Makaveli_ns utworzono 30 lipca 2010 utworzono 30 lipca 2010 (edytowane) Witam, dzisiaj pojawil mi sie problem, antywir wykryl kilka spy i wirusow, wlaczyl sie rowniez dziwny "antywir chyba MS cos tam maleware czy cos ala to Doctor" Logi OTL.txt: [log]OTL logfile created on: 2010-07-27 23:27:32 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 85,07 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 133,96 Gb Free Space | 66,64% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,16% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe PRC - [2010-07-27 21:44:13 | 000,189,440 | ---- | M] (Electronic Arts, Inc.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\Idj.exe PRC - [2010-07-27 21:44:10 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009-08-06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-07-27 21:44:05 | 000,241,664 | ---- | M] (ApexDC++ Development Team) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS) SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc) SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree) DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus) DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m) DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520) DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-26 11:31:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M] [2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2010-07-27 00:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions [2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml [2010-07-27 00:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-10 17:55:57 | 000,411,898 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14235 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software) O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.co...sreqlab_nvd.cab[/url] (System Requirements Lab Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe) - C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell - "" = AutoRun O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (ApexDC++ Development Team) MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "LightScribeService" MsConfig - Services: "InCDsrv" MsConfig - Services: "Apple Mobile Device" MsConfig - Services: "Adobe LM Service" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-27 22:29:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2010-07-27 21:44:17 | 000,194,560 | ---- | C] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe [2010-07-27 21:44:05 | 000,241,664 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\System32\sshnas21.dll [2010-07-27 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E [2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010-07-10 15:01:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft [2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll [2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx [2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL [2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1 [2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie [2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 60 Days ==========[/color] [2010-07-27 23:30:34 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [2010-07-27 23:24:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010-07-27 23:24:09 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-07-27 23:23:57 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-27 23:23:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-27 23:23:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-27 23:22:57 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT [2010-07-27 22:29:46 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2010-07-27 21:44:10 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Iwepya.exe [2010-07-27 21:44:05 | 000,241,664 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\System32\sshnas21.dll [2010-07-27 21:43:48 | 000,000,150 | ---- | M] () -- C:\zrpt.xml [2010-07-27 03:42:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-27 01:29:57 | 002,111,874 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-26 12:19:51 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-19 02:25:26 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat [2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini [2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk [2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini [2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup [2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup [2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup [2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI [2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk [2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-29 11:13:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT.rar.sha [2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk [2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup [2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup [2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup [2010-06-14 20:16:08 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Admin\Pulpit\arek.rar.sha [2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-07-27 22:29:43 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2010-07-27 21:44:27 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010-07-27 21:44:12 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-07-27 21:43:46 | 000,000,150 | ---- | C] () -- C:\zrpt.xml [2010-07-27 21:43:12 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI [2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-29 11:13:21 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT.rar.sha [2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-14 20:16:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Admin\Pulpit\arek.rar.sha [2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll [2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys [2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI [2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll [2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll [2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color="#e56717"]========== LOP Check ==========[/color] [2010-07-27 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E [2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools [2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall [2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia [2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++ [2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu [2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite [2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix [2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client [2010-07-23 11:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent [2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate [2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu [2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta [2010-07-27 23:24:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010-07-27 23:24:09 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-01-18 01:52:18 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-27 23:23:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url [2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt [2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url [2010-07-27 21:43:48 | 000,000,150 | ---- | M] () -- C:\zrpt.xml [color="#a23bec"]< MD5 for: AGP440.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color="#a23bec"]< MD5 for: ATAPI.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color="#a23bec"]< MD5 for: BEEP.SYS >[/color] [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color="#a23bec"]< MD5 for: CDROM.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color] [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color="#a23bec"]< MD5 for: NDIS.SYS >[/color] [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color] [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] oraz OTL Extras.txt: [log]OTL Extras logfile created on: 2010-07-27 23:27:32 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 85,07 Gb Free Space | 87,63% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 133,96 Gb Free Space | 66,64% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,16% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color="#e56717"]========== Extra Registry (SafeList) ==========[/color] [color="#e56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color="#e56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#e56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color="#e56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- () "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.) "E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH) "E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found "E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe" = E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found "E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) [color="#e56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3 "{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) "2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000) "46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BadCopy Pro" = BadCopy Pro "Call of Duty" = Call of Duty "CWK" = CWK (Czasowy Wyłącznik Komputera) "Diablo II" = Diablo II "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00 "FLVPlayer" = FLV Player 1.3.3 "FreeCall_is1" = FreeCall "Gadu-Gadu" = Gadu-Gadu 7.7 "InCD!UninstallKey" = InCD "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "Kamerzysta" = Kamerzysta (deinstalacja) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Notepad++" = Notepad++ "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "PowerISO" = PowerISO "RealAlt_is1" = Real Alternative 1.9.0 Lite "Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99 "SkanerOnline" = Skaner on-line mks_vir "SnoopFreePrivacyShield" = SnoopFree Privacy Shield "SpeedFan" = SpeedFan (remove only) "Starcraft" = Starcraft "StreetPlugin" = Learn2 Player (Uninstall Only) "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "uTorrent" = µTorrent "ViewpointMediaPlayer" = Viewpoint Media Player "Winamp" = Winamp (remove only) "Winamp PL" = Winamp 5.33 PL "WinRAR archiver" = Archiwizator WinRAR [color="#e56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Antimalware Doctor" = Antimalware Doctor "TeamSpeak 3 Client" = TeamSpeak 3 Client [color="#e56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-05-31 18:46:21 | Computer Name = PAWEL | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-02 14:33:21 | Computer Name = PAWEL | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00011a79. Error - 2010-06-02 14:33:34 | Computer Name = PAWEL | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb. Error - 2010-06-02 14:33:41 | Computer Name = PAWEL | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb. Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2010-07-25 07:57:32 | Computer Name = XXX | Source = Service Control Manager | ID = 7031 Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-07-25 21:51:13 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-07-25 21:51:16 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-07-26 22:42:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-07-26 22:42:42 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-07-27 16:43:14 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Microsoft Kernel Acoustic Echo Canceller z powodu następującego błędu: %%31 Error - 2010-07-27 16:45:36 | Computer Name = XXX | Source = Service Control Manager | ID = 7031 Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-07-27 16:52:30 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-07-27 18:24:43 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-07-27 18:24:46 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 < End of report > [/log] Oto logi z RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Admin at 2010-07-28 00:11:17 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 87 GB (88%) free of 99 GB Total RAM: 3070 MB (81% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:11:29, on 2010-07-28 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Iwepya.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\VPro520.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Pulpit\RSIT.exe C:\Program Files\trend micro\Admin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [5DR8ZAD8GX] C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: VPro520.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.co...sreqlab_nvd.cab[/url] O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O19 - User stylesheet: C:\sledzik.css.txt O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- End of file - 8733 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-02 37376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SnoopFreeUI"=C:\WINDOWS\SnoopFreeUI.exe [2010-01-11 221184] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-04-14 395496] "5DR8ZAD8GX"=C:\DOCUME~1\Admin\USTAWI~1\Temp\Idj.exe [2010-07-27 189440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "LightScribeService"=2 "InCDsrv"=2 "Apple Mobile Device"=2 "Adobe LM Service"=3 C:\Documents and Settings\All Users\Menu Start\Programy\Autostart VPro520.lnk - C:\WINDOWS\VPro520.