Hereinder utworzono 20 sierpnia 2010 utworzono 20 sierpnia 2010 (edytowane) Gdy próbuje odpalić gre wyskakuje mi taki komunikat "operacja została anulowana ze względu na ograniczenia nałożone na ten komputer..." Czytałem troche o tym i podobno zeby to rozwiązac potrzebny jest log : [log]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:01:13, on 2010-08-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jqsnotify.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://search.localstrike.com.ar/"]http://search.localstrike.com.ar/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.videoxdvd.com/"]http://www.videoxdvd.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe[/log] Proszę o pomoc [color="#ff0000"]//przenosze do Bezpieczeństwa //dan[/color]
Pawel9588 komentarz 20 sierpnia 2010 komentarz 20 sierpnia 2010 otwórz notatnik i wklej to: Windows Registry Editor Version 5.00 [code][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "StartMenuRun"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"=- "NoClose"=- "NoFind"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoRun"=- "NoClose"=- "NoFind"=-[/code] zapisz jako plik.reg --> wszystkie pliki --> scal z rejestrem
Sohei komentarz 21 sierpnia 2010 komentarz 21 sierpnia 2010 Wrzuć logi z programów: [url=http://oldtimer.geekstogo.com/OTL.exe][b][color=blue]OTL[/color][/b][/url] Ustaw [b]Processes[/b] i [b]Modules[/b] na [b]All[/b] a w [b]Custom Scans/Fixes[/b] wklej: [quote]netsvcs msconfig safebootminimal safebootnetwork %systemdrive%\*.*[/quote] [url=http://images.malwareremoval.com/random/RSIT.exe][b][color=blue]RSIT[/color][/b][/url] [url=http://www.gmer.net/][b][color=blue]Gmer[/color][/b][/url] GMER, zakładka Rootkit/Malware, klikasz Szukaj, po skanie Kopiuj lub Zapisz.
Hereinder komentarz 21 sierpnia 2010 Autor komentarz 21 sierpnia 2010 (edytowane) [log]OTL logfile created on: 2010-08-21 21:46:08 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dom\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,90 Gb Total Space | 10,20 Gb Free Space | 40,97% Space Free | Partition Type: NTFS Drive D: | 49,62 Gb Total Space | 13,87 Gb Free Space | 27,96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANITA Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-08-20 23:40:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe PRC - [2010-08-18 03:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-07-25 09:26:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-04-12 17:29:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-03-29 18:55:19 | 010,719,848 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2010-02-18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-10-07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-07-27 16:39:44 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-04-02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2007-02-11 00:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2006-02-28 13:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2005-01-28 14:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-08-04 02:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 02:44:30 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 02:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 02:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 02:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2004-08-04 02:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 02:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 02:44:20 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 02:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 02:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-04 02:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2003-08-28 10:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-08-20 23:40:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe MOD - [2010-03-10 14:59:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2007-03-19 00:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll MOD - [2007-02-10 23:51:40 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll MOD - [2006-09-23 14:13:02 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 02:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 02:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2004-08-04 02:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 02:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-04 02:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 02:44:10 | 012,826,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 02:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 02:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 02:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 02:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 02:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 02:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 02:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 02:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 02:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 02:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 02:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-04 02:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2004-08-04 02:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 02:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 02:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 02:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 02:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 02:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 02:42:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2004-08-04 01:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2003-08-28 10:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-02-11 17:36:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-22 18:50:07 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2009-10-07 14:23:36 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-07 14:23:36 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-10-07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-10-07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009-10-07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007-07-11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007-07-11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007-02-10 04:04:52 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2004-08-04 02:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2003-09-19 03:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-08-28 10:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-08-28 10:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-08-28 10:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-08-28 10:24:04 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-08-28 10:22:32 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-08-28 10:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-08-28 10:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003-03-05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2002-10-04 04:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139) DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://search.localstrike.com.ar/"]http://search.localstrike.com.ar/[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.videoxdvd.com/"]http://www.videoxdvd.com/[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color="#e56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "LocalStrike" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike" FF - prefs.js..browser.search.defaulturl: "http://search.localstrike.com.ar/?q={searchTerms}" FF - prefs.js..browser.search.order.1: "LocalStrike" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: zrzuta.eu@gmail.com:1.2 FF - prefs.js..keyword.URL: "http://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-30 13:09:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-03 16:50:50 | 000,000,000 | ---D | M] [2009-01-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2010-08-21 21:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions [2010-08-10 15:39:59 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-08-18 18:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-08-18 18:49:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-05-23 21:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\DTToolbar@toolbarnet.com [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\extension@virtusdesigns.com [2010-05-23 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\firebug@software.joehewitt.com [2010-04-09 12:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\illimitux@illimitux.net [2010-08-18 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis [2010-07-30 13:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\zrzuta.eu@gmail.com [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis\extension@virtusdesigns.com [2010-01-24 22:40:17 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\searchplugins\daemon-search.xml [2010-08-21 21:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-05-01 17:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2010-06-25 15:23:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-25 15:23:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-10-05 01:48:30 | 000,023,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\localstrike.xml [2010-06-25 15:23:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-25 15:23:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-25 15:23:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-25 15:23:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = metin2.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-17 22:15:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{42420646-f946-11de-ba71-000c76542400}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe - () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-20 23:39:40 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-20 19:53:13 | 000,000,000 | --SD | C] -- C:\ComboFix [2010-08-20 19:50:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-08-20 19:50:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-08-20 19:50:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-08-20 19:50:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-08-20 19:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-20 19:48:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-08-19 00:01:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2010-08-19 00:01:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2010-08-19 00:01:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2010-08-19 00:01:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2010-08-19 00:01:34 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2010-08-19 00:01:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2010-08-19 00:01:33 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2010-08-19 00:01:32 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2010-08-19 00:01:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010-08-19 00:01:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010-08-19 00:01:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010-08-19 00:01:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010-08-19 00:01:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2010-08-19 00:01:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2010-08-19 00:01:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2010-08-19 00:01:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2010-08-19 00:01:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2010-08-19 00:01:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2010-08-19 00:01:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2010-08-19 00:01:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2010-08-19 00:01:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2010-08-19 00:01:23 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2010-08-19 00:01:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2010-08-19 00:01:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2010-08-19 00:01:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2010-08-19 00:01:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010-08-19 00:01:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010-08-19 00:01:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2010-08-19 00:01:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010-08-19 00:01:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010-08-19 00:01:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010-08-19 00:01:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010-08-19 00:01:16 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010-08-19 00:01:16 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010-08-19 00:01:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010-08-19 00:01:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010-08-19 00:01:14 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010-08-19 00:01:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010-08-19 00:01:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010-08-19 00:01:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010-08-19 00:01:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010-08-19 00:01:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010-08-19 00:01:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010-08-19 00:01:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010-08-19 00:01:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010-08-19 00:01:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010-08-19 00:01:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010-08-19 00:01:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010-08-19 00:01:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010-08-19 00:01:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010-08-19 00:01:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010-08-19 00:01:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010-08-19 00:01:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll [2010-08-19 00:01:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll [2010-08-19 00:01:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll [2010-08-19 00:01:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll [2010-08-19 00:01:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll [2010-08-19 00:01:00 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll [2010-08-19 00:01:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll [2010-08-19 00:00:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2010-08-13 14:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\soldat15 [2010-08-06 08:20:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dom\Pulpit\ [2010-08-02 23:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My NPS Files [2010-08-02 23:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My Art [2009-01-17 23:00:25 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 