michal_1410 utworzono 4 sierpnia 2010 utworzono 4 sierpnia 2010 (edytowane) Witam, mam podobny problem, również nie mogę zainstalować avasta (ten sam błąd - Setup Selfextract: An error 1006 (000003EE) has occured Last performed operation was: Opening the self-extract archive Try to download strup file again. If you use Internet Explorer, clear it's cach before downloading: Start-Controp Panel-Internet Options and Delete Temporary Internet Files Ogólnie komputer zachowuje się dziwnie, zawiesza się zaraz po starcie systemu, występują problemy ze stabilnością połączenia z Internetem (dochodzi do jego zerwania). Oto log z OTL: [log]OTL logfile created on: 2010-08-04 15:14:43 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Michał\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,82 Gb Total Space | 38,65 Gb Free Space | 79,16% Space Free | Partition Type: NTFS Drive D: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 249,26 Gb Total Space | 8,45 Gb Free Space | 3,39% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: MICHAŁ-KOMPUTER Current User Name: Michał Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-08-04 15:12:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Downloads\OTL.exe PRC - [2010-08-04 14:35:43 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe PRC - [2010-08-04 14:35:42 | 000,557,149 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe PRC - [2010-07-23 04:15:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-07-14 03:14:50 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2009-07-14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2009-07-14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2009-07-14 03:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-07-14 03:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-08-04 15:12:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Michał\Downloads\OTL.exe MOD - [2009-07-14 03:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009-07-14 03:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 03:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 03:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 03:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 03:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 03:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-08-04 14:35:43 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service) SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV) SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-08-04 14:35:42 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stppp.sys -- (stppp) DRV - [2010-08-04 14:35:42 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\st330.sys -- (ST330) DRV - [2010-08-04 14:35:42 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS) DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009-06-10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-2858539527-2088001970-2071213828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-04 14:52:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-04 14:52:09 | 000,000,000 | ---D | M] [2010-08-04 14:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\mozilla\Extensions [2010-08-04 14:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\g5sxn9f4.default\extensions [2010-08-04 14:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [diagnostics] C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe (THOMSON Telecom Belgium) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-07-14 12:41:22 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-04 15:39:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-08-04 15:16:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-08-04 15:12:43 | 000,000,000 | ---D | C] -- C:\Windows.old [2010-08-04 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Mozilla [2010-08-04 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Local\Mozilla [2010-08-04 14:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-08-04 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Macromedia [2010-08-04 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Adobe [2010-08-04 14:46:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010-08-04 14:35:42 | 000,032,000 | ---- | C] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stppp.sys [2010-08-04 14:35:42 | 000,030,464 | ---- | C] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\st330.sys [2010-08-04 14:35:42 | 000,016,128 | ---- | C] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\lpwdm.sys [2010-08-04 14:35:42 | 000,012,672 | ---- | C] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stbus.sys [2010-08-04 14:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Thomson [2010-08-04 14:24:40 | 000,000,000 | R--D | C] -- C:\Users\Michał\Searches [2010-08-04 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Identities [2010-08-04 14:24:31 | 000,000,000 | R--D | C] -- C:\Users\Michał\Contacts [2010-08-04 14:24:21 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Local\VirtualStore [2010-08-04 14:24:20 | 000,000,000 | --SD | C] -- C:\Users\Michał\AppData\Roaming\Microsoft [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Videos [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Saved Games [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Pictures [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Music [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Links [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Favorites [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Downloads [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Documents [2010-08-04 14:24:20 | 000,000,000 | R--D | C] -- C:\Users\Michał\Desktop [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Ustawienia lokalne [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\AppData\Local\Temporary Internet Files [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Szablony [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\SendTo [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Recent [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\PrintHood [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\NetHood [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Documents\Moje wideo [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Documents\Moje obrazy [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Moje dokumenty [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Documents\Moja muzyka [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Menu Start [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\AppData\Local\Historia [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Dane aplikacji [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\AppData\Local\Dane aplikacji [2010-08-04 14:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Michał\Cookies [2010-08-04 14:24:20 | 000,000,000 | -H-D | C] -- C:\Users\Michał\AppData [2010-08-04 14:24:20 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Local\Temp [2010-08-04 14:24:20 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Local\Microsoft [2010-08-04 14:24:20 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Media Center Programs [2010-08-04 14:24:15 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-08-04 14:24:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-08-04 14:20:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-08-04 14:18:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-08-04 14:07:36 | 000,000,000 | -HSD | C] -- C:\Boot [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-04 15:16:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-08-04 15:16:46 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2010-08-04 15:15:01 | 000,524,288 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT [2010-08-04 15:00:11 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-08-04 15:00:11 | 000,019,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-08-04 14:53:29 | 001,523,412 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-08-04 14:53:29 | 000,687,590 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-08-04 14:53:29 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-08-04 14:53:29 | 000,131,176 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-08-04 14:53:29 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-08-04 14:52:10 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-04 14:49:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-08-04 14:49:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-08-04 14:48:56 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010-08-04 14:48:04 | 001,383,818 | -H-- | M] () -- C:\Users\Michał\AppData\Local\IconCache.db [2010-08-04 14:35:46 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\SpeedTouch 330 diagnostics.lnk [2010-08-04 14:35:42 | 000,032,000 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stppp.sys [2010-08-04 14:35:42 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\st330.sys [2010-08-04 14:35:42 | 000,016,128 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\lpwdm.sys [2010-08-04 14:35:42 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stbus.sys [2010-08-04 14:33:03 | 000,057,560 | ---- | M] () -- C:\Users\Michał\AppData\Local\GDIPFONTCACHEV1.DAT [2010-08-04 14:24:20 | 000,524,288 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010-08-04 14:24:20 | 000,524,288 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010-08-04 14:24:20 | 000,065,536 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010-08-04 14:24:20 | 000,000,020 | -HS- | M] () -- C:\Users\Michał\ntuser.ini [2010-08-04 14:21:18 | 000,066,898 | ---- | M] () -- C:\Windows\System32\license.rtf [2010-08-04 14:19:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-04 14:18:09 | 000,265,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-08-04 13:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-08-04 13:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-08-04 13:46:19 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-04 15:38:37 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved [2010-08-04 15:16:46 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2010-08-04 14:52:10 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-04 14:35:46 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\SpeedTouch 330 diagnostics.lnk [2010-08-04 14:24:20 | 000,524,288 | -HS- | C] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010-08-04 14:24:20 | 000,524,288 | -HS- | C] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010-08-04 14:24:20 | 000,524,288 | -HS- | C] () -- C:\Users\Michał\NTUSER.DAT [2010-08-04 14:24:20 | 000,262,144 | -HS- | C] () -- C:\Users\Michał\ntuser.dat.LOG1 [2010-08-04 14:24:20 | 000,065,536 | -HS- | C] () -- C:\Users\Michał\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010-08-04 14:24:20 | 000,000,020 | -HS- | C] () -- C:\Users\Michał\ntuser.ini [2010-08-04 14:24:20 | 000,000,000 | -HS- | C] () -- C:\Users\Michał\ntuser.dat.LOG2 [2010-08-04 14:19:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-04 14:17:47 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys [2010-08-04 14:07:41 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-08-04 14:07:37 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010-08-04 13:50:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010-08-04 13:50:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [color=#E56717]========== LOP Check ==========[/color] [2009-07-14 06:53:46 | 000,001,436 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010-08-04 13:46:19 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2010-08-04 15:16:46 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-08-04 15:16:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-08-04 14:48:56 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010-08-04 13:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-08-04 13:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-04 14:49:04 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:agp440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\Windows.old\Windows\system32\dllcache\beep.sys [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\Windows.old\Windows\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\system32\drivers\cdrom.sys [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\Windows.old\Windows\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Windows.old\Windows\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Windows.old\Windows\system32\drivers\ndis.sys [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\Windows.old\Windows\system32\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >[/log]
Tomek01 komentarz 5 sierpnia 2010 komentarz 5 sierpnia 2010 Hmm... Wrzuć jeszcze logi: RSIT, Gmer oraz Silent Runners.