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary" "E:\Program Files\Anno 1701\Anno1701.exe"="E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "E:\Program Files\Anno 1701\Anno1701AddOn.exe"="E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe"="E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "E:\Program Files\Gadu-Gadu\gg.exe"="E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" ======List of files/folders created in the last 3 months====== 2010-07-28 00:08:21 ----D---- C:\rsit 2010-07-28 00:08:21 ----D---- C:\Program Files\trend micro 2010-07-27 21:44:17 ----A---- C:\WINDOWS\Iwepya.exe 2010-07-27 21:44:05 ----A---- C:\WINDOWS\system32\sshnas21.dll 2010-07-27 21:43:12 ----A---- C:\WINDOWS\system32\drivers\sdzkl.sys 2010-07-27 21:42:45 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E 2010-07-25 23:44:48 ----A---- C:\WINDOWS\system32\unrar.dll 2010-07-25 23:44:45 ----D---- C:\Program Files\K-Lite Codec Pack 2010-07-23 11:20:53 ----HD---- C:\WINDOWS\PIF 2010-07-15 01:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-10 15:01:11 ----SHD---- C:\Config.Msi 2010-07-08 01:13:06 ----A---- C:\WINDOWS\msoffice.ini 2010-07-07 23:32:56 ----D---- C:\WINDOWS\occache 2010-07-07 23:32:56 ----D---- C:\Program Files\Learn2.com 2010-07-07 23:32:50 ----D---- C:\Program Files\Viewpoint 2010-07-07 23:32:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint 2010-07-07 23:32:48 ----A---- C:\WINDOWS\system32\shdocvw.bak 2010-07-07 23:32:47 ----D---- C:\Program Files\Common Files\Nullsoft 2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\roboex32.dll 2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\Inetwh32.dll 2010-07-07 23:31:50 ----A---- C:\WINDOWS\system32\gdiplus.dll 2010-07-07 23:31:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AOL 2010-07-07 23:30:12 ----A---- C:\WINDOWS\atid.ini 2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.pif 2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.exe 2010-07-05 11:44:03 ----A---- C:\WINDOWS\COD.INI 2010-06-10 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-06-10 18:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-06-10 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-06-10 18:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-06-10 18:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-06-10 18:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-06-04 16:07:42 ----D---- C:\Program Files\Jufsoft 2010-05-26 12:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-05-22 01:50:19 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\maxup 2010-05-14 01:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-05-06 10:58:54 ----A---- C:\WINDOWS\system32\OpenCL.dll 2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2010-05-06 10:58:53 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2010-05-06 10:58:51 ----A---- C:\WINDOWS\system32\nvcuda.dll 2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcompiler.dll 2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcodins.dll 2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvcod.dll 2010-05-06 10:58:50 ----A---- C:\WINDOWS\system32\nvapi.dll 2010-05-06 10:51:44 ----D---- C:\Program Files\SystemRequirementsLab 2010-05-04 17:16:27 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Qrix 2010-05-04 17:14:12 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 2010-05-04 15:15:36 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu ======List of files/folders modified in the last 3 months====== 2010-07-28 00:10:45 ----D---- C:\Program Files\Mozilla Firefox 2010-07-28 00:10:09 ----D---- C:\WINDOWS\Temp 2010-07-28 00:10:01 ----SD---- C:\WINDOWS\Tasks 2010-07-28 00:08:21 ----RD---- C:\Program Files 2010-07-27 23:24:53 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-27 23:22:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-27 21:44:18 ----D---- C:\WINDOWS\Prefetch 2010-07-27 21:44:17 ----D---- C:\WINDOWS 2010-07-27 21:44:05 ----D---- C:\WINDOWS\system32 2010-07-27 21:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-27 21:43:14 ----D---- C:\WINDOWS\system32\drivers 2010-07-26 12:20:09 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype 2010-07-26 12:20:04 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\skypePM 2010-07-24 13:55:57 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\U3 2010-07-23 11:27:10 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent 2010-07-22 17:06:04 ----D---- C:\Program Files\AC3Filter 2010-07-21 00:11:29 ----D---- C:\Program Files\SpeedFan 2010-07-19 20:32:24 ----HD---- C:\WINDOWS\inf 2010-07-19 16:58:32 ----A---- C:\WINDOWS\NeroDigital.ini 2010-07-19 02:25:26 ----A---- C:\WINDOWS\Sandboxie.ini 2010-07-16 21:48:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-07-16 21:46:26 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Adobe 2010-07-15 01:01:50 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-10 17:55:57 ----D---- C:\WINDOWS\system32\drivers\etc 2010-07-10 15:01:43 ----SHD---- C:\WINDOWS\Installer 2010-07-08 01:14:23 ----D---- C:\Program Files\Common Files 2010-07-08 01:13:33 ----A---- C:\WINDOWS\win.ini 2010-07-07 23:30:21 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla 2010-07-07 00:01:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-07-05 11:51:02 ----D---- C:\WINDOWS\system32\LogFiles 2010-07-02 20:39:05 ----A---- C:\WINDOWS\system32\MRT.exe 2010-06-16 23:18:02 ----D---- C:\WINDOWS\Minidump 2010-06-10 18:21:45 ----A---- C:\WINDOWS\imsins.BAK 2010-06-10 18:21:04 ----D---- C:\Program Files\Internet Explorer 2010-06-10 18:20:54 ----D---- C:\WINDOWS\ie8updates 2010-06-08 13:18:28 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios 2010-06-08 10:38:00 ----D---- C:\Program Files\uTorrent 2010-06-04 17:59:18 ----SD---- C:\Documents and Settings\Admin\Dane aplikacji\Microsoft 2010-05-14 01:29:05 ----D---- C:\Program Files\Outlook Express 2010-05-06 15:58:44 ----A---- C:\WINDOWS\system32\ieframe.dll 2010-05-06 11:28:51 ----A---- C:\WINDOWS\system32\wininet.dll 2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\urlmon.dll 2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\occache.dll 2010-05-06 11:28:50 ----A---- C:\WINDOWS\system32\mstime.dll 2010-05-06 11:28:49 ----A---- C:\WINDOWS\system32\mshtml.dll 2010-05-06 11:28:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2010-05-06 11:28:46 ----A---- C:\WINDOWS\system32\msfeeds.dll 2010-05-06 11:28:45 ----A---- C:\WINDOWS\system32\jsproxy.dll 2010-05-06 11:28:44 ----A---- C:\WINDOWS\system32\iertutil.dll 2010-05-06 11:28:43 ----A---- C:\WINDOWS\system32\iepeers.dll 2010-05-06 11:28:38 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2010-05-06 11:00:16 ----D---- C:\WINDOWS\Help 2010-05-06 11:00:16 ----D---- C:\Program Files\NVIDIA Corporation 2010-05-06 10:59:28 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-06 10:51:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-05 14:56:34 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2010-05-04 16:53:59 ----D---- C:\Program Files\Gadu-Gadu 2010-05-04 15:16:30 ----D---- C:\WINDOWS\WinSxS 2010-05-02 15:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-05-02 14:24:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248] R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-10-16 164896] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 SnoopFree;SnoopFree Driver; C:\WINDOWS\System32\Drivers\SnopFree.sys [2010-01-11 9472] R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 717296] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-11-02 28672] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-02 28520] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2009-10-16 12032] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-05 278984] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-02 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-21 18048] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-10-16 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944] R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 SPC520;Philips SPC520NC PC Camera; C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 85504] R3 SPC520m;Philips SPC520NC PC Cameram; C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 7680] R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584] S0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2009-10-16 100736] S0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336] S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072] S0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248] S0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672] S0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856] S0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520] S3 a5abfpfr;a5abfpfr; C:\WINDOWS\system32\drivers\a5abfpfr.sys [] S3 aqvtswm6;aqvtswm6; C:\WINDOWS\system32\drivers\aqvtswm6.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2009-07-31 341504] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-02 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-06-29 172032] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-18 66872] R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-04-14 73960] R2 SnoopFreeSvc;Snoop Free Service; C:\WINDOWS\System32\SnoopFreeSvc.exe [2010-01-11 90112] R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336] R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-02 68096] S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336] S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424] S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] S4 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] -----------------EOF----------------- [/log] Info RSIT [log]info.txt logfile of random's system information tool 1.08 2010-07-28 00:08:37 ======Uninstall list====== -->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 8.2.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003} Aktualizacja dla systemu Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Aktualizacja dla systemu Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Anno 1701 - Add-On-->"C:\Program Files\InstallShield Installation Information\{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}\Setup.exe" -runfromtemp -l0x0015 -removeonly Anno 1701-->"C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\SETUP.EXE" -runfromtemp -l0x0015 -removeonly Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Call of Duty-->E:\Program Files\CALLOF~1\Uninstall\Unwise.exe /u E:\Program Files\CALLOF~1\Uninstall\Install.log Commandos 2: Men of Courage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe" CWK (Czasowy Wyłącznik Komputera)-->"C:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat DVD Solution-->"C:\Program Files\Uninstall_CDS.exe" EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe" FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe" Gadu-Gadu 7.7-->E:\Program Files\Call of Duty\Gadu-Gadu\Setup.exe GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Kamerzysta (deinstalacja)-->"C:\Program Files\Onet\Kamerzysta\odinstaluj.exe" K-Lite Codec Pack 6.2.0 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe NAPIPROJEKT 1.0.6.1-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" Need for Speed™ Most Wanted-->e:\Program Files\Need for Speed Most Wanted\EAUninstall.exe Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia PC Suite-->MsiExec.exe /I{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC} Notepad++-->C:\Program Files\Notepad++\uninstall.exe NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1DD56D2122DDFA3E4C3B165E3A5CFA613B48BDC7\amdk8.inf Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\spc520_2393375C41A81CBA8FE7B4BD848464BF36BCAC40\spc520.inf PC Connectivity Solution-->MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8} Philips SPC520NC Webcam-->C:\Program Files\InstallShield Installation Information\{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}\Setup.exe -runfromtemp -l0x0015 -removeonly Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B3A8956-FAF7-4DB7-897C-86926C5323D2}\Setup.exe" -l0x9 Poprawka dla systemu Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" Rzeźnik MPEGów 1.1.99-->"C:\Program Files\MGrenda\Rzeznik\unins000.exe" Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SnoopFree Privacy Shield-->SnoopFreeUI.exe /U SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x15 -removeonly SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Winamp 5.33 PL-->"C:\Program Files\Winamp\uninst-winamp_pl.exe" Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======System event log====== Computer Name: PAWEL Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 13114 Source Name: avgntflt Time Written: 20100603135258.000000+060 Event Type: informacje User: Computer Name: PAWEL Event Code: 1002 Message: Adres IP połączenia 192.168.1.2 dla karty sieciowej o adresie 0018F3F0144B został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Record Number: 13113 Source Name: Dhcp Time Written: 20100603135232.000000+060 Event Type: błąd User: Computer Name: PAWEL Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 13112 Source Name: EventLog Time Written: 20100603135229.000000+060 Event Type: informacje User: Computer Name: PAWEL Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Multiprocessor Free. Record Number: 13111 Source Name: EventLog Time Written: 20100603135229.000000+060 Event Type: informacje User: Computer Name: PAWEL Event Code: 6006 Message: Zatrzymano usługę Dziennik zdarzeń. Record Number: 13110 Source Name: EventLog Time Written: 20100603122451.000000+060 Event Type: informacje User: =====Application event log===== Computer Name: PAWEL Event Code: 1000 Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd msvcrt.dll, wersja 7.0.2600.5512, adres błędu 0x00037410. Record Number: 187 Source Name: Application Error Time Written: 20100106224847.000000+000 Event Type: błąd User: Computer Name: PAWEL Event Code: 1000 Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.22918, adres błędu 0x0008ddc2. Record Number: 186 Source Name: Application Error Time Written: 20100106214430.000000+000 Event Type: błąd User: Computer Name: PAWEL Event Code: 1000 Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00029265. Record Number: 185 Source Name: Application Error Time Written: 20100106214415.000000+000 Event Type: błąd User: Computer Name: PAWEL Event Code: 4097 Message: Aplikacja C:\Program Files\Internet Explorer\IEXPLORE.EXE wygenerowała błąd aplikacji. Błąd wystąpił na 01/06/2010 @ 21:43:56.281. Wygenerowany wyjątek to c0000005 pod adresem 7C9375C4 (ntdll!RtlRemoveVectoredExceptionHandler). Record Number: 184 Source Name: DrWatson Time Written: 20100106214356.000000+000 Event Type: informacje User: Computer Name: PAWEL Event Code: 1000 Message: Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x000375c4. Record Number: 183 Source Name: Application Error Time Written: 20100106214354.000000+000 Event Type: błąd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log] Bardzo prosze o sprawdzenie logowktos pomoze?
