futro999 utworzono 14 czerwca 2010 utworzono 14 czerwca 2010 (edytowane) Witam serdecznie! Mam na dysku Trojan PWS Wsgame 13295. Próbowałem usunąć go Dr.Web ale po restarcie systemu wirus mimo wszystko się odnawia. Chcę się pozbyć paskudy bo komp mi przez to chrupie, lecz nie wiem do końca jak się za to zabrać. Proszę o pomoc specjalistę, który się na tym zna. Pozdrawiam [log]OTL logfile created on: 2010-06-14 10:14:58 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 202,00 Mb Available Physical Memory | 20,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting 1536 3072 end_of_the_skype_highlighting [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 6,61 Gb Free Space | 33,86% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FUTREK-80A69FE1 Current User Name: nazwa Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe PRC - [2010-05-20 12:10:09 | 001,973,000 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\drweb32w.exe PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-24 20:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe PRC - [2010-03-09 11:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2010-03-09 11:02:14 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2010-03-04 16:22:17 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007-05-15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009-07-11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-15 14:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-15 14:00:00 | 001,104,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-15 14:00:00 | 000,668,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2008-04-15 14:00:00 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2008-04-15 14:00:00 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-15 14:00:00 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-15 14:00:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-15 14:00:00 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-15 14:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-15 14:00:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2008-04-15 14:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-15 14:00:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-15 14:00:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-15 14:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-15 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-15 14:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2008-04-15 14:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-15 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2008-04-15 14:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2008-04-15 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-15 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-15 14:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2007-05-14 15:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2006-10-27 01:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll MOD - [2006-10-27 01:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll MOD - [2006-10-27 01:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll MOD - [2006-10-27 01:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine) SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Running] -- -- (PxHelp20) DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF) DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF) DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt) DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3) DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC) DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: raf@down:0.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions [2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions [2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download [2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down [2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml [2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX [2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX [2010-06-12 19:16:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent [2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu [2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup [2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys [2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-06-03 17:01:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nazwa\UserData [2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data [2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine [2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web [2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb [2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202 [2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player [2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache [2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza [2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo [2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech [2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings [2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio [2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska [2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-06-14 10:09:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-13 15:24:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-13 15:24:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-13 15:24:13 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini [2010-06-13 15:24:12 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT [2010-06-12 19:16:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml [2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg [2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [color=#E56717]========== LOP Check ==========[/color] [2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-13 15:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite [2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0 [2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job [2010-06-14 10:09:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt [2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-06-13 15:24:51 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log]
Tomek01 komentarz 14 czerwca 2010 komentarz 14 czerwca 2010 Załącz jeszcze log RSIT. W jakiej ścieżce jest wykrywany wirus ? Może masz raport z DrWeb'a ? 1
