 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-16 19:54 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-16 19:54 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-16 19:54 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-16 19:54 . 2009-02-09 10:53 686592 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-16 19:54 . 2009-06-25 08:27 732160 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-05-16 19:54 . 2009-02-09 10:53 722944 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-16 19:54 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-16 19:54 . 2010-02-16 19:09 2147840 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-05-16 19:54 . 2010-02-16 19:09 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-05-16 19:52 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-16 19:47 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-05-14 09:31 . 2008-04-13 20:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys 2010-05-14 09:31 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2010-05-11 15:45 . 2010-05-11 15:45 -------- d-----w- c:\program files\Hair Pro 2010 Trial 2010-05-04 19:29 . 2010-05-04 19:29 -------- d-----w- C:\downloads 2010-05-04 09:40 . 2010-05-04 09:40 -------- d-----w- c:\program files\Yaldex Software . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 11:57 . 2009-07-12 14:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 19:07 . 2010-04-01 10:20 -------- d-----w- c:\program files\JDownloader 2010-05-21 14:24 . 2008-04-27 19:19 75160 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-05-18 18:56 . 2008-09-24 15:46 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu 2010-05-18 11:31 . 2003-04-16 12:00 85136 ----a-w- c:\windows\system32\perfc015.dat 2010-05-18 11:31 . 2003-04-16 12:00 493976 ----a-w- c:\windows\system32\perfh015.dat 2010-05-17 14:08 . 2007-11-08 17:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-05-17 14:00 . 2007-11-08 17:15 -------- d-----w- c:\program files\MSBuild 2010-05-14 09:41 . 2007-10-08 11:53 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2010-05-14 06:02 . 2008-12-30 21:27 -------- d-----w- c:\program files\Free Music Zilla 2010-05-04 11:24 . 2008-05-13 12:35 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\gtk-2.0 2010-05-04 09:39 . 2010-02-06 10:23 -------- d-----w- c:\program files\IrfanView 2010-05-04 09:39 . 2010-02-27 09:59 -------- d-----w- c:\program files\Soldat 2010-05-04 09:39 . 2009-01-22 21:07 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-05-04 09:39 . 2008-08-08 07:27 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\uTorrent 2010-05-04 09:39 . 2010-02-23 08:48 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\Winamp 2010-05-02 12:34 . 2009-05-01 13:46 -------- d-----w- c:\program files\Opera 2010-04-29 13:39 . 2009-07-12 14:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-07-12 14:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 15:39 . 2007-11-23 21:42 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\AdobeUM 2010-04-07 16:56 . 2010-04-07 16:52 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\PSpad 2010-04-06 10:55 . 2009-04-24 10:20 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\Hamachi 2010-04-04 14:10 . 2010-04-04 14:10 -------- d-----w- c:\program files\Common Files\SWF Studio 2010-04-01 18:54 . 2010-04-01 18:54 -------- d-----w- c:\program files\ffdshow 2010-03-25 15:29 . 2010-03-25 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-03-25 15:06 . 2010-03-25 15:06 -------- d-----w- c:\documents and settings\Kuba\Dane aplikacji\OpenFM 2010-03-22 16:31 . 2008-07-01 15:08 41 ----a-w- c:\documents and settings\Kuba\jagex_runescape_preferences.dat 2010-03-22 16:31 . 2009-09-02 15:22 69 ----a-w- c:\documents and settings\Kuba\jagex_runescape_preferences2.dat 2010-03-11 16:27 . 2009-06-18 13:01 118784 ----a-w- c:\documents and settings\Kuba\Dane aplikacji\Soldat\Battleye\BEServer.dll 2010-02-27 09:17 . 2008-09-23 05:42 179 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\uninst2.bat 2010-02-27 09:17 . 2010-02-27 09:17 683801 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\UninstWMP\unins000.exe 2010-02-27 09:17 . 2008-09-23 05:42 683801 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\UninstWA\unins000.exe 2010-02-24 13:11 . 2003-04-16 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-03-24 18:49 . 2008-08-01 18:42 88 --sh--r- c:\windows\system32\35BED777D0.sys 2008-08-01 18:45 . 2008-08-01 18:45 8 --sh--r- c:\windows\system32\CD6B4D2B66.sys 2009-03-24 18:49 . 2008-08-01 18:35 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2010-02-28 00:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="rem" [X] "SSBkgdUpdate"="rem" [X] "PaperPort PTD"="rem" [X] "IndexSearch"="rem" [X] "BrMfcWnd"="rem" [X] "ControlCenter3"="rem" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-10-8 589824] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] rem [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] rem [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-12-28 12:14 135664 ----atw- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] 2009-08-31 16:07 11391592 ----a-w- d:\program files\Nowe Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Counter-Strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Soldat\\Soldat.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-14 717296] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-05-12 4096] S0 tdaejxnh;tdaejxnh;c:\windows\system32\drivers\ppmi.sys --> c:\windows\system32\drivers\ppmi.sys [?] S3 KS-959;MA-620 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-11-28 19034] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . Zawartość folderu 'Zaplanowane zadania' 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004Core.job - c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-12-28 12:14] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004UA.job - c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-12-28 12:14] 2010-05-11 c:\windows\Tasks\Norton Security Scan for Kuba.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-03 11:50] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://fmz.qiwa.com uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = 168.215.123.44:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\ FF - prefs.js: browser.startup.homepage - google.pl FF - plugin: c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll FF - plugin: c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll FF - plugin: c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS70.