Gość komentarz 31 lipca 2010 komentarz 31 lipca 2010 (edytowane) [code][2010-07-27 23:30:34 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [/code] Masz rootkita. Daj loga z Combofixa.
Sohei komentarz 31 lipca 2010 komentarz 31 lipca 2010 Do tego nie jest potrzebny combofix. Używamy go tylko w przy bardzo ciężkich infekcjach! Do autora wątku wklej do OTL i kliknij run fix [code]:Processes Explorer.exe :OTL O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell - "" = AutoRun O33 - MountPoints2\{571e1ce5-fea5-11de-8a0b-0018f3f0144b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found' :files C:\WINDOWS\System32\drivers\sdzkl.sys C:\WINDOWS\System32\sshnas21.dll C:\zrpt.xml :Commands [emptytemp] [start explorer] [Reboot][/code] Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url] Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url] Co znajda usun po czym daj logi z usuwania + nowy log OTL + log z GMER
Makaveli_ns komentarz 1 sierpnia 2010 Autor komentarz 1 sierpnia 2010 OTL Extras: [log]OTL Extras logfile created on: 2010-08-01 19:49:39 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = D:\Programy\Antywiry\Sprawdzanie logow Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 85,19 Gb Free Space | 87,76% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- () "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH) "E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found "E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe" = E:\Program Files\Call of Duty\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found "E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3 "{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) "2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000) "46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BadCopy Pro" = BadCopy Pro "Call of Duty" = Call of Duty "CWK" = CWK (Czasowy Wyłącznik Komputera) "Diablo II" = Diablo II "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00 "FLVPlayer" = FLV Player 1.3.3 "FreeCall_is1" = FreeCall "Gadu-Gadu" = Gadu-Gadu 7.7 "InCD!UninstallKey" = InCD "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "Kamerzysta" = Kamerzysta (deinstalacja) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Notepad++" = Notepad++ "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "PowerISO" = PowerISO "RealAlt_is1" = Real Alternative 1.9.0 Lite "Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99 "SkanerOnline" = Skaner on-line mks_vir "SnoopFreePrivacyShield" = SnoopFree Privacy Shield "SpeedFan" = SpeedFan (remove only) "Starcraft" = Starcraft "StreetPlugin" = Learn2 Player (Uninstall Only) "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "uTorrent" = µTorrent "ViewpointMediaPlayer" = Viewpoint Media Player "Winamp" = Winamp (remove only) "Winamp PL" = Winamp 5.33 PL "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-02 14:33:34 | Computer Name = PAWEL | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb. Error - 2010-06-02 14:33:41 | Computer Name = PAWEL | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010aeb. Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-24 18:18:45 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-30 12:00:41 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca KissCloneHunter2.2.exe, wersja 2.2.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034 Description = Usługa Sandboxie Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034 Description = Usługa ForceWare Intelligent Application Manager (IAM) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034 Description = Usługa ForceWare IP service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034 Description = Usługa ForceWare user log service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-08-01 07:02:09 | Computer Name = XXX | Source = Service Control Manager | ID = 7034 Description = Usługa StarWind iSCSI Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-08-01 07:06:00 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-08-01 07:06:02 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-08-01 08:08:03 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-08-01 09:11:44 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-08-01 11:07:58 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. < End of report > [/log] OTL Log: [log]OTL logfile created on: 2010-08-01 19:49:39 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = D:\Programy\Antywiry\Sprawdzanie logow Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 85,19 Gb Free Space | 87,76% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Programy\Antywiry\Sprawdzanie logow\OTL.exe PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Programy\Antywiry\Sprawdzanie logow\OTL.exe MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-10-16 18:45:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc) SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [File_System | Unknown | Running] -- -- (DwProt) DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree) DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus) DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m) DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520) DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?ocid=iehp IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-01 03:08:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M] [2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions [2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml [2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-10 17:55:57 | 000,411,898 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14235 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software) O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe) - C:\Documents and Settings\Admin\Dane aplikacji\ohydy.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "LightScribeService" MsConfig - Services: "InCDsrv" MsConfig - Services: "Apple Mobile Device" MsConfig - Services: "Adobe LM Service" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-01 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\DoctorWeb [2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-27 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E [2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010-07-10 15:01:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-07-07 23:32:48 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.bak [2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft [2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll [2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx [2010-07-07 23:31:50 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL [2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1 [2010-06-10 18:02:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie [2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-01 19:51:44 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [2010-08-01 19:04:01 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-08-01 12:05:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-01 12:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-01 12:04:37 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT [2010-08-01 03:53:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-30 02:38:11 | 002,642,210 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-29 07:28:00 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010-07-28 20:17:47 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat [2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini [2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk [2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini [2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup [2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup [2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup [2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI [2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk [2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk [2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup [2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup [2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup [2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-06-14 15:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-27 21:43:12 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdzkl.sys [2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI [2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll [2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys [2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI [2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll [2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll [2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-07-27 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E [2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools [2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall [2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia [2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++ [2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu [2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite [2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix [2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client [2010-08-01 11:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent [2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate [2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu [2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-01-18 01:52:18 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-01 12:05:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url [2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt [2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Gmer przy uruchomieniu: [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-08-01 21:07:22 Windows 5.1.2600 Dodatek Service Pack 3 Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys ---- System - GMER 1.0.15 ---- SSDT spie.sys ZwEnumerateKey [0xB7EC6CA2] <-- ROOTKIT !!! SSDT spie.sys ZwEnumerateValueKey [0xB7EC7030] <-- ROOTKIT !!! Code B87B9C9C ZwRequestPort Code B87B9D3C ZwRequestWaitReplyPort Code B87B9BFC ZwTraceEvent Code B87B9C9B NtRequestPort Code B87B9D3B NtRequestWaitReplyPort Code B87B9BFB NtTraceEvent ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A344DD8 Device \FileSystem\Ntfs \Ntfs 8A4D51F8 Device \FileSystem\Fastfat \Fat 8A1EF500 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- [/log] GMER log nr 1: [log] GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-01 21:02:05 Windows 5.1.2600 Dodatek Service Pack 3 Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys ---- System - GMER 1.0.15 ---- SSDT B8760B16 ZwCreateKey SSDT SnopFree.sys ZwCreateProcessEx [0xB84BC9E4] <-- ROOTKIT !!! SSDT B8760B0C ZwCreateThread SSDT B8760B1B ZwDeleteKey SSDT B8760B25 ZwDeleteValueKey SSDT spgk.sys ZwEnumerateKey [0xB7EC6CA2] <-- ROOTKIT !!! SSDT spgk.sys ZwEnumerateValueKey [0xB7EC7030] <-- ROOTKIT !!! SSDT B8760B2A ZwLoadKey SSDT spgk.sys ZwOpenKey [0xB7EA80C0] <-- ROOTKIT !!! SSDT B8760AF8 ZwOpenProcess SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA125DFE0] <-- ROOTKIT !!! SSDT B8760AFD ZwOpenThread SSDT spgk.sys ZwQueryKey [0xB7EC7108] <-- ROOTKIT !!! SSDT spgk.sys ZwQueryValueKey [0xB7EC6F88] <-- ROOTKIT !!! SSDT B8760B34 ZwReplaceKey SSDT B8760B2F ZwRestoreKey SSDT B8760B20 ZwSetValueKey SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA125DF0E] <-- ROOTKIT !!! SSDT B8760B07 ZwTerminateProcess INT 0x62 ? 8A4D2BF8 INT 0x63 ? 8A54CBF8 INT 0x73 ? 8A54CBF8 INT 0x83 ? 8A54CBF8 INT 0xB1 ? 8A54CBF8 INT 0xB1 ? 8A54CBF8 INT 0xB4 ? 8A547BF8 Code AEC59C9C ZwRequestPort Code AEC59D3C ZwRequestWaitReplyPort Code AEC59BFC ZwTraceEvent Code AEC59C9B NtRequestPort Code AEC59D3B NtRequestWaitReplyPort Code AEC59BFB NtTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 80535118 5 Bytes JMP AEC59C00 PAGE ntkrnlpa.exe!NtRequestPort 805A2A3C 5 Bytes JMP AEC59CA0 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D68 5 Bytes JMP AEC59D40 .text SnopFree.sys B84BCD42 5 Bytes JMP AEC598E0 .text SnopFree.sys B84BCDA8 5 Bytes JMP AEC593E0 ? C:\WINDOWS\system32\drivers\SnopFree.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? spgk.sys Nie można odnaleźć określonego pliku. ! .text sdzkl.sys B7D8E000 96 Bytes JMP B7DCCFE1 sdzkl.sys .text sdzkl.sys B7D8E062 147 Bytes [60, 5E, 89, 44, 24, 18, 66, ...] .text sdzkl.sys B7D8E0F6 5 Bytes [FE, C9, FE, C9, 8A] .text sdzkl.sys B7D8E0FC 216 Bytes [04, 83, C4, 04, 0F, 81, E7, ...] .text sdzkl.sys B7D8E1D5 53 Bytes [00, 9C, F8, 83, ED, 02, E8, ...] .text ... ? C:\WINDOWS\system32\drivers\sdzkl.sys Urządzenie podłączone do komputera nie działa. .text USBPORT.SYS!DllUnload B7A908AC 5 Bytes JMP 8A5471D8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F10380, 0x566445, 0xE8000020] ? System32\Drivers\akzhdu06.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\aludaym5.SYS System nie może odnaleźć określonej ścieżki. ! init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB3804A00] .text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP AEC59480 .text win32k.sys!EngCopyBits + 68D BF838F8D 5 Bytes JMP AEC595C0 .text win32k.sys!EngCreateBitmap + 6F4 BF83E197 5 Bytes JMP AEC59700 .text win32k.sys!EngMultiByteToWideChar + 789E BF869E44 5 Bytes JMP AEC59A20 .text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP AEC59660 .text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP AEC59520 .text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP AEC597A0 .text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP AEC59980 .text win32k.sys!EngCreateClip + 19C1 BF9133D3 5 Bytes JMP AEC59AC0 .text win32k.sys!EngCreateClip + 1F51 BF913963 5 Bytes JMP AEC59B60 .text win32k.sys!EngCreateClip + 2597 BF913FA9 5 Bytes JMP AEC59840 .