futro999 komentarz 14 czerwca 2010 Autor komentarz 14 czerwca 2010 [quote name='Tomek01' date='14 czerwiec 2010 - 17:32' timestamp='1276533281' post='1036209'] Załącz jeszcze log RSIT. W jakiej ścieżce jest wykrywany wirus ? Może masz raport z DrWeb'a ? [/quote] Witam! Dzięki za szybką odpowiedź. Mam logi z RSITa [log]Logfile of random's system information tool 1.07 (written by random/random) Run by nazwa at 2010-06-14 21:12:30 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 7 GB (33%) free of 20 GB Total RAM: 1022 MB (26% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:13:43, on 2010-06-14 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\frwl_notify.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Auto-Backup\Auto-Backup.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\nazwa.exe C:\Program Files\DrWeb\drweb32w.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe" O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7217 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Dr.Web Daily scan.job C:\WINDOWS\tasks\Dr.Web Update.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-15 35328] "SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360] "Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200] "SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520] "LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu [] "Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dwsh000003D1.SYS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dwsh000003D1.SYS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1932da-62a5-11df-822b-001302a99def}] shell\AutoRun\command - D:\Install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}] shell\AutoRun\command - I:\BEKAM\\\\\\\\\\IGOR.exe shell\explore\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe shell\open\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe ======List of files/folders created in the last 1 months====== 2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro 2010-06-14 21:12:30 ----D---- C:\rsit 2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX 2010-06-13 20:48:13 ----D---- C:\Program Files\DivX 2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX 2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu 2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup 2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup 2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web 2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline 2010-05-31 18:46:09 ----A---- C:\Log.txt 2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine 2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles 2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb 2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web 2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt 2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files 2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB ======List of files/folders modified in the last 1 months====== 2010-06-14 21:13:02 ----D---- C:\WINDOWS\Prefetch 2010-06-14 21:12:36 ----RD---- C:\Program Files 2010-06-14 20:45:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype 2010-06-14 20:23:59 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM 2010-06-14 17:52:14 ----D---- C:\WINDOWS\Temp 2010-06-14 16:48:42 ----D---- C:\WINDOWS 2010-06-14 16:48:31 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-14 16:48:13 ----D---- C:\WINDOWS\system32 2010-06-14 13:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer 2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files 2010-06-13 23:08:28 ----D---- C:\WINDOWS\system32\drivers 2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks 2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf 2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd 2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-31 15:25:05 ----D---- C:\WINDOWS\system32\Restore 2010-05-31 15:25:04 ----SHD---- C:\System Volume Information 2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-15 09:22:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NOS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S3 agukvx1p;agukvx1p; C:\WINDOWS\system32\drivers\agukvx1p.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- [/log] z Dr.WEBa nie mam raportu, ale moge zrobić kolejny skan. Dokładnej ścieżki nie pamiętam, jednak to było chyba w System Volume Information na dysku C i F. Zaraz zrobię skana... Widzisz perspektywy na pozbycie się tego trojana?
Tomek01 komentarz 14 czerwca 2010 komentarz 14 czerwca 2010 Wyłącz na chwilę a następnie włącz przywracanie systemu na wszystkich partycjach. I po trojanie Ale jest pozostałość po infekcji z pendrive'a. Odinstaluj DAEMON Tools Toolbar Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm. Do notatnika systemowego wklej taki tekst, (bez frazy kod): [code]Windows Registry Editor Version 5.00 [ -HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}][/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Załącz nowy log RSIT i OTL. 1
futro999 komentarz 14 czerwca 2010 Autor komentarz 14 czerwca 2010 [quote name='Tomek01' date='14 czerwiec 2010 - 20:55' timestamp='1276545437' post='1036307'] Wyłącz na chwilę a następnie włącz przywracanie systemu na wszystkich partycjach. I po trojanie Ale jest pozostałość po infekcji z pendrive'a. Odinstaluj DAEMON Tools Toolbar Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm. Do notatnika systemowego wklej taki tekst, (bez frazy kod): [code]Windows Registry Editor Version 5.00 [ -HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}][/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Załącz nowy log RSIT i OTL. [/quote] OK zrobiłem wszystko tak jak napisałeś krok po kroku. log z RSIT [log]Logfile of random's system information tool 1.07 (written by random/random) Run by nazwa at 2010-06-14 22:25:30 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 7 GB (35%) free of 20 GB Total RAM: 1022 MB (31% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:25:38, on 2010-06-14 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\frwl_notify.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Auto-Backup\Auto-Backup.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\nazwa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe" O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7116 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Dr.Web Daily scan.job C:\WINDOWS\tasks\Dr.Web Update.