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dll FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - USUNIĘTO PUSTE WPISY - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe AddRemove-Icy Tower v1.3.1_is1 - c:\games\icytower1.3\unins000.exe AddRemove-Icy Tower v1.4_is1 - c:\games\icytower1.4\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 16:02 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbb.sys >>UNKNOWN [0x82167938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf9858f28 \Driver\ACPI -> ACPI.sys @ 0xf96b2cb8 \Driver\atapi -> atapi.sys @ 0xf966db40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: Ralink Turbo Wireless LAN Card -> SendCompleteHandler -> NDIS.sys @ 0xf9565b0a PacketIndicateHandler -> NDIS.sys @ 0xf9552a0d SendHandler -> NDIS.sys @ 0xf9566b40 user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2296) c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~2\Office14\1045\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\PSIService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe . ************************************************************************** . Czas ukończenia: 2010-05-23 16:11:27 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-05-23 14:11 Przed: 5,340,745,728 bajtów wolnych Po: 5,455,200,256 bajtów wolnych - - End Of File - - 24157CF0CF1BE22D31C298560DA1BE53 [/log] OTL: [log] OTL logfile created on: 2010-05-23 16:23:22 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Kuba\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18241) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 255.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 23.00% Memory free 428.00 Mb Paging File | 163.00 Mb Available in Paging File | 38.00% Paging File free Paging file location(s): C:\pagefile.sys 192 384 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18.63 Gb Total Space | 5.10 Gb Free Space | 27.36% Space Free | Partition Type: NTFS Drive D: | 18.64 Gb Total Space | 0.39 Gb Free Space | 2.07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KUBA-KOMP Current User Name: Kuba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-05-23 16:19:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\OTL.exe PRC - [2010-04-06 19:09:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009-03-30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [mi] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:32 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-06-05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006-10-22 12:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005-11-09 16:54:00 | 000,589,824 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-05-23 16:19:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\OTL.exe MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 22:29:10 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (odserv) SRV - File not found [On_Demand | Stopped] -- -- (Microsoft Office Groove Audit Service) SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2007-06-05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2009-04-24 12:19:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-14 14:06:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-11-19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2008-05-12 14:48:32 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-11-07 10:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex) DRV - [2006-11-07 10:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM) DRV - [2006-11-07 10:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm) DRV - [2006-11-07 10:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl) DRV - [2006-11-07 10:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM) DRV - [2006-10-22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-10-27 15:06:00 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2005-10-22 10:06:26 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959) DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001-08-17 22:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001-08-17 22:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001-08-17 22:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001-08-17 22:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone) DRV - [2001-08-17 22:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001-08-17 22:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001-08-17 22:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001-08-17 22:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001-08-17 22:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001-08-17 22:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) DRV - [2001-08-17 21:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com IE - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 168.215.123.44:8080 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-21 16:14:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-21 16:14:54 | 000,000,000 | ---D | M] [2009-10-20 08:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions [2010-05-23 15:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\extensions [2009-10-20 10:56:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-01-23 23:24:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2009-10-20 09:02:12 | 000,002,934 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\searchplugins\ninwiki-english.xml [2009-11-20 22:00:54 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\searchplugins\nonsensopedia-pl.xml [2009-10-20 09:01:28 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\searchplugins\runescape-wiki-en.xml [2009-10-20 09:03:01 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\b7ww678e.default\searchplugins\wikipedia-en.xml [2010-01-23 23:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-04-14 22:24:11 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009-02-03 17:35:38 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2009-01-28 20:46:54 | 000,307,200 | ---- | M] (ESKA) -- C:\Program Files\Mozilla Firefox\plugins\npOggX.dll [2008-06-24 19:06:28 | 000,550,392 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS70.dll [2008-06-24 19:06:38 | 000,546,296 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS90.dll [2008-06-24 19:04:54 | 000,636,400 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2008-06-24 19:07:20 | 000,587,280 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll [2010-01-21 21:59:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-21 21:59:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-21 21:59:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-21 21:59:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-21 21:59:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-21 21:59:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-23 16:02:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrMfcWnd] File not found O4 - HKLM..