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA2135300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB84A0300, 0x1B7E, 0xE8000020] ? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. ! ? C:\DOCUME~1\Admin\USTAWI~1\Temp\lD9yMvU5.sys Nie można odnaleźć określonego pliku. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spgk.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spgk.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spgk.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spgk.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spgk.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spgk.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A41F388 Device \FileSystem\Ntfs \Ntfs 888A7448 Device \FileSystem\Ntfs \Ntfs 88A03690 Device \FileSystem\Ntfs \Ntfs 889E0BB0 Device \FileSystem\Ntfs \Ntfs 887A2250 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys Device \FileSystem\Fastfat \FatCdrom 8A201500 Device \Driver\sptd \Device\1685513042 spgk.sys AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys Device \Driver\PCI_PNP9292 \Device\00000050 spgk.sys Device \Driver\usbohci \Device\USBPDO-0 8A5481F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A54A1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A54A1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A54A1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A54A1F8 Device \Driver\usbehci \Device\USBPDO-1 8A4D11F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} 89DE0500 AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4D31F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4D31F8 Device \Driver\Cdrom \Device\CdRom0 8A4D01F8 Device \Driver\Cdrom \Device\CdRom1 8A4D01F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4D31F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7D39B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4D31F8 Device \Driver\Cdrom \Device\CdRom2 8A4D01F8 Device \Driver\Cdrom \Device\CdRom3 8A4D01F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89DE0500 Device \Driver\NetBT \Device\NetbiosSmb 89DE0500 Device \Driver\PCI_PNP9292 \Device\0000004f spgk.sys AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys Device \Driver\usbohci \Device\USBFDO-0 8A5481F8 Device \Driver\usbehci \Device\USBFDO-1 8A4D11F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893961F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 893961F8 Device \Driver\Ftdisk \Device\FtControl 8A4D31F8 Device \Driver\sptd \Device\1685356792 spgk.sys Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8A5491F8 Device \Driver\akzhdu06 \Device\Scsi\akzhdu061 8A07F1F8 Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 8A5491F8 Device \Driver\nvgts \Device\Scsi\nvgts1 8A5491F8 Device \Driver\nvgts \Device\Scsi\nvgts2 8A5491F8 Device \Driver\akzhdu06 \Device\Scsi\akzhdu061Port5Path0Target1Lun0 8A07F1F8 Device \Driver\nvgts \Device\Scsi\nvgts3 8A5491F8 Device \Driver\aludaym5 \Device\Scsi\aludaym51 89F7A1F8 Device \Driver\akzhdu06 \Device\Scsi\akzhdu061Port5Path0Target0Lun0 8A07F1F8 Device \FileSystem\Fastfat \Fat 8A201500 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat dwprot.sys Device \FileSystem\Cdfs \Cdfs 89D794B0 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sdzkl@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -764495635 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1033911924 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEB 0xBD 0xE2 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD5 0x42 0x5F 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ... Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\sdzkl@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEB 0xBD 0xE2 0x0F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD5 0x42 0x5F 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ... ---- EOF - GMER 1.0.15 ---- [/log] GMER log nr 2: [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-01 21:08:27 Windows 5.1.2600 Dodatek Service Pack 3 Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys ---- Services - GMER 1.0.15 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudio Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service [DISABLED] Aha154x Service ahcix86 Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service amdide Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8 Service [DISABLED] amsint Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb Service BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [MANUAL] Cpcudnntr Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [AUTO] ForceWare Intelligent Application Manager (IAM) Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] ForcewareWebInterface Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt Service iaStor Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService Service (InCD File System Driver/Nero AG) [DISABLED] InCDfs Service C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead RW Filter Driver/Nero AG) [SYSTEM] InCDPass Service (InCD File System Recognizer/Nero AG) [SYSTEM] InCDrec Service (Ahead MRW Filter Driver/Nero AG) [SYSTEM] incdrm Service C:\Program Files\Ahead\InCD\InCDsrv.exe (incdsrv/Nero AG) [DISABLED] InCDsrv Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp Service C:\Program Files\Java\jre6\bin\jqs.exe [AUTO] JavaQuickStarterService Service Jraid Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [DISABLED] LightScribeService Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service C:\WINDOWS\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (ActiveArmor Firewall IP Service/NVIDIA Corporation) [AUTO] nSvcIp Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (nSvcLog/NVIDIA Corporation) [AUTO] nSvcLog Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 /NVIDIA Corporation) [MANUAL] nv Service (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvgts Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus Service nvraid Service nvrd32 Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 197.45/NVIDIA Corporation) [AUTO] nvsvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\system32\PnkBstrA.exe [AUTO] PnkBstrA Service PnP680 Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\processr.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\wg111v3.sys (NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8187B Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk) [MANUAL] SbieDrv Service C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk) [AUTO] SbieSvc Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule Service (*** hidden *** ) [BOOT] sdzkl <-- ROOTKIT !!! Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) [MANUAL] SenFiltService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3112 Service Si3114 Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3114r5 Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3124 Service Si3124r5 Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3132 Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3132r5 Service (SATA Controller miniport driver/Silicon Image, Inc) [BOOT] Si3531 Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP Service C:\WINDOWS\System32\Drivers\SnopFree.sys [BOOT] SnoopFree Service C:\WINDOWS\System32\SnoopFreeSvc.exe [AUTO] SnoopFreeSvc Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\SPC520.sys (Philips SPC520 Camera Driver (WDM Main Driver)/Philips ) [MANUAL] SPC520 Service C:\WINDOWS\system32\drivers\SPC520m.sys (Philips SPC520 Camera Driver (DS MiniDriver) /Philips ) [MANUAL] SPC520m Service C:\WINDOWS\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) [BOOT] speedfan Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service [DISABLED] ViaIde Service viamraid Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [DISABLED] WMPNetworkSvc Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service {1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} Service {5B372BBB-2744-4B5A-883D-1DF92341242E} Service {C2460799-C1C2-4AF9-A3ED-5C620AF8767F} ---- EOF - GMER 1.0.15 ---- [/log] Logow z usuwania nie mam poniewaz niechcacy wylaczylem ale znalaz kilkanascie wirusow ktore usunal.
Sohei komentarz 1 sierpnia 2010 komentarz 1 sierpnia 2010 Teraz można stwierdzić potrzebę użycia combofix gdyż w systemie siedzą również inne rootkikty. http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix Przeczytaj to dokładnie i pobierz combofix. Uruchom go ale pamiętaj o ZAINSTALOWANIU KONSOLI ODZYSKIWANIA!
Makaveli_ns komentarz 1 sierpnia 2010 Autor komentarz 1 sierpnia 2010 Skad biora sie takie programy? Jak moglem sie nim zarazic? Czy jest jakis program ktory chroni przed tym? Oto log z ComboFix: [log]ComboFix 10-07-31.04 - Admin 2010-08-01 22:34:10.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2649 [GMT 1:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E\enemies-names.txt c:\documents and settings\Admin\Dane aplikacji\454A2704E4D8CC0C830B6393DDCA4D4E\local.ini c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Admin\Menu Start\Programy\Antimalware Doctor\Uninstall.lnk c:\windows\system32\VB6KO.DLL . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Pliki utworzone od 2010-07-01 do 2010-08-01 ))))))))))))))))))))))))))))))) . 2010-08-01 12:30 . 2010-08-01 12:31 -------- d-----w- c:\documents and settings\Admin\DoctorWeb 2010-07-27 23:08 . 2010-07-27 23:11 -------- d-----w- c:\program files\trend micro 2010-07-27 23:08 . 2010-07-27 23:08 -------- d-----w- C:\rsit 2010-07-27 20:43 . 2010-08-01 21:40 766976 ----a-w- c:\windows\system32\drivers\sdzkl.sys 2010-07-25 22:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-07-25 22:44 . 2010-07-25 22:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-24 13:03 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\cleanup.exe 2010-07-24 13:02 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\Launchpad Removal.exe 2010-07-24 13:02 . 2010-07-24 13:03 -------- d-----w- c:\documents and settings\De 2\Dane aplikacji\U3 2010-07-23 10:20 . 2010-07-23 10:20 -------- d--h--w- c:\windows\PIF 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\windows\occache 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Learn2.com 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Viewpoint 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Viewpoint 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Common Files\Nullsoft 2010-07-07 22:32 . 2003-08-15 14:17 54784 ----a-w- c:\windows\system32\Inetwh32.dll 2010-07-07 22:32 . 2003-08-15 14:17 1044480 ----a-w- c:\windows\system32\roboex32.dll 2010-07-07 22:31 . 2003-05-30 12:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-07-07 22:31 . 2010-07-08 00:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AOL 2010-07-05 11:13 . 2010-07-05 11:16 34245 ----a-w- c:\windows\scunin.dat 2010-07-05 11:13 . 2010-07-05 11:16 967 ----a-w- c:\windows\ScUnin.pif 2010-07-05 11:13 . 2010-07-05 11:16 70656 ----a-w- c:\windows\ScUnin.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-01 10:58 . 2010-01-02 15:06 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\uTorrent 2010-07-29 09:27 . 2010-01-02 14:46 -------- d-----w- c:\program files\SpeedFan 2010-07-28 20:09 . 2010-01-02 15:15 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype 2010-07-28 16:27 . 2010-01-05 21:29 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\skypePM 2010-07-24 12:55 . 2010-01-11 16:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\U3 2010-07-22 16:06 . 2010-01-11 14:24 -------- d-----w- c:\program files\AC3Filter 2010-07-15 12:23 . 2010-04-15 19:20 37795 ----a-w- c:\windows\DIIUnin.dat 2010-07-07 22:30 . 2010-01-02 14:51 335 ----a-w- c:\windows\nsreg.dat 2010-07-06 23:01 . 2010-01-05 17:11 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-07-06 23:01 . 2010-01-05 17:11 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-06-14 18:24 . 2010-01-28 19:49 63984 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-06-14 14:31 . 2010-01-02 14:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-08 12:18 . 2010-01-28 19:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Firefly Studios 2010-06-08 09:38 . 2010-01-02 15:06 -------- d-----w- c:\program files\uTorrent 2010-06-04 15:07 . 2010-06-04 15:07 -------- d-----w- c:\program files\Jufsoft 2010-05-06 10:28 . 2009-10-16 17:45 919040 ----a-w- c:\windows\system32\wininet.dll 2004-10-01 14:00 . 2010-01-02 15:21 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2009-10-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-14 395496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SnoopFreeUI"="SnoopFreeUI.exe" [2010-01-11 221184] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-16 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ VPro520.lnk - c:\windows\VPro520.exe [2010-1-2 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "LightScribeService"=2 (0x2) "InCDsrv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Call of Duty\\CoDMP.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "e:\\Program Files\\Anno 1701\\Anno1701.exe"= "e:\\Program Files\\Anno 1701\\Anno1701AddOn.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"= "e:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289] R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2010-01-02 85504] R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2010-01-02 7680] S0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-16 69248] S0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-16 212520] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-07-31 341504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-02 717296] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - sdzkl . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\ FF - prefs.js: browser.startup.homepage - www.onet.pl FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Gadu-Gadu - e:\program files\Call of Duty\Gadu-Gadu\Setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-01 22:40 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzkl] . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(780) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(384) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\PC Connectivity Solution\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\progra~1\SPYBOT~1\SDHelper.dll c:\program files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll c:\program files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\SnoopFreeUI.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\PnkBstrA.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\SnoopFreeSvc.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe . ************************************************************************** . Czas ukończenia: 2010-08-01 22:43:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-08-01 21:43 Przed: 91 365 101 568 bajtów wolnych Po: 91 249 655 808 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - ECA0BE692198392F86211F98EB0E8EE8 [/log]