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-15 35328] "SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360] "Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200] "SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520] "LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu [] "Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=0xFFFFFFFF [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1932da-62a5-11df-822b-001302a99def}] shell\AutoRun\command - D:\Install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78eeef39-56c5-11df-8212-001302a99def}] shell\AutoRun\command - I:\BEKAM\\\\\\\\\\IGOR.exe shell\explore\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe shell\open\command - I:\BEKAM\\\\\\\\\\\\IGOR.exe ======List of files/folders created in the last 1 months====== 2010-06-14 22:12:45 ----D---- C:\autorun.inf 2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro 2010-06-14 21:12:30 ----D---- C:\rsit 2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX 2010-06-13 20:48:13 ----D---- C:\Program Files\DivX 2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX 2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu 2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup 2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup 2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web 2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline 2010-05-31 18:46:09 ----A---- C:\Log.txt 2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine 2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles 2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb 2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web 2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt 2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files 2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB ======List of files/folders modified in the last 1 months====== 2010-06-14 22:22:20 ----D---- C:\WINDOWS\Prefetch 2010-06-14 22:17:45 ----D---- C:\WINDOWS\Temp 2010-06-14 22:11:20 ----SHD---- C:\System Volume Information 2010-06-14 22:07:27 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-06-14 21:12:36 ----RD---- C:\Program Files 2010-06-14 20:45:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype 2010-06-14 20:23:59 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM 2010-06-14 16:48:42 ----D---- C:\WINDOWS 2010-06-14 16:48:31 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-14 16:48:13 ----D---- C:\WINDOWS\system32 2010-06-14 13:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer 2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files 2010-06-13 23:08:28 ----D---- C:\WINDOWS\system32\drivers 2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks 2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf 2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd 2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-31 15:25:05 ----D---- C:\WINDOWS\system32\Restore 2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-15 09:22:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NOS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S3 agukvx1p;agukvx1p; C:\WINDOWS\system32\drivers\agukvx1p.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- [/log] Log z OTLa [log]OTL logfile created on: 2010-06-14 22:37:05 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 30,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting 1536 3072 end_of_the_skype_highlighting [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 6,94 Gb Free Space | 35,54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FUTREK-80A69FE1 Current User Name: nazwa Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2010-03-04 16:22:17 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-15 14:00:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2008-04-15 14:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007-05-15 00:23:58 | 001,137,664 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2007-05-15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-15 14:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-15 14:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-15 14:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine) SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF) DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF) DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt) DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3) DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC) DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: raf@down:0.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions [2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions [2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download [2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down [2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml [2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-03-04 15:02:20 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: cgehwbve - File not found MsConfig - StartUpReg: [b]ATICCC[/b] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-06-14 22:12:45 | 000,000,000 | ---D | C] -- C:\autorun.inf [2010-06-14 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-06-14 16:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent [2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX [2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX [2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu [2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup [2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys [2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data [2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine [2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web [2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb [2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202 [2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player [2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache [2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza [2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo [2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech [2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings [2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio [2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska [2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-06-14 22:39:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-14 22:20:45 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg [2010-06-14 16:48:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-14 16:48:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-14 16:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-14 13:36:33 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT [2010-06-14 13:36:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini [2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-14 22:20:45 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg [2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml [2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg [2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [color=#E56717]========== LOP Check ==========[/color] [2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-14 16:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite [2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0 [2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job [2010-06-14 22:39:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt [2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-06-14 16:48:13 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log] I jak?