30 Days ==========[/color] [2010-08-21 21:30:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003UA.job [2010-08-21 21:12:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-21 21:12:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-21 21:12:48 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2010-08-21 09:27:39 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-21 09:27:39 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-21 09:27:39 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-21 09:27:39 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-21 09:27:39 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-08-21 09:27:39 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-08-21 09:27:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-21 09:27:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-21 09:27:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT [2010-08-21 09:27:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini [2010-08-21 09:27:28 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF [2010-08-21 09:27:28 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.BAK [2010-08-20 23:40:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-20 15:46:51 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-20 15:46:51 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-20 15:46:51 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-20 15:46:51 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-20 15:46:50 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-19 21:57:05 | 000,163,171 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-18 21:16:47 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-18 20:30:06 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003Core.job [2010-08-18 01:07:02 | 004,284,440 | -H-- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-10 14:57:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-06 12:12:27 | 003,278,921 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:07:49 | 003,130,964 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 12:02:58 | 003,659,264 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:56:17 | 003,156,459 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:52:19 | 004,332,564 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-08-03 16:50:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-31 10:00:45 | 000,011,059 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:38 | 000,010,744 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-08-20 19:50:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-20 19:50:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-20 19:50:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-08-20 19:50:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-08-20 19:50:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-08-20 19:04:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\loginTool.exe [2010-08-19 21:57:05 | 000,163,171 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-06 12:09:41 | 003,278,921 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:05:11 | 003,130,964 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 11:59:53 | 003,659,264 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:53:28 | 003,156,459 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:48:41 | 004,332,564 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-07-31 10:00:44 | 000,011,059 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:37 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [2010-07-07 12:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI [2010-05-30 20:09:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-05-01 18:28:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2010-04-22 17:15:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2010-02-11 17:46:26 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2010-01-22 18:50:07 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-12-14 20:15:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009-12-14 20:15:48 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009-12-14 20:15:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dom\Dane aplikacji\$_hpcst$.hpc [2009-11-17 17:08:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-07 14:23:36 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-07 14:23:36 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-16 17:45:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrestoPM.INI [2009-09-16 17:31:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2009-09-16 17:25:08 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini [2009-09-16 17:25:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2009-09-16 17:24:48 | 000,001,256 | ---- | C] () -- C:\WINDOWS\If42le.ini [2009-09-16 17:24:47 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI [2009-09-16 17:24:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009-09-16 17:24:36 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini [2009-09-05 12:53:52 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-02 19:06:12 | 000,000,161 | ---- | C] () -- C:\WINDOWS\l33td.ini [2009-08-24 12:23:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\clofghls.dll [2009-08-22 14:46:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-05-28 17:14:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2009-05-18 17:50:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-17 23:02:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2009-01-17 23:00:39 | 000,035,766 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2009-01-17 23:00:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-01-17 23:00:31 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2009-01-17 23:00:31 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2009-01-17 23:00:09 | 000,000,187 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2007-12-21 09:21:56 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2009-01-17 22:15:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-03-09 18:44:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-01-17 22:15:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-08-21 21:12:48 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2009-01-17 22:15:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-05-23 18:23:19 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2009-01-17 22:15:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 00:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-04 00:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-08-21 21:12:47 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys [2010-03-09 20:12:22 | 000,063,111 | ---- | M] () -- C:\R0309__19_12_18.mp3 [2010-03-09 20:12:51 | 000,230,295 | ---- | M] () -- C:\R0309__19_12_35.mp3 [2010-08-06 12:13:52 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log [1 C:\*.tmp files -> C:\*.tmp -> ] [color="#e56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 < End of report >[/log]
Tomek01 komentarz 22 sierpnia 2010 komentarz 22 sierpnia 2010 Odinstaluj DAEMON Tools Toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL [2010-05-23 21:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\DTToolbar@toolbarnet.com [2010-01-24 22:40:17 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\searchplugins\daemon-search.xml O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Poniższy plik przeskanuj na virustotal i podaj wyniki. C:\WINDOWS\loginTool.exe Wrzucasz log OTL z usuwania oraz nowe logi OTL i RSIT.