Sohei komentarz 1 sierpnia 2010 komentarz 1 sierpnia 2010 [code]File:: c:\windows\system32\drivers\sdzkl.sys Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzkl][/code] Wklejasz do notanika>Plik>>Zapisz jako... >CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (http://forum.programosy.pl/problem-z-rtk-win32-rootkit-gen-avast-go-znalazl-vp882718.html w 2 poście masz pokazane jak to powinno przebiegać na animacji)
Makaveli_ns komentarz 1 sierpnia 2010 Autor komentarz 1 sierpnia 2010 (edytowane) [log]ComboFix 10-07-31.04 - Admin 2010-08-01 23:20:44.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2700 [GMT 1:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} * Rezydentny antywirus jest aktywny FILE :: "c:\windows\system32\drivers\sdzkl.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\sdzkl.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_sdzkl -------\Service_sdzkl ((((((((((((((((((((((((( Pliki utworzone od 2010-07-01 do 2010-08-01 ))))))))))))))))))))))))))))))) . 2010-08-01 12:30 . 2010-08-01 12:31 -------- d-----w- c:\documents and settings\Admin\DoctorWeb 2010-07-27 23:08 . 2010-07-27 23:11 -------- d-----w- c:\program files\trend micro 2010-07-27 23:08 . 2010-07-27 23:08 -------- d-----w- C:\rsit 2010-07-25 22:44 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-07-25 22:44 . 2010-07-25 22:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-24 13:03 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\cleanup.exe 2010-07-24 13:02 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\De 2\Dane aplikacji\U3\temp\Launchpad Removal.exe 2010-07-24 13:02 . 2010-07-24 13:03 -------- d-----w- c:\documents and settings\De 2\Dane aplikacji\U3 2010-07-23 10:20 . 2010-07-23 10:20 -------- d--h--w- c:\windows\PIF 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\windows\occache 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Learn2.com 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Viewpoint 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Viewpoint 2010-07-07 22:32 . 2010-07-07 22:32 -------- d-----w- c:\program files\Common Files\Nullsoft 2010-07-07 22:32 . 2003-08-15 14:17 54784 ----a-w- c:\windows\system32\Inetwh32.dll 2010-07-07 22:32 . 2003-08-15 14:17 1044480 ----a-w- c:\windows\system32\roboex32.dll 2010-07-07 22:31 . 2003-05-30 12:46 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2010-07-07 22:31 . 2010-07-08 00:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AOL 2010-07-05 11:13 . 2010-07-05 11:16 34245 ----a-w- c:\windows\scunin.dat 2010-07-05 11:13 . 2010-07-05 11:16 967 ----a-w- c:\windows\ScUnin.pif 2010-07-05 11:13 . 2010-07-05 11:16 70656 ----a-w- c:\windows\ScUnin.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-01 10:58 . 2010-01-02 15:06 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\uTorrent 2010-07-29 09:27 . 2010-01-02 14:46 -------- d-----w- c:\program files\SpeedFan 2010-07-28 20:09 . 2010-01-02 15:15 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Skype 2010-07-28 16:27 . 2010-01-05 21:29 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\skypePM 2010-07-24 12:55 . 2010-01-11 16:03 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\U3 2010-07-22 16:06 . 2010-01-11 14:24 -------- d-----w- c:\program files\AC3Filter 2010-07-15 12:23 . 2010-04-15 19:20 37795 ----a-w- c:\windows\DIIUnin.dat 2010-07-07 22:30 . 2010-01-02 14:51 335 ----a-w- c:\windows\nsreg.dat 2010-07-06 23:01 . 2010-01-05 17:11 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-07-06 23:01 . 2010-01-05 17:11 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-06-14 18:24 . 2010-01-28 19:49 63984 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-06-14 14:31 . 2010-01-02 14:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-08 12:18 . 2010-01-28 19:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Firefly Studios 2010-06-08 09:38 . 2010-01-02 15:06 -------- d-----w- c:\program files\uTorrent 2010-06-04 15:07 . 2010-06-04 15:07 -------- d-----w- c:\program files\Jufsoft 2010-05-06 10:28 . 2009-10-16 17:45 919040 ----a-w- c:\windows\system32\wininet.dll 2004-10-01 14:00 . 2010-01-02 15:21 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2009-10-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-14 395496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SnoopFreeUI"="SnoopFreeUI.exe" [2010-01-11 221184] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-16 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ VPro520.lnk - c:\windows\VPro520.exe [2010-1-2 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "LightScribeService"=2 (0x2) "InCDsrv"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Call of Duty\\CoDMP.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "e:\\Program Files\\Anno 1701\\Anno1701.exe"= "e:\\Program Files\\Anno 1701\\Anno1701AddOn.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"= "e:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289] R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2010-01-02 85504] R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2010-01-02 7680] S0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-16 69248] S0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-16 212520] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-07-31 341504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-02 717296] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\ FF - prefs.js: browser.startup.homepage - www.onet.pl FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-08-01 23:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(768) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(1904) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\PC Connectivity Solution\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\program files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll c:\program files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\nvcpl.dll c:\windows\system32\NVRSPL.DLL c:\windows\system32\nvapi.dll c:\program files\Ahead\InCD\incdshx.dll c:\program files\NVIDIA Corporation\nView\nvshell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\progra~1\SPYBOT~1\SDHelper.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\PnkBstrA.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\SnoopFreeSvc.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\SnoopFreeUI.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2010-08-01 23:30:56 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-08-01 22:30 ComboFix2.txt 2010-08-01 22:00 ComboFix3.txt 2010-08-01 21:43 Przed: 91 252 727 808 bajtów wolnych Po: 91 244 867 584 bajtów wolnych - - End Of File - - BD2121CF81F8FBBC2DD8367DD81AF8F5 [/log] Mam nadzieje ze juz jest czysto? Pojawil sie kolejny problem :/ Teraz mam tak ze coz zuzywa mi caly procesor w tym przypadku np Avira, i mam takie jakby zaciecia komputera co 10sek pozniej 10sek spokoj i znowu zaciecie :/ Za chwile zrobie na nowo skan OTL i RSIT OTL Log: [log]OTL logfile created on: 2010-08-02 00:32:15 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 84,90 Gb Free Space | 87,46% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe PRC - [2010-04-14 13:23:44 | 000,395,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe PRC - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-18 13:33:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-01-11 20:03:00 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe PRC - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe PRC - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-12-02 15:26:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-10-16 18:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-10-16 18:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-10-16 18:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2009-10-16 18:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-10-16 18:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2009-10-16 18:45:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2009-10-16 18:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-10-16 18:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-10-16 18:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-10-16 18:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2009-08-28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-12-12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007-04-06 12:42:26 | 000,073,728 | ---- | M] (Philips) -- C:\WINDOWS\VPro520.exe PRC - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe MOD - [2010-01-11 20:03:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-10-16 18:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-10-16 18:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-10-16 18:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2009-10-16 18:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-10-16 18:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-10-16 18:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-10-16 18:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-10-16 18:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-10-16 18:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-10-16 18:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-10-16 18:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-10-16 18:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-10-16 18:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-10-16 18:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2009-10-16 18:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-10-16 18:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-10-16 18:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-10-16 18:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-10-16 18:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-10-16 18:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-10-16 18:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-10-16 18:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-10-16 18:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-10-16 18:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-10-16 18:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-10-16 18:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-10-16 18:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-04-14 13:23:40 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010-01-11 20:03:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc) SRV - [2010-01-02 17:31:18 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-01-02 17:31:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006-11-06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-06-29 20:10:24 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2006-06-29 20:07:16 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006-06-29 20:07:00 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006-04-03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2005-04-02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2010-04-14 13:23:36 | 000,116,968 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010-04-03 23:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-05 10:51:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-05 10:39:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-01-21 18:08:28 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-11 20:03:00 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree) DRV - [2010-01-02 17:31:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-01-02 17:31:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2009-10-16 18:45:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2009-10-16 18:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2009-10-16 