Sohei komentarz 15 czerwca 2010 komentarz 15 czerwca 2010 [code] :OTL O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell - "" = AutoRun O33 - MountPoints2\{2d1932da-62a5-11df-822b-001302a99def}\Shell\AutoRun\command - "" = D:\Install.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\AutoRun\command - "" = I:\BEKAM\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\explore\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found O33 - MountPoints2\{78eeef39-56c5-11df-8212-001302a99def}\Shell\open\command - "" = I:\BEKAM\\\\\\IGOR.exe -- File not found :files D:\Install.exe D:\BEKAM\\\\\IGOR.exe :commands [emptytemp] [reboot][/code] Do OTL i run fix. Potem nowy log z OTL oraz RSIT: ) 1
futro999 komentarz 16 czerwca 2010 Autor komentarz 16 czerwca 2010 Dzięki za zaangażowanie Logi z OTla [log]OTL logfile created on: 2010-06-16 08:14:08 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 345,00 Mb Available Physical Memory | 34,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 begin_of_the_skype_highlighting 1536 3072 end_of_the_skype_highlighting [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 7,23 Gb Free Space | 37,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 24,41 Gb Total Space | 23,13 Gb Free Space | 94,75% Space Free | Partition Type: NTFS Drive F: | 66,43 Gb Total Space | 23,12 Gb Free Space | 34,80% Space Free | Partition Type: NTFS Unable to calculate disk information. H: Drive not present or media not loaded Drive I: | 298,09 Gb Total Space | 91,40 Gb Free Space | 30,66% Space Free | Partition Type: NTFS Computer Name: FUTREK-80A69FE1 Current User Name: nazwa Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-06-03 10:52:20 | 001,541,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe PRC - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe PRC - [2010-04-07 08:07:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-15 14:20:00 | 001,314,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe PRC - [2010-03-15 10:03:22 | 002,600,200 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\frwl_notify.exe PRC - [2010-03-09 11:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2010-03-04 16:22:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2010-03-04 16:22:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-11-24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe PRC - [2009-10-03 05:08:38 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2009-09-08 10:21:24 | 001,400,832 | ---- | M] (Team Solutions) -- C:\Program Files\Auto-Backup\Auto-Backup.exe PRC - [2009-07-01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-15 14:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-04-15 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-15 14:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-15 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007-10-08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007-10-08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-10-08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007-05-14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007-05-10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-05-23 22:59:38 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-03-08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-06-14 01:06:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe MOD - [2008-04-15 14:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008-04-15 14:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-15 14:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-15 14:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-15 14:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-15 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008-04-15 14:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-15 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-03 10:51:44 | 001,504,600 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine) SRV - [2007-10-08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2007-10-08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007-10-08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2007-10-08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\drwebaf.sys -- (DRWEBAF) DRV - [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrWebPF.sys -- (DrWebPF) DRV - [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt) DRV - [2010-04-08 15:54:04 | 000,075,000 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\spiderg3.sys -- (SpiderG3) DRV - [2010-03-05 00:20:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-09-26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2007-08-27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007-05-10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007-02-03 20:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2007-02-03 20:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC) DRV - [2007-02-03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007-02-03 20:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2006-11-15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006-11-14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-05-23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-03-08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005-12-01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005-12-01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005-12-01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005-08-12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: raf@down:0.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 08:07:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-15 09:22:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-03-04 16:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Extensions [2010-06-13 23:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions [2010-03-04 23:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\dave2x@download [2010-03-17 17:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\extensions\raf@down [2010-03-05 00:23:34 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\nazwa\Dane aplikacji\Mozilla\Firefox\Profiles\yijyjycn.default\searchplugins\daemon-search.xml [2010-06-13 20:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-21 01:01:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-03-16 13:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-16 13:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-16 13:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-16 13:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-16 13:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-16 13:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [Auto-Backup] C:\Program Files\Auto-Backup\Auto-Backup.exe (Team Solutions) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-789336058-329068152-1417001333-1003..