\Run: [ControlCenter3] File not found O4 - HKLM..\Run: [IndexSearch] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] File not found O4 - HKLM..\Run: [SSBkgdUpdate] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O15 - HKU\S-1-5-21-448539723-1060284298-1819665683-1004\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://www.runescape.com/a=12/img/main/kbase/downloads_and_wallpapers/wallpaper_barrows/Barrows_Brothers_1280x1024.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-10-08 13:54:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-10-08 13:53:48 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: [b]HPDJ Taskbar Utility[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Nowe Gadu-Gadu[/b] - hkey= - key= - D:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) MsConfig - StartUpReg: [b]Sony Ericsson PC Suite[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-05-23 16:19:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\OTL.exe [2010-05-23 16:11:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-05-23 15:44:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-05-23 15:44:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-05-23 15:44:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-05-23 15:44:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-05-23 15:41:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-05-21 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Apple Computer [2010-05-21 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010-05-21 16:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2010-05-21 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010-05-21 16:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple [2010-05-21 16:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010-05-21 16:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2010-05-21 16:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Apple Computer [2010-05-18 13:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Pliki programu Outlook [2010-05-17 15:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2010-05-17 15:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010-05-17 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-05-17 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010-05-17 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010-05-17 15:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft [2010-05-17 15:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2010-05-17 15:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2010-05-17 15:47:58 | 000,000,000 | R--D | C] -- C:\MSOCache [2010-05-14 11:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010-05-14 11:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010-05-14 11:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2010-05-14 11:38:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010-05-14 11:31:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010-05-14 11:23:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-05-11 17:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hair Pro 2010 Trial [2010-05-04 21:29:51 | 000,000,000 | ---D | C] -- C:\downloads [2010-05-04 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Yaldex Software [2010-04-09 10:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Kody [2010-04-07 18:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Kolory [2010-04-07 18:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\PSpad [2010-04-07 18:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Notepad2 [2010-04-04 16:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2010-04-01 20:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2010-04-01 20:26:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010-04-01 13:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\WinRAR [2010-04-01 12:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2010-03-25 17:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-25 17:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\OpenFM [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-05-23 16:29:19 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004UA.job [2010-05-23 16:19:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\OTL.exe [2010-05-23 16:02:41 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-05-23 16:02:30 | 000,000,252 | ---- | M] () -- C:\WINDOWS\system.ini [2010-05-23 16:02:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-05-23 16:02:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-05-23 16:02:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-05-23 16:01:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-05-23 16:01:55 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err [2010-05-23 16:01:53 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2010-05-23 16:00:45 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Kuba\ntuser.dat [2010-05-23 16:00:45 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini [2010-05-23 15:42:30 | 003,693,870 | R--- | M] () -- C:\Documents and Settings\Kuba\Pulpit\ComboFix.exe [2010-05-23 14:29:04 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004Core.job [2010-05-21 22:22:07 | 002,646,282 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-05-21 16:24:57 | 000,075,160 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT [2010-05-21 16:14:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2010-05-21 15:55:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-19 21:48:55 | 000,000,919 | ---- | M] () -- C:\WINDOWS\win.ini [2010-05-19 21:48:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-05-18 