18:45:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus) DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-04-13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-04-09 13:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007-03-27 21:27:56 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520m.sys -- (SPC520m) DRV - [2007-03-27 21:27:50 | 000,085,504 | ---- | M] (Philips ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC520.sys -- (SPC520) DRV - [2006-11-02 07:55:17 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2006-09-24 14:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006-05-16 12:25:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-05-16 12:25:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-05-10 11:33:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-05-02 10:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2006-03-17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004-08-13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-01 03:08:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-26 11:31:54 | 000,000,000 | ---D | M] [2010-01-02 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions [2010-05-20 09:09:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-01-11 22:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-02-05 10:53:49 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yj5ng0rc.default\searchplugins\daemon-search.xml [2010-08-01 01:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-01 23:27:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software) O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VPro520.lnk = C:\WINDOWS\VPro520.exe (Philips) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O15 - HKU\S-1-5-21-1801674531-2025429265-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "LightScribeService" MsConfig - Services: "InCDsrv" MsConfig - Services: "Apple Mobile Device" MsConfig - Services: "Adobe LM Service" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-02 00:31:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2010-08-01 23:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Logi dawida [2010-08-01 23:33:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-08-01 23:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-08-01 22:33:21 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-08-01 22:30:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-08-01 22:30:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-08-01 22:30:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-08-01 22:30:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-08-01 22:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-01 22:26:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-08-01 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\DoctorWeb [2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-07-28 00:08:21 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-07-23 11:20:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010-07-10 15:01:11 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2010-07-07 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint [2010-07-07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-07-07 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft [2010-07-07 23:32:12 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010-07-07 23:32:12 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll [2010-07-07 23:32:12 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx [2010-07-07 23:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AOL [2010-07-05 12:13:52 | 000,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-06-29 11:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\D2NT_3.1 [2010-06-06 01:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie [2010-06-04 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-02 00:25:06 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-08-02 00:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-02 00:24:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-01 23:28:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-08-01 23:27:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-08-01 23:26:14 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT [2010-08-01 22:33:29 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010-08-01 22:23:41 | 003,748,898 | R--- | M] () -- C:\Documents and Settings\Admin\Pulpit\ComboFix.exe [2010-08-01 19:47:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\bfjhemsl.exe [2010-08-01 03:53:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-30 02:38:11 | 002,642,210 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-29 07:28:00 | 000,001,432 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010-07-28 20:17:47 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-27 22:29:46 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2010-07-27 22:29:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2010-07-23 23:03:10 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-20 14:34:37 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:32 | 000,009,532 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-19 16:58:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-16 19:10:34 | 004,871,301 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:42 | 000,656,902 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-15 13:23:36 | 000,037,795 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat [2010-07-14 18:59:50 | 000,057,141 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-10 17:55:57 | 000,411,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100801-222434.backup [2010-07-10 17:12:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini [2010-07-10 15:01:25 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 8.lnk [2010-07-08 01:13:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-08 01:13:06 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010-07-07 23:30:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\atid.ini [2010-07-07 00:01:45 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-05 23:46:39 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100710-175557.backup [2010-07-05 23:45:58 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234639.backup [2010-07-05 23:44:52 | 000,411,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234558.backup [2010-07-05 20:51:35 | 001,610,084 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:27 | 001,646,247 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:07 | 000,774,332 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:16:30 | 000,034,245 | ---- | M] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:16:05 | 000,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe [2010-07-05 12:16:05 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | M] () -- C:\WINDOWS\COD.INI [2010-07-05 10:35:03 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Gadu-Gadu.lnk [2010-07-01 22:25:51 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-23 21:09:47 | 000,177,413 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-18 12:59:32 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ventrilo.lnk [2010-06-17 14:15:28 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100705-234452.backup [2010-06-17 14:13:44 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141528.backup [2010-06-17 12:09:11 | 000,408,435 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-141344.backup [2010-06-14 19:24:34 | 000,063,984 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-06-11 08:22:45 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-10 18:21:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-06-10 17:52:22 | 000,495,825 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-06-03 18:47:21 | 000,395,202 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120911.backup [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-02 00:31:20 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2010-08-01 22:33:28 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010-08-01 22:33:24 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-08-01 22:30:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-01 22:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-08-01 22:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-08-01 22:30:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-01 22:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-08-01 22:23:39 | 003,748,898 | R--- | C] () -- C:\Documents and Settings\Admin\Pulpit\ComboFix.exe [2010-08-01 19:47:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\bfjhemsl.exe [2010-07-25 23:44:48 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-07-20 14:34:36 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\wacko.gif [2010-07-20 14:34:31 | 000,009,532 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\faza.gif [2010-07-16 19:10:31 | 004,871,301 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\patch_d2_www.przeklej.pl.mpq [2010-07-16 10:49:40 | 000,656,902 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Screen ken.jpg [2010-07-14 18:59:49 | 000,057,141 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\error.jpg [2010-07-08 01:13:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2010-07-07 23:30:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini [2010-07-05 20:51:34 | 001,610,084 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 258.jpg [2010-07-05 20:51:26 | 001,646,247 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Obraz 090.jpg [2010-07-05 20:51:18 | 000,910,385 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0107.JPG [2010-07-05 20:51:06 | 000,774,332 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0083.JPG [2010-07-05 20:50:57 | 000,931,344 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\DSC_0004.JPG [2010-07-05 12:13:53 | 000,034,245 | ---- | C] () -- C:\WINDOWS\scunin.dat [2010-07-05 12:13:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif [2010-07-05 11:44:03 | 000,000,765 | ---- | C] () -- C:\WINDOWS\COD.INI [2010-06-29 12:52:31 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\D2NT Manager 3.1.lnk [2010-06-23 21:09:47 | 000,177,413 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\noob.jpg [2010-06-10 17:52:19 | 000,495,825 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Mapa.jpg [2010-04-20 21:29:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-04-15 21:45:20 | 000,001,432 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010-02-18 01:32:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2010-01-21 18:08:28 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-01-21 18:08:28 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-01-11 19:46:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll [2010-01-11 19:46:39 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys [2010-01-11 01:51:56 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI [2010-01-05 18:11:43 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-05 01:19:13 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\D2NT.dll [2010-01-03 23:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-02 20:03:07 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-01-02 20:03:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-01-02 20:03:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-01-02 18:28:19 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll [2010-01-02 17:25:21 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010-01-02 15:58:10 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-01-02 15:29:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010-01-02 15:29:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini [2010-01-02 15:29:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010-01-02 15:29:02 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-01-02 15:28:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005-12-07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-02-05 10:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools [2010-03-14 20:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\FreeCall [2010-01-02 16:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2010-05-04 17:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2010-05-22 01:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\maxup [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nokia [2010-01-02 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Notepad++ [2010-05-04 17:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu [2010-01-02 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PC Suite [2010-05-04 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Qrix [2010-01-21 16:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TS3Client [2010-08-01 11:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent [2010-06-08 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Firefly Studios [2010-01-02 16:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-07-07 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2010-02-09 02:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-01-21 11:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\AutoUpdate [2010-01-09 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Gadu-Gadu [2010-03-22 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\De 2\Dane aplikacji\Kamerzysta [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-01-18 01:52:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2010-08-01 22:33:29 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2009-10-16 18:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-08-01 23:30:57 | 000,011,958 | ---- | M] () -- C:\ComboFix.txt [2010-01-02 15:10:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-05-05 17:24:24 | 000,000,178 | -H-- | M] () -- C:\GG8+.