\Run: [LogitechSetup] G:\Setup\Setup.exe File not found O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-789336058-329068152-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.2.2 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-14 22:12:45 | 000,000,000 | ---D | M] - I:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-03-04 15:02:20 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: cgehwbve - File not found MsConfig - StartUpReg: [b]ATICCC[/b] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-06-16 08:09:03 | 000,000,000 | ---D | C] -- C:\_OTL [2010-06-15 15:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2010-06-15 13:53:06 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-06-15 13:53:06 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-06-15 13:53:05 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010-06-15 13:53:05 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010-06-15 13:53:04 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010-06-15 13:53:04 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-06-15 13:53:03 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010-06-15 13:53:02 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-06-15 13:53:02 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-06-15 13:53:02 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-06-15 13:52:56 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-06-15 13:52:44 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-06-14 22:12:45 | 000,000,000 | ---D | C] -- C:\autorun.inf [2010-06-14 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-06-14 16:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nazwa\Recent [2010-06-13 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\DivX [2010-06-13 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010-06-13 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DivX [2010-06-04 21:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-06-04 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Gadu-Gadu [2010-06-04 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2010-06-04 17:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-06-04 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Backup [2010-06-04 13:09:59 | 000,119,288 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [2010-06-04 13:09:56 | 000,075,000 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\spiderg3.sys [2010-06-04 13:09:43 | 000,072,184 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-04 13:09:41 | 000,083,064 | ---- | C] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-06-03 17:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-05-30 20:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Application Data [2010-05-25 21:44:35 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine [2010-05-22 22:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb [2010-05-20 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web [2010-05-20 22:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\DoctorWeb [2010-05-18 19:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-05-18 19:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SupportAppCB [2010-05-14 23:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CASHFLOW 202 [2010-05-11 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\RMVB Player [2010-05-08 22:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\cache [2010-05-08 22:08:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010-05-08 22:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-05-08 20:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-06 09:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\analiza [2010-05-05 22:27:44 | 001,507,232 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys [2010-05-05 22:27:32 | 000,527,136 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll [2010-05-05 22:27:32 | 000,215,840 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll [2010-05-05 22:27:32 | 000,129,824 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1051.dll [2010-05-05 22:27:32 | 000,041,504 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys [2010-05-05 22:27:31 | 000,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll [2010-05-05 22:27:31 | 000,264,992 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll [2010-05-05 22:27:30 | 001,939,360 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys [2010-05-05 22:27:25 | 000,022,560 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys [2010-05-05 22:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\Moje wideo [2010-05-05 22:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech [2010-05-05 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2010-05-05 22:14:55 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys [2010-05-05 22:14:53 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys [2010-05-05 22:14:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys [2010-05-05 22:14:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2010-05-05 22:14:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax [2010-05-05 22:14:50 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys [2010-05-05 22:14:48 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys [2010-05-05 22:14:46 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys [2010-05-05 22:14:44 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2010-05-05 22:14:37 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys [2010-05-05 22:14:37 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2010-05-05 22:14:29 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys [2010-05-05 22:14:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2010-05-05 22:14:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax [2010-05-05 22:14:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2010-05-05 22:14:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax [2010-05-05 22:14:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2010-05-05 22:14:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll [2010-05-05 22:14:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2010-05-05 22:14:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax [2010-05-05 22:14:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax [2010-05-05 22:14:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax [2010-05-05 22:14:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2010-05-05 22:14:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax [2010-05-05 22:14:24 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2010-05-04 11:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-04-25 22:57:06 | 000,000,000 | ---D | C] -- C:\My Recordings [2010-04-25 22:54:39 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2010-04-25 