18:59:17 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft Excel 2010.lnk [2010-05-18 18:59:00 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft PowerPoint 2010.lnk [2010-05-18 17:09:00 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft Word 2010.lnk [2010-05-18 17:07:56 | 002,135,275 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Jerzy Popiełuszko.docx [2010-05-18 13:31:53 | 001,096,320 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-05-18 13:31:53 | 000,493,976 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-05-18 13:31:53 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-05-18 13:31:53 | 000,085,136 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-05-18 13:31:53 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-05-17 16:16:40 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-05-17 15:38:09 | 000,001,220 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Zdjęcia.lnk [2010-05-17 07:27:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-05-16 21:56:09 | 008,624,410 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\The Space in Between.mp3 [2010-05-14 11:30:44 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-14 08:07:12 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-11 16:43:10 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Kuba.job [2010-05-09 16:50:23 | 000,116,689 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\muza.m3u [2010-05-08 16:13:37 | 000,003,266 | ---- | M] () -- C:\WINDOWS\VPlayer.INI [2010-05-08 16:13:37 | 000,000,091 | ---- | M] () -- C:\WINDOWS\VplayerINI.vpl [2010-05-08 15:29:15 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Vplayer.lnk [2010-05-04 21:29:41 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Free Music Zilla.lnk [2010-05-04 13:25:14 | 000,006,639 | ---- | M] () -- C:\Documents and Settings\Kuba\.recently-used.xbel [2010-05-04 11:41:12 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\1st JavaScript Editor.lnk [2010-05-02 14:34:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-04-29 12:32:43 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Google Chrome.lnk [2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010-04-18 16:41:33 | 000,010,230 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\e mail do joli.docx [2010-04-14 08:31:35 | 000,010,802 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Zaczynając wypowiedź.docx [2010-04-07 18:52:34 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\PSPad.lnk [2010-04-01 12:20:36 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\JDownloader.lnk [2010-03-28 21:37:34 | 005,563,565 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\PREZENTACJA - MONIKA.pptx [2010-03-24 22:03:06 | 007,197,184 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Cez.ppt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-05-23 15:44:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-05-23 15:44:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-05-23 15:44:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-05-23 15:44:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-05-21 16:14:12 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk [2010-05-18 18:59:17 | 000,002,505 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft Excel 2010.lnk [2010-05-18 18:59:00 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft PowerPoint 2010.lnk [2010-05-18 18:57:34 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys [2010-05-18 17:07:53 | 002,135,275 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Jerzy Popiełuszko.docx [2010-05-17 16:11:10 | 000,002,499 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Microsoft Word 2010.lnk [2010-05-17 15:37:16 | 000,001,220 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Zdjęcia.lnk [2010-05-16 21:53:53 | 008,624,410 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\The Space in Between.mp3 [2010-05-13 08:21:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-05-09 16:50:23 | 000,116,689 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\muza.m3u [2010-05-07 15:37:43 | 000,000,091 | ---- | C] () -- C:\WINDOWS\VplayerINI.vpl [2010-05-04 21:29:41 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Free Music Zilla.lnk [2010-05-04 13:25:14 | 000,006,639 | ---- | C] () -- C:\Documents and Settings\Kuba\.recently-used.xbel [2010-05-04 11:55:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\bbcap.err [2010-05-04 11:41:12 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\1st JavaScript Editor.lnk [2010-04-18 16:41:31 | 000,010,230 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\e mail do joli.docx [2010-04-14 08:31:30 | 000,010,802 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Zaczynając wypowiedź.docx [2010-04-07 18:52:34 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\PSPad.lnk [2010-04-01 12:20:36 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\JDownloader.lnk [2010-03-28 21:37:24 | 005,563,565 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\PREZENTACJA - MONIKA.pptx [2010-03-24 20:06:59 | 007,197,184 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Cez.ppt [2010-02-23 20:55:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-23 20:55:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-02-23 20:55:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-23 20:55:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-23 20:55:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-23 20:55:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-10-22 22:27:13 | 000,000,155 | ---- | C] () -- C:\WINDOWS\mistrz.ini [2009-07-04 11:24:45 | 000,000,471 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-07-04 11:21:48 | 000,001,451 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-22 23:06:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2009-01-22 23:06:41 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009-01-22 23:06:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-01-22 23:06:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-01-22 23:06:19 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-01-14 14:06:07 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-09-08 18:00:36 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008-09-08 18:00:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008-09-08 17:50:10 