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-05-05 16:46:16 | 000,000,175 | -H-- | M] () -- C:\legalne.url [2010-01-02 15:10:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-10-16 18:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-10-16 18:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-02 00:24:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2009-05-06 11:20:10 | 000,000,185 | -H-- | M] () -- C:\SGG.url [2010-01-11 22:50:45 | 000,000,027 | ---- | M] () -- C:\sledzik.css.txt [2009-05-05 17:24:16 | 000,000,178 | -H-- | M] () -- C:\Strona GG8+.url [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-10-16 18:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-10-16 18:45:00 | 017,820,258 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-10-16 18:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-10-16 18:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-10-16 18:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-10-16 18:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] OTL Extras: [log]OTL Extras logfile created on: 2010-08-02 00:32:15 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Admin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,07 Gb Total Space | 84,90 Gb Free Space | 87,46% Space Free | Partition Type: NTFS Drive D: | 201,01 Gb Total Space | 119,78 Gb Free Space | 59,59% Space Free | Partition Type: NTFS Drive E: | 347,64 Gb Total Space | 116,48 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive F: | 350,99 Gb Total Space | 116,37 Gb Free Space | 33,15% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "E:\Program Files\Call of Duty\CoDMP.exe" = E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- () "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "E:\Program Files\Anno 1701\Anno1701.exe" = E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH) "E:\Program Files\Anno 1701\Anno1701AddOn.exe" = E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01 -- (Related Designs Software GmbH) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall) "E:\Program Files\Gadu-Gadu\gg.exe" = E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4CE0B4BA-8862-444D-A94D-EF39AD48C8BC}" = Nokia PC Suite "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3 "{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) "2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000) "46D650DC11A19D8E1347F194E1244412C0FAFCF1" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BadCopy Pro" = BadCopy Pro "Call of Duty" = Call of Duty "CWK" = CWK (Czasowy Wyłącznik Komputera) "Diablo II" = Diablo II "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00 "FLVPlayer" = FLV Player 1.3.3 "FreeCall_is1" = FreeCall "InCD!UninstallKey" = InCD "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "Kamerzysta" = Kamerzysta (deinstalacja) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Notepad++" = Notepad++ "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "PowerISO" = PowerISO "RealAlt_is1" = Real Alternative 1.9.0 Lite "Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99 "SkanerOnline" = Skaner on-line mks_vir "SnoopFreePrivacyShield" = SnoopFree Privacy Shield "SpeedFan" = SpeedFan (remove only) "Starcraft" = Starcraft "StreetPlugin" = Learn2 Player (Uninstall Only) "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "uTorrent" = µTorrent "ViewpointMediaPlayer" = Viewpoint Media Player "Winamp" = Winamp (remove only) "Winamp PL" = Winamp 5.33 PL "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1801674531-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-02 15:06:20 | Computer Name = PAWEL | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-07 16:38:42 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-08 14:45:09 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-11 15:39:36 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca SkypeSetup.exe, wersja 4.2.0.169, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 15:53:51 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-22 16:09:49 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca gg.exe, wersja 7.7.0.3746, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-24 18:18:45 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Game.exe, wersja 1.0.13.60, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-06-30 12:00:41 | Computer Name = XXX | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca KissCloneHunter2.2.exe, wersja 2.2.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-07-06 09:20:11 | Computer Name = XXX | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x00010ede. Error - 2010-07-07 20:09:48 | Computer Name = XXX | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd snoopfreeui.exe, wersja 1.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x000108b2. [ System Events ] Error - 2010-08-01 18:25:43 | Computer Name = XXX | Source = PlugPlayManager | ID = 11 Description = Urządzenie Root\LEGACY_SDZKL\0000 zniknęło z systemu bez uprzedniego przygotowania go do usunięcia. Error - 2010-08-01 18:27:12 | Computer Name = XXX | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2010-08-01 18:27:50 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-08-01 18:28:05 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-08-01 18:34:20 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-08-01 18:47:19 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-08-01 18:47:19 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-08-01 19:25:54 | Computer Name = XXX | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%2 Error - 2010-08-01 19:25:57 | Computer Name = XXX | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: nvatabus Si3112 Si3124 Si3132 Si3132r5 Si3531 Error - 2010-08-01 19:26:06 | Computer Name = XXX | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień domyślne ustawienia komputera nie jest udzielane uprawnienie Lokalne Aktywacja do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA SIECIOWA o identyfikatorze zabezpieczeń (S-1-5-20). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. < End of report > [/log] RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Admin at 2010-08-02 00:38:59 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 87 GB (87%) free of 99 GB Total RAM: 3070 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:39:11, on 2010-08-02 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\VPro520.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Pulpit\OTL.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Admin\Pulpit\RSIT.exe C:\Program Files\trend micro\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: VPro520.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O19 - User stylesheet: C:\sledzik.css.txt O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- End of file - 8330 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-02 37376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SnoopFreeUI"=C:\WINDOWS\SnoopFreeUI.exe [2010-01-11 221184] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-04-14 395496] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-10-16 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "LightScribeService"=2 "InCDsrv"=2 "Apple Mobile Device"=2 "Adobe LM Service"=3 C:\Documents and Settings\All Users\Menu Start\Programy\Autostart VPro520.lnk - C:\WINDOWS\VPro520.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-10-16 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "E:\Program Files\Anno 1701\Anno1701.exe"="E:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "E:\Program Files\Anno 1701\Anno1701AddOn.exe"="E:\Program Files\Anno 1701\Anno1701AddOn.exe:*:Enabled:Anno 1701 Add-On 01" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "E:\Program Files\Gadu-Gadu\gg.exe"="E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" ======List of files/folders created in the last 1 months====== 2010-08-01 23:33:53 ----SHD---- C:\RECYCLER 2010-08-01 23:30:59 ----D---- C:\WINDOWS\temp 2010-08-01 23:30:57 ----A---- C:\ComboFix.txt 2010-08-01 22:33:28 ----A---- C:\Boot.bak 2010-08-01 22:33:21 ----RASHD---- C:\cmdcons 2010-08-01 22:30:58 ----A---- C:\WINDOWS\zip.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWSC.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\SWREG.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\sed.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\PEV.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\NIRCMD.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\MBR.exe 2010-08-01 22:30:58 ----A---- C:\WINDOWS\grep.exe 2010-08-01 22:30:52 ----D---- C:\WINDOWS\ERDNT 2010-08-01 22:26:24 ----D---- C:\Qoobox 2010-07-28 00:08:21 ----D---- C:\rsit 2010-07-28 00:08:21 ----D---- C:\Program Files\trend micro 2010-07-25 23:44:48 ----A---- C:\WINDOWS\system32\unrar.dll 2010-07-25 23:44:45 ----D---- C:\Program Files\K-Lite Codec Pack 2010-07-23 11:20:53 ----HD---- C:\WINDOWS\PIF 2010-07-15 01:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-10 15:01:11 ----D---- C:\Config.Msi 2010-07-08 01:13:06 ----A---- C:\WINDOWS\msoffice.ini 2010-07-07 23:32:56 ----D---- C:\WINDOWS\occache 2010-07-07 23:32:56 ----D---- C:\Program Files\Learn2.com 2010-07-07 23:32:50 ----D---- C:\Program Files\Viewpoint 2010-07-07 23:32:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint 2010-07-07 23:32:48 ----A---- C:\WINDOWS\system32\shdocvw.bak 2010-07-07 23:32:47 ----D---- C:\Program Files\Common Files\Nullsoft 2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\roboex32.dll 2010-07-07 23:32:12 ----A---- C:\WINDOWS\system32\Inetwh32.dll 2010-07-07 23:31:50 ----A---- C:\WINDOWS\system32\gdiplus.dll 2010-07-07 23:31:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AOL 2010-07-07 23:30:12 ----A---- C:\WINDOWS\atid.ini 2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.pif 2010-07-05 12:13:52 ----A---- C:\WINDOWS\ScUnin.exe 2010-07-05 11:44:03 ----A---- C:\WINDOWS\COD.INI ======List of files/folders modified in the last 1 months====== 2010-08-02 00:29:00 ----D---- C:\Program Files\Mozilla Firefox 2010-08-02 00:26:23 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-01 23:30:59 ----D---- C:\WINDOWS\system32\drivers 2010-08-01 23:30:59 ----D---- C:\WINDOWS 2010-08-01 23:28:07 ----A---- C:\WINDOWS\system.ini 2010-08-01 23:27:20 ----D---- C:\WINDOWS\system32\drivers\etc 2010-08-01 23:25:55 ----D---- C:\WINDOWS\system32\config 2010-08-01 23:23:31 ----D---- C:\WINDOWS\system32 2010-08-01 23:23:30 ----D---- C:\WINDOWS\AppPatch 2010-08-01 23:23:24 ----D---- C:\Program Files\Common Files 2010-08-01 23:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-01 22:33:29 ----RASH---- C:\boot.ini 2010-08-01 11:58:14 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent 2010-07-29 10:27:23 ----D---- C:\Program Files\SpeedFan 2010-07-29 07:28:00 ----A---- C:\WINDOWS\Sandboxie.ini 2010-07-28 23:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-28 23:55:30 ----SD---- C:\WINDOWS\Tasks 2010-07-28 22:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-07-28 21:09:00 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype 2010-07-28 17:27:37 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\skypePM 2010-07-28 00:08:21 ----RD---- C:\Program Files 2010-07-27 21:44:18 ----D---- C:\WINDOWS\Prefetch 2010-07-27 21:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-24 13:55:57 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\U3 2010-07-22 17:06:04 ----D---- C:\Program Files\AC3Filter 2010-07-19 20:32:24 ----HD---- C:\WINDOWS\inf 2010-07-19 16:58:32 ----A---- C:\WINDOWS\NeroDigital.ini 2010-07-16 21:48:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-07-16 21:46:26 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Adobe 2010-07-15 01:01:50 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-10 15:01:43 ----SHD---- C:\WINDOWS\Installer 2010-07-08 01:13:33 ----A---- C:\WINDOWS\win.ini 2010-07-07 23:30:21 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla 2010-07-07 00:01:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-07-05 11:51:02 ----D---- C:\WINDOWS\system32\LogFiles ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248] R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-10-16 164896] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 SnoopFree;SnoopFree Driver; C:\WINDOWS\System32\Drivers\SnopFree.sys [2010-01-11 9472] R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 717296] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-11-02 28672] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-02 28520] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2009-10-16 12032] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-05 278984] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-02 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-21 18048] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-10-16 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-10-16 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-16 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944] R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 SPC520;Philips SPC520NC PC Camera; C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 85504] R3 SPC520m;Philips SPC520NC PC Cameram; C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 7680] R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584] S0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2009-10-16 100736] S0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2009-10-16 62336] S0 Si3114r5;Si3114r5; C:\WINDOWS\system32\drivers\Si3114r5.sys [2009-10-16 195072] S0 Si3124;Si3124; C:\WINDOWS\system32\drivers\Si3124.sys [2009-10-16 69248] S0 Si3132;Si3132; C:\WINDOWS\system32\drivers\Si3132.sys [2009-10-16 74672] S0 Si3132r5;Si3132r5; C:\WINDOWS\system32\drivers\Si3132r5.sys [2009-10-16 215856] S0 Si3531;Si3531; C:\WINDOWS\system32\drivers\Si3531.sys [2009-10-16 212520] S3 atehw345;atehw345; C:\WINDOWS\system32\drivers\atehw345.sys [] S3 axai5suq;axai5suq; C:\WINDOWS\system32\drivers\axai5suq.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pgtdipow;pgtdipow; \??\C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys [] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2009-07-31 341504] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-16 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-16 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-02 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-02 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-06-29 172032] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-06-29 131131] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-06-29 65599] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-18 66872] R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-04-14 73960] R2 SnoopFreeSvc;Snoop Free Service; C:\WINDOWS\System32\SnoopFreeSvc.exe [2010-01-11 90112] R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-02 68096] S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-16 14336] S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424] S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] S4 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] -----------------EOF----------------- [/log]