michal_1410 komentarz 5 sierpnia 2010 Autor komentarz 5 sierpnia 2010 Gmer: [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-05 23:17:10 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\afworpoc.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2DAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C15634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C15898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2DF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2E1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82846579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8286AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text peauth.sys 94218C9D 28 Bytes [9E, B1, 77, F0, A0, 55, 44, ...] .text peauth.sys 94218CC1 28 Bytes [9E, B1, 77, F0, A0, 55, 44, ...] PAGE peauth.sys 9421EB9B 72 Bytes [4E, 1D, 1C, 62, 98, F3, 17, ...] PAGE peauth.sys 9421EBEC 111 Bytes [27, 92, 4F, C7, 78, 7E, F9, ...] PAGE peauth.sys 9421F02C 102 Bytes [C1, 7C, F4, B6, 6D, 87, F2, ...] ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000042 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----[/log] Silent Runner: [log]"Silent Runners.vbs", revision 61, http://www.silentrunners.org/ Operating System: Windows 7 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "diagnostics" = ""C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:pl" ["THOMSON Telecom Belgium"] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg" Non-disabled Scheduled Tasks: ----------------------------- C:\Users\Michał\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience "AitAgent" -> launches: "aitagent" [MS] "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "KernelCeipCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS] "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}" -> {HKLM...CLSID} = "UsbCeip" \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}" -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic "Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance "WinSAT" -> launches: "A9A33436-678B-4c9c-A211-7CC38785E79D"" [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS] "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS] "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS] "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS] "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS] "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS] "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS] "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS] "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS] "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS] "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS] "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS] "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS] "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace "GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}" -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler" \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}" -> {HKLM...CLSID} = "RasMobilityManager" \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}" -> {HKLM...CLSID} = "RegistryIdleBackupHandler" \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}" -> {HKLM...CLSID} = "RunTask" \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing "UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS] "MpIdleTask" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 22 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ SpeedTouch 330 Manager, st330service, "C:\Program Files/Thomson/ST330/service/st330service.exe -service" ["THOMSON Telecom Belgium"] ---------- (launch time: 2010-08-05 23:27:09) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 52 seconds. ---------- (total run time: 82 seconds)[/log] Co do RSIT, nie mogę podłączyć narazie Internetu, a ten jest chyba potrzebny do pobrania czegos tam. Pozdrawiam
Tomek01 komentarz 6 sierpnia 2010 komentarz 6 sierpnia 2010 RSIT też bym chciał zobaczyć Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
michal_1410 komentarz 6 sierpnia 2010 Autor komentarz 6 sierpnia 2010 RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Michał at 2010-08-06 19:11:32 Microsoft Windows 7 Professional System drive C: has 38 GB (77%) free of 50 GB Total RAM: 2046 MB (73% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "diagnostics"=C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [2010-08-06 557149] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-05 23:17:38 ----D---- C:\rsit 2010-08-05 23:17:38 ----D---- C:\Program Files\trend micro 2010-08-05 21:02:54 ----D---- C:\ProgramData\Adobe 2010-08-05 21:02:53 ----D---- C:\Program Files\Common Files\Adobe 2010-08-05 21:02:53 ----D---- C:\Program Files\Adobe 2010-08-05 21:02:38 ----SHD---- C:\Windows\Installer 2010-08-04 16:57:39 ----D---- C:\Windows\Minidump 2010-08-04 15:39:29 ----SHD---- C:\System Volume Information 