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008-08-07 21:01:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini [2008-08-01 20:45:23 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\CD6B4D2B66.sys [2008-08-01 20:42:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\35BED777D0.sys [2008-08-01 20:35:05 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008-07-04 21:29:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-05-17 14:03:46 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll [2008-05-17 14:03:46 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll [2008-05-17 14:03:46 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008-05-09 13:03:56 | 000,000,174 | ---- | C] () -- C:\WINDOWS\ete40.ini [2008-01-29 18:37:35 | 000,003,266 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2007-11-23 23:29:27 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI [2007-11-23 23:29:27 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini [2007-11-23 23:29:27 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI [2007-11-10 11:17:37 | 000,004,376 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2007-10-08 14:06:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll [2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-04-19 16:19:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [color=#E56717]========== LOP Check ==========[/color] [2009-06-13 09:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Apowersoft [2009-01-14 14:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-11-22 13:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\E346 [2008-09-23 07:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2008-05-12 14:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LogSys [2010-03-25 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2008-11-04 22:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2008-08-05 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2008-02-02 15:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SwiftKit [2008-06-11 16:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SwiftSwitch [2007-12-24 23:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca [2009-09-07 20:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-06-28 18:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Any Video Converter [2009-12-05 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\ArcaMicroScan [2009-12-05 15:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\ArcaVirMicroScan [2009-01-22 22:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\BESTplayer [2008-05-12 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Blueberry [2009-01-14 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools [2009-01-14 14:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools Lite [2009-01-14 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools Pro [2009-12-22 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dev-Cpp [2008-12-30 23:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FMZilla [2009-04-14 22:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Foxit [2007-10-08 14:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu [2010-03-20 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\GanymedeNet [2010-05-04 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\gtk-2.0 [2009-10-31 11:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\iPodder [2008-05-12 14:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\LogSys [2010-02-15 19:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mikrotik [2007-11-28 19:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\MobileAction [2009-06-09 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Noth2 [2010-05-18 20:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu [2010-03-25 17:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\OpenFM [2009-05-01 15:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Opera [2009-10-24 13:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Perfect Screen Ruler [2008-08-05 12:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Publish Providers [2007-12-01 12:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Soldat [2008-09-04 15:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Sony [2008-08-05 11:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Sony Setup [2007-12-24 23:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Teleca [2010-05-04 11:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\uTorrent [2010-02-06 12:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\VSO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2007-10-08 13:54:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-05-19 21:48:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2003-04-16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-05-23 16:11:28 | 000,021,306 | ---- | M] () -- C:\ComboFix.txt [2007-10-08 13:54:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-12-13 21:54:40 | 000,000,766 | ---- | M] () -- C:\CrossHair.ico [2009-02-15 17:01:48 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt [2010-05-23 16:01:53 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys [2007-10-08 13:54:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-12-01 12:06:15 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2007-10-08 13:54:28 | 000,000,000 | -HS- | M] () -- C:\MSDOS.SYS [2007-11-08 18:26:19 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-05-14 11:30:44 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-05-23 16:01:51 | 201,326,592 | -HS- | M] () -- C:\pagefile.sys [2004-03-19 09:17:00 | 000,204,955 | ---- | M] () -- C:\pngcrush.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003-04-16 14:00:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys [2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2003-04-16 14:00:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004-08-04 01:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 01:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 < End of report > [/log]
Sohei komentarz 23 maja 2010 komentarz 23 maja 2010 ComboFix znakomicie wyczyscil inefkce w tym przypadku:) Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url] Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url] Co znajda usun po czym daj logi z usuwania + nowy log OTL
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.