22:54:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2010-04-22 11:13:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-04-22 11:13:01 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-04-22 11:13:01 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-04-22 11:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-04-19 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\studio [2010-04-18 17:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Moje dokumenty\gra miejska [2010-04-18 15:35:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2010-04-18 15:35:14 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2010-04-18 15:35:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2010-04-18 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\Infonetax [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-06-16 08:15:23 | 000,044,102 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\darok.m3u [2010-06-16 08:10:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-16 08:10:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-16 08:09:27 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\nazwa\NTUSER.DAT [2010-06-16 08:09:27 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\nazwa\ntuser.ini [2010-06-16 08:09:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-15 15:20:36 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\JDownloader.lnk [2010-06-15 08:06:05 | 000,044,528 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-06-15 08:05:35 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-14 22:20:45 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg [2010-06-14 16:48:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-13 20:55:43 | 000,001,480 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-13 20:38:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\nazwa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-10 13:12:44 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:34 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-04 13:08:45 | 000,083,064 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\drwebaf.sys [2010-06-04 13:08:45 | 000,072,184 | ---- | M] (Doctor Web) -- C:\WINDOWS\System32\drivers\DrWebPF.sys [2010-06-01 15:49:57 | 000,002,147 | ---- | M] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-06-01 09:57:15 | 000,118,277 | ---- | M] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-05-31 19:49:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-05-31 18:44:55 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-31 11:06:11 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-05-31 11:06:11 | 000,451,934 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-05-31 11:06:11 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-05-31 11:06:11 | 000,075,904 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-05-31 11:06:11 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-05-30 20:04:36 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2010-05-16 09:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-05-08 22:08:41 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010-04-20 17:44:30 | 000,119,288 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-16 08:15:23 | 000,044,102 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\darok.m3u [2010-06-15 15:20:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\JDownloader.lnk [2010-06-14 22:20:45 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\fix.reg [2010-06-13 20:55:43 | 000,001,480 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\DivX Movies.lnk [2010-06-10 13:12:44 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\nazwa\.recently-used.xbel [2010-06-04 21:02:07 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Gadu-Gadu.lnk [2010-06-04 17:20:46 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Auto-Backup.lnk [2010-06-04 13:11:38 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\Skrót do Biznes plan.lnk [2010-06-04 13:09:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2010-06-04 13:09:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2010-06-04 13:09:38 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2010-06-01 09:57:13 | 000,118,277 | ---- | C] () -- C:\Documents and Settings\nazwa\Moje dokumenty\SPRZEDAŻ INTERNETOWA.pdf [2010-06-01 09:16:18 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\nazwa\photorec.cfg [2010-05-31 18:44:55 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\cm.ini [2010-05-30 20:04:36 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\nazwa\Pulpit\XMind.lnk [2010-05-19 00:41:54 | 000,007,070 | ---- | C] () -- C:\NetworkCfg.xml [2010-05-05 22:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010-05-05 22:27:33 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010-05-05 22:27:33 | 000,013,398 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg [2010-04-22 11:13:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-04-22 11:13:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-04-22 11:13:02 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-04-22 11:13:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-04-22 11:13:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-04-22 11:12:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-04-22 11:12:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-03-18 09:31:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-03-05 00:20:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-04 16:08:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-03-04 16:06:38 | 000,002,745 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-03-04 16:00:07 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [color=#E56717]========== LOP Check ==========[/color] [2010-03-05 00:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-06-04 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2010-03-04 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-05-08 20:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-04 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-16 08:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup [2010-03-05 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\DAEMON Tools Lite [2010-06-04 21:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu [2010-05-08 22:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 10 [2010-04-23 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\gtk-2.0 [2010-05-18 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files [2010-06-04 13:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job [2010-06-16 08:09:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-03-07 00:07:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-03-04 15:02:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-06-06 18:25:41 | 000,047,510 | ---- | M] () -- C:\Log.txt [2010-06-03 23:52:23 | 000,007,532 | ---- | M] () -- C:\mksbasel.cpp.log [2010-03-04 15:02:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-05-18 19:49:16 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-06-16 08:10:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log] Logi z RSITa [log]Logfile of random's system information tool 1.07 (written by random/random) Run by nazwa at 2010-06-16 08:32:16 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 7 GB (37%) free of 20 GB Total RAM: 1022 MB (31% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:32:26, on 2010-06-16 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\frwl_notify.