Sohei komentarz 2 sierpnia 2010 komentarz 2 sierpnia 2010 C:\WINDOWS\system32\SnoopFreeSvc.exe C:\WINDOWS\SnoopFreeDll.dll znasz może te pliki? czy jest to jakiś program?? Bo nie za bardzo mi się one podobają. Dodatkowo dołącz jeszcze loga z GMER
Makaveli_ns komentarz 2 sierpnia 2010 Autor komentarz 2 sierpnia 2010 (edytowane) No Snoop to program do ochrony klawiatury przed keyloggerami tylko nie jestem pewien czy te dwa programy to, to samo za chwile zrobi skan GMERem Log nr 1: [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-02 13:37:01 Windows 5.1.2600 Dodatek Service Pack 3 Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys ---- System - GMER 1.0.15 ---- SSDT B876D0F6 ZwCreateKey SSDT SnopFree.sys ZwCreateProcessEx [0xB84BC9E4] SSDT B876D0EC ZwCreateThread SSDT B876D0FB ZwDeleteKey SSDT B876D105 ZwDeleteValueKey SSDT spsj.sys ZwEnumerateKey [0xB7EC6CA2] SSDT spsj.sys ZwEnumerateValueKey [0xB7EC7030] SSDT B876D10A ZwLoadKey SSDT spsj.sys ZwOpenKey [0xB7EA80C0] SSDT B876D0D8 ZwOpenProcess SSDT B876D0DD ZwOpenThread SSDT spsj.sys ZwQueryKey [0xB7EC7108] SSDT spsj.sys ZwQueryValueKey [0xB7EC6F88] SSDT B876D114 ZwReplaceKey SSDT B876D10F ZwRestoreKey SSDT B876D100 ZwSetValueKey SSDT B876D0E7 ZwTerminateProcess INT 0x62 ? 8A542BF8 INT 0x63 ? 8A4DCBF8 INT 0x73 ? 8A4DCBF8 INT 0x83 ? 8A4DCBF8 INT 0xB1 ? 8A4DCBF8 INT 0xB1 ? 8A4DCBF8 INT 0xB4 ? 8A4D7BF8 Code B87B2C9C ZwRequestPort Code B87B2D3C ZwRequestWaitReplyPort Code B87B2BFC ZwTraceEvent Code B87B2C9B NtRequestPort Code B87B2D3B NtRequestWaitReplyPort Code B87B2BFB NtTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 80535118 5 Bytes JMP B87B2C00 PAGE ntkrnlpa.exe!NtRequestPort 805A2A3C 5 Bytes JMP B87B2CA0 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D68 5 Bytes JMP B87B2D40 .text SnopFree.sys B84BCD42 5 Bytes JMP B87B28E0 .text SnopFree.sys B84BCDA8 5 Bytes JMP B87B23E0 ? C:\WINDOWS\system32\drivers\SnopFree.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? spsj.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B75838AC 5 Bytes JMP 8A4D71D8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A03380, 0x566445, 0xE8000020] ? System32\Drivers\a6ktxbvt.SYS System nie może odnaleźć określonej ścieżki. ! .text aaazy448.SYS B62EB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aaazy448.SYS B62EB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aaazy448.SYS B62EB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aaazy448.SYS B62EB3C9 1 Byte [2E] .text aaazy448.SYS B62EB3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB2FFCA00] .text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP B87B2480 .text win32k.sys!EngCopyBits + 68D BF838F8D 5 Bytes JMP B87B25C0 .text win32k.sys!EngCreateBitmap + 6F4 BF83E197 5 Bytes JMP B87B2700 .text win32k.sys!EngMultiByteToWideChar + 789E BF869E44 5 Bytes JMP B87B2A20 .text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP B87B2660 .text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP B87B2520 .text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP B87B27A0 .text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP B87B2980 .text win32k.sys!EngCreateClip + 19C1 BF9133D3 5 Bytes JMP B87B2AC0 .text win32k.sys!EngCreateClip + 1F51 BF913963 5 Bytes JMP B87B2B60 .text win32k.sys!EngCreateClip + 2597 BF913FA9 5 Bytes JMP B87B2840 .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA51D2300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAC73B300, 0x1B7E, 0xE8000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spsj.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spsj.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spsj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spsj.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spsj.sys IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\aaazy448.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spsj.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A53D1F8 Device \Driver\PCI_PNP2492 \Device\00000050 spsj.sys Device \Driver\usbohci \Device\USBPDO-0 8A4D81F8 Device \Driver\PCI_PNP2492 \Device\00000051 spsj.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4DA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A4DA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A4DA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A4DA1F8 Device \Driver\usbehci \Device\USBPDO-1 8A5411F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} 8A2BC500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5431F8 Device \Driver\sptd \Device\3256236242 spsj.sys Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5431F8 Device \Driver\Cdrom \Device\CdRom0 8A5401F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5431F8 Device \Driver\Cdrom \Device\CdRom1 8A5401F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 8A5431F8 Device \Driver\Cdrom \Device\CdRom2 8A5401F8 Device \Driver\Cdrom \Device\CdRom3 8A5401F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2BC500 Device \Driver\NetBT \Device\NetbiosSmb 8A2BC500 Device \Driver\usbohci \Device\USBFDO-0 8A4D81F8 Device \Driver\usbehci \Device\USBFDO-1 8A5411F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8943E1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8943E1F8 Device \Driver\Ftdisk \Device\FtControl 8A5431F8 Device \Driver\sptd \Device\3256079992 spsj.sys Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8A4D91F8 Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1Port5Path0Target0Lun0 8A1401F8 Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 8A4D91F8 Device \Driver\nvgts \Device\Scsi\nvgts1 8A4D91F8 Device \Driver\nvgts \Device\Scsi\nvgts2 8A4D91F8 Device \Driver\aaazy448 \Device\Scsi\aaazy4481 8A0761F8 Device \Driver\nvgts \Device\Scsi\nvgts3 8A4D91F8 Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1Port5Path0Target1Lun0 8A1401F8 Device \Driver\a6ktxbvt \Device\Scsi\a6ktxbvt1 8A1401F8 Device \FileSystem\Cdfs \Cdfs 8A02B500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -764495635 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1033911924 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x27 0xB7 0x65 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBE 0x39 0x6D 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0xD0 0x2A 0x09 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5A 0x24 0xB5 0x7E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x27 0xB7 0x65 0x3C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBE 0x39 0x6D 0x99 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0x1D 0xDF 0x73 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0xF7 0x2E 0x3B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x42 0xAE 0x1F ... ---- EOF - GMER 1.0.15 ---- [/log] Log nr 2: [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-02 13:42:52 Windows 5.1.2600 Dodatek Service Pack 3 Running: bfjhemsl.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pgtdipow.sys ---- Services - GMER 1.0.15 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudio Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service [DISABLED] Aha154x Service ahcix86 Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service amdide Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8 Service [DISABLED] amsint Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb Service BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service C:\ComboFix\catchme.sys [MANUAL] catchme Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [MANUAL] Cpcudnntr Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [AUTO] ForceWare Intelligent Application Manager (IAM) Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache HTTP Server/Apache Software Foundation) [AUTO] ForcewareWebInterface Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt Service iaStor Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService Service (InCD File System Driver/Nero AG) [DISABLED] InCDfs Service C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead RW Filter Driver/Nero AG) [SYSTEM] InCDPass Service (InCD File System Recognizer/Nero AG) [SYSTEM] InCDrec Service (Ahead MRW Filter Driver/Nero AG) [SYSTEM] incdrm Service C:\Program Files\Ahead\InCD\InCDsrv.exe (incdsrv/Nero AG) [DISABLED] InCDsrv Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp Service C:\Program Files\Java\jre6\bin\jqs.exe [AUTO] JavaQuickStarterService Service Jraid Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [DISABLED] LightScribeService Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service C:\WINDOWS\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (ActiveArmor Firewall IP Service/NVIDIA Corporation) [AUTO] nSvcIp Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (nSvcLog/NVIDIA Corporation) [AUTO] nSvcLog Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 /NVIDIA Corporation) [MANUAL] nv Service (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvgts Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus Service nvraid Service nvrd32 Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 197.45/NVIDIA Corporation) [AUTO] nvsvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\system32\PnkBstrA.exe [AUTO] PnkBstrA Service PnP680 Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\processr.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\wg111v3.sys (NETGEAR WG111v3 Wireless-G USB Adapter NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8187B Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Kernel Mode Driver/tzuk) [MANUAL] SbieDrv Service C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Service/tzuk) [AUTO] SbieSvc Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr Service (PowerISO Virtual Drive/PowerISO Computing, Inc.) [SYSTEM] SCDEmu Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) [MANUAL] SenFiltService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3112 Service Si3114 Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3114r5 Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3124 Service Si3124r5 Service (Serial ATA miniport driver/Silicon Image, Inc.) [BOOT] Si3132 Service (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3132r5 Service (SATA Controller miniport driver/Silicon Image, Inc) [BOOT] Si3531 Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP Service C:\WINDOWS\System32\Drivers\SnopFree.sys [BOOT] SnoopFree Service C:\WINDOWS\System32\SnoopFreeSvc.exe [AUTO] SnoopFreeSvc Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\SPC520.sys (Philips SPC520 Camera Driver (WDM Main Driver)/Philips ) [MANUAL] SPC520 Service C:\WINDOWS\system32\drivers\SPC520m.sys (Philips SPC520 Camera Driver (DS MiniDriver) /Philips ) [MANUAL] SPC520m Service C:\WINDOWS\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) [BOOT] speedfan Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv Service C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service [DISABLED] ViaIde Service viamraid Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [DISABLED] WMPNetworkSvc Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service {1392BF3B-04DB-4FF2-B6EB-5835A832A4E5} Service {5B372BBB-2744-4B5A-883D-1DF92341242E} Service {C2460799-C1C2-4AF9-A3ED-5C620AF8767F} ---- EOF - GMER 1.0.15 ---- [/log] [b]Dodam iz problemy te zaczynaja sie dopiero po uruchomieniu jakiegos skanera, wtym przypadku kjomputer chodzil bardzo dobrze od rana dopuki nie uruchomilem GMER i zaczely sie problemy z przycinaniem mniej wiecej co 10sek komputer nie reaguje na nic :/ i tak w kolko co kilka sek. Zauwazylem to juz wczoraj robiac skan Avira oraz Malware Byte's. Nie wiem co sie dzieje prosze o pomoc[/b]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.