2010-08-04 15:38:37 ----RASH---- C:\Boot.ini.saved 2010-08-04 15:35:40 ----ASH---- C:\pagefile.sys 2010-08-04 15:16:59 ----D---- C:\Windows\Panther 2010-08-04 15:16:46 ----H---- C:\Boot.BAK 2010-08-04 15:12:43 ----D---- C:\Windows.old 2010-08-04 14:52:12 ----D---- C:\Users\Michał\AppData\Roaming\Mozilla 2010-08-04 14:52:08 ----D---- C:\Program Files\Mozilla Firefox 2010-08-04 14:46:13 ----D---- C:\Users\Michał\AppData\Roaming\Macromedia 2010-08-04 14:46:13 ----D---- C:\Users\Michał\AppData\Roaming\Adobe 2010-08-04 14:46:11 ----D---- C:\Windows\system32\Macromed 2010-08-04 14:45:41 ----N---- C:\Windows\system32\MpSigStub.exe 2010-08-04 14:39:32 ----A---- C:\Windows\system32\wintrust.dll 2010-08-04 14:39:32 ----A---- C:\Windows\system32\cabview.dll 2010-08-04 14:35:42 ----D---- C:\Program Files\Thomson 2010-08-04 14:35:42 ----A---- C:\Windows\system32\drivers\stppp.sys 2010-08-04 14:35:42 ----A---- C:\Windows\system32\drivers\stbus.sys 2010-08-04 14:35:42 ----A---- C:\Windows\system32\drivers\st330.sys 2010-08-04 14:35:42 ----A---- C:\Windows\system32\drivers\lpwdm.sys 2010-08-04 14:31:10 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-04 14:24:32 ----D---- C:\Users\Michał\AppData\Roaming\Identities 2010-08-04 14:24:20 ----SD---- C:\Users\Michał\AppData\Roaming\Microsoft 2010-08-04 14:24:20 ----D---- C:\Users\Michał\AppData\Roaming\Media Center Programs 2010-08-04 14:24:15 ----SHD---- C:\Recovery 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Ulubione 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Szablony 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Pulpit 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Menu Start 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Dokumenty 2010-08-04 14:24:14 ----SHD---- C:\ProgramData\Dane aplikacji 2010-08-04 14:20:28 ----D---- C:\Windows\SoftwareDistribution 2010-08-04 14:18:01 ----D---- C:\Windows\Prefetch 2010-08-04 14:17:47 ----ASH---- C:\hiberfil.sys 2010-08-04 14:07:41 ----RASH---- C:\BOOTSECT.BAK 2010-08-04 14:07:36 ----SHD---- C:\Boot 2010-08-04 13:50:44 ----RASH---- C:\MSDOS.SYS 2010-08-04 13:50:44 ----RASH---- C:\IO.SYS ======List of files/folders modified in the last 1 months====== 2010-08-06 13:12:12 ----D---- C:\Windows\Temp 2010-08-06 13:12:12 ----D---- C:\Windows\system32\config 2010-08-06 13:10:46 ----D---- C:\Windows\System32 2010-08-06 13:10:46 ----D---- C:\Windows\inf 2010-08-06 13:09:52 ----D---- C:\Windows\system32\drivers 2010-08-05 23:17:38 ----RD---- C:\Program Files 2010-08-05 23:10:29 ----D---- C:\Windows\system32\drivers\UMDF 2010-08-05 21:03:08 ----D---- C:\Windows\winsxs 2010-08-05 21:02:54 ----HD---- C:\ProgramData 2010-08-05 21:02:53 ----D---- C:\Program Files\Common Files 2010-08-05 21:02:38 ----D---- C:\Windows 2010-08-04 15:34:39 ----RSD---- C:\Windows\assembly 2010-08-04 15:34:39 ----D---- C:\Windows\Microsoft.NET 2010-08-04 15:02:25 ----D---- C:\Windows\system32\catroot2 2010-08-04 15:02:25 ----D---- C:\Windows\system32\catroot 2010-08-04 14:50:52 ----D---- C:\Windows\system32\wdi 2010-08-04 14:46:12 ----D---- C:\Windows\Downloaded Program Files 2010-08-04 14:39:33 ----D---- C:\Windows\system32\restore 2010-08-04 14:39:14 ----D---- C:\Windows\Logs 2010-08-04 14:36:00 ----D---- C:\Windows\system32\CodeIntegrity 2010-08-04 14:35:45 ----D---- C:\Windows\system32\DriverStore 2010-08-04 14:30:54 ----D---- C:\Windows\system32\wbem 2010-08-04 14:24:30 ----SHD---- C:\$Recycle.Bin 2010-08-04 14:24:20 ----RD---- C:\Users 2010-08-04 14:24:15 ----SD---- C:\ProgramData\Microsoft 2010-08-04 14:24:14 ----D---- C:\Program Files\Windows NT 2010-08-04 14:24:09 ----D---- C:\Windows\rescache 2010-08-04 14:23:58 ----D---- C:\Windows\debug 2010-08-04 14:20:29 ----D---- C:\Windows\system32\sysprep 2010-08-04 14:18:22 ----D---- C:\Windows\CSC ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 ST330;ST330; C:\Windows\system32\drivers\st330.sys [2010-08-04 30464] S3 STBUS;STBUS; C:\Windows\system32\drivers\stbus.sys [2010-08-04 12672] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 stppp;Speedtouch PPP Adapter Adapter; C:\Windows\system32\DRIVERS\stppp.sys [2010-08-04 32000] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson/ST330/service/st330service.exe [2010-08-06 581632] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------[/log] Malwarebytes Anti-Malware: [log]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-08-06 19:15:27 mbam-log-2010-08-06 (19-15-27).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 109801 Upłynęło: 2 minut(y), 27 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)[/log] Dr Web również nic nie znalazł. Pozdrawiam
MarekM25 komentarz 7 sierpnia 2010 komentarz 7 sierpnia 2010 Logi wyglądają na czyste. Jedyne co się rzuca w oczy to plik: D:\autorun.inf jest do usunięcia. Co do błędu spróbuj zainstalować avasta stąd: http://files.avast.com/iavs5x/setup_av_free.exe
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.