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Auto-Backup\Auto-Backup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\OTL.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\nazwa\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\nazwa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe" O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:enu O4 - HKCU\..\Run: [Auto-Backup] "C:\Program Files\Auto-Backup\Auto-Backup.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7042 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Dr.Web Daily scan.job C:\WINDOWS\tasks\Dr.Web Update.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-04 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "SpIDerMail"=C:\Program Files\DrWeb\spiderml.exe [2010-06-03 1541360] "Dr.Web Firewall"=C:\Program Files\DrWeb\frwl_notify.exe [2010-03-15 2600200] "SpIDerAgent"=C:\Program Files\DrWeb\SpIDerAgent.exe [2010-03-15 1314032] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520] "LogitechSetup"=G:\Setup\Setup.exe /start /restart /l:enu [] "Auto-Backup"=C:\Program Files\Auto-Backup\Auto-Backup.exe [2009-09-08 1400832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=0xFFFFFFFF [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"="C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-06-16 08:32:16 ----D---- C:\rsit 2010-06-16 08:09:03 ----D---- C:\_OTL 2010-06-15 15:19:51 ----D---- C:\Program Files\JDownloader 2010-06-15 13:53:05 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2010-06-15 13:53:05 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2010-06-15 13:53:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2010-06-15 13:53:04 ----N---- C:\WINDOWS\system32\pxafs.dll 2010-06-15 13:53:03 ----N---- C:\WINDOWS\system32\pxsfs.dll 2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\vxblock.dll 2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\pxwave.dll 2010-06-15 13:53:02 ----N---- C:\WINDOWS\system32\pxdrv.dll 2010-06-15 13:52:56 ----N---- C:\WINDOWS\system32\pxmas.dll 2010-06-15 13:52:44 ----N---- C:\WINDOWS\system32\px.dll 2010-06-14 22:12:45 ----D---- C:\autorun.inf 2010-06-14 21:12:36 ----D---- C:\Program Files\trend micro 2010-06-13 20:55:28 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\DivX 2010-06-13 20:48:13 ----D---- C:\Program Files\DivX 2010-06-13 20:46:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\DivX 2010-06-04 21:12:48 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Gadu-Gadu 2010-06-04 21:01:30 ----D---- C:\Program Files\Gadu-Gadu 2010-06-04 17:21:00 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Auto-Backup 2010-06-04 17:20:40 ----D---- C:\Program Files\Auto-Backup 2010-06-04 13:09:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web 2010-06-03 17:04:16 ----D---- C:\Program Files\SkanerOnline 2010-05-31 18:46:09 ----A---- C:\Log.txt 2010-05-25 21:44:35 ----SHD---- C:\DrWeb Quarantine 2010-05-22 22:44:38 ----D---- C:\WINDOWS\system32\LogFiles 2010-05-20 22:47:16 ----D---- C:\Program Files\DrWeb 2010-05-20 22:47:16 ----D---- C:\Program Files\Common Files\Doctor Web 2010-05-18 19:49:33 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt 2010-05-18 19:46:51 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Program Files 2010-05-18 19:46:41 ----D---- C:\WINDOWS\system32\SupportAppCB ======List of files/folders modified in the last 1 months====== 2010-06-16 08:13:23 ----D---- C:\WINDOWS\Prefetch 2010-06-16 08:11:25 ----D---- C:\WINDOWS\Temp 2010-06-16 08:11:05 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-16 08:09:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-16 08:09:14 ----D---- C:\WINDOWS\system32 2010-06-16 08:09:14 ----D---- C:\WINDOWS 2010-06-16 07:49:43 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\Skype 2010-06-15 16:01:02 ----D---- C:\Documents and Settings\nazwa\Dane aplikacji\skypePM 2010-06-15 15:19:51 ----RD---- C:\Program Files 2010-06-15 14:01:48 ----D---- C:\Program Files\Winamp 2010-06-15 13:53:06 ----D---- C:\WINDOWS\system32\drivers 2010-06-14 22:11:20 ----SHD---- C:\System Volume Information 2010-06-14 22:11:20 ----D---- C:\WINDOWS\system32\Restore 2010-06-14 22:07:27 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-06-13 23:10:18 ----SHD---- C:\WINDOWS\Installer 2010-06-13 23:10:18 ----D---- C:\Program Files\Common Files 2010-06-04 13:09:57 ----SD---- C:\WINDOWS\Tasks 2010-06-04 13:09:49 ----HD---- C:\WINDOWS\inf 2010-06-03 17:28:18 ----D---- C:\Program Files\Common Files\LogiShrd 2010-06-03 17:04:17 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-31 19:49:15 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-31 11:06:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-22 07:45:56 ----HD---- C:\Program Files\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 DRWEBAF;DrWEB Firewall Application Filter; \??\C:\WINDOWS\system32\drivers\drwebaf.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-04 21361] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 s24trans;Transport WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DrWebPF;DrWeb Packet Filter Driver; C:\WINDOWS\system32\DRIVERS\DrWebPF.sys [2010-06-04 72184] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S3 ac2ubcew;ac2ubcew; C:\WINDOWS\system32\drivers\ac2ubcew.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine); C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-06-03 1504600] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-04 153376] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- [/log]
Tomek01 komentarz 16 czerwca 2010 komentarz 16 czerwca 2010 Jeszcze został jeden wpis w rejestrze. Ponownie do notatnika wklej: [code]Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\ list] "C:\Documents and Settings\nazwa\Ustawienia lokalne\Temp\~os13.tmp\rlvknlg.exe"=-[/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Ręcznie usuń folder C:\Program Files\DAEMON Tools Toolbar W OTL użyj funkcji - Clean Up. To wszystko 1
futro999 komentarz 16 czerwca 2010 Autor komentarz 16 czerwca 2010 Nie no Panowie! Wielkie dzięki! Wszystko wydaje się być w porządku, zrobię jeszcze profilaktycznego skana. Jeszcze raz dziękuję za pomoc. Pozdrawiam!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.