Hereinder komentarz 22 sierpnia 2010 Autor komentarz 22 sierpnia 2010 Nie wiem czy z tym skanowaniem chodzi o to ale prosze : 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: loginTool.exe Submission date: 2010-08-22 18:23:00 (UTC) Current status: finished Result: 0 /42 (0.0%) [log]gLogfile of random's system information tool 1.08 (written by random/random) Run by Dom at 2010-08-22 20:33:26 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 11 GB (41%) free of 26 GB Total RAM: 1279 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:33:35, on 2010-08-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Dom\Pulpit\OTL.exe C:\Documents and Settings\Dom\Pulpit\RSIT.exe C:\Program Files\trend micro\Dom.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.videoxdvd.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6467 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-27 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672] "NPSStartup"= [] "WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-02-11 241664] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400] "RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784] "Google Update"=C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-03-16 135664] "DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] C:\PROGRA~1\ScannerU\AM32.exe [2004-05-21 69632] C:\Documents and Settings\Dom\Menu Start\Programy\Autostart Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoSMMyDocs"=1 "NoSMHelp"=1 "NoSMMyPictures"=1 "NoStartMenuMyMusic"=1 "DisallowRun"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server" "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Dom\Pulpit\utorrent.exe"="C:\Documents and Settings\Dom\Pulpit\utorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Dom\Pulpit\Miusic\utorrent.exe"="C:\Documents and Settings\Dom\Pulpit\Miusic\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-08-22 20:33:27 ----D---- C:\Program Files\trend micro 2010-08-22 20:33:26 ----D---- C:\rsit 2010-08-20 19:50:54 ----A---- C:\WINDOWS\MBR.exe 2010-08-20 19:50:53 ----A---- C:\WINDOWS\PEV.exe 2010-08-20 19:50:39 ----D---- C:\WINDOWS\ERDNT 2010-08-20 19:04:25 ----A---- C:\WINDOWS\loginTool.exe 2010-08-19 00:01:37 ----A---- C:\WINDOWS\system32\XAudio2_7.dll 2010-08-19 00:01:37 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll 2010-08-19 00:01:36 ----A---- C:\WINDOWS\system32\xactengine3_7.dll 2010-08-19 00:01:35 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll 2010-08-19 00:01:34 ----A---- C:\WINDOWS\system32\d3dx11_43.dll 2010-08-19 00:01:34 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll 2010-08-19 00:01:33 ----A---- C:\WINDOWS\system32\d3dx10_43.dll 2010-08-19 00:01:32 ----A---- C:\WINDOWS\system32\D3DX9_43.dll 2010-08-19 00:01:31 ----A---- C:\WINDOWS\system32\XAudio2_6.dll 2010-08-19 00:01:31 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll 2010-08-19 00:01:31 ----A---- C:\WINDOWS\system32\xactengine3_6.dll 2010-08-19 00:01:30 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll 2010-08-19 00:01:29 ----A---- C:\WINDOWS\system32\XAudio2_5.dll 2010-08-19 00:01:28 ----A---- C:\WINDOWS\system32\xactengine3_5.dll 2010-08-19 00:01:28 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll 2010-08-19 00:01:27 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll 2010-08-19 00:01:26 ----A---- C:\WINDOWS\system32\d3dx11_42.dll 2010-08-19 00:01:25 ----A---- C:\WINDOWS\system32\d3dx10_42.dll 2010-08-19 00:01:24 ----A---- C:\WINDOWS\system32\D3DX9_42.dll 2010-08-19 00:01:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2010-08-19 00:01:24 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2010-08-19 00:01:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2010-08-19 00:01:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2010-08-19 00:01:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2010-08-19 00:01:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2010-08-19 00:01:20 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2010-08-19 00:01:20 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2010-08-19 00:01:20 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2010-08-19 00:01:19 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2010-08-19 00:01:18 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2010-08-19 00:01:18 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2010-08-19 00:01:17 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2010-08-19 00:01:16 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2010-08-19 00:01:16 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2010-08-19 00:01:16 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2010-08-19 00:01:15 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2010-08-19 00:01:14 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2010-08-19 00:01:14 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2010-08-19 00:01:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2010-08-19 00:01:12 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2010-08-19 00:01:12 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2010-08-19 00:01:11 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2010-08-19 00:01:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2010-08-19 00:01:10 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2010-08-19 00:01:10 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2010-08-19 00:01:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2010-08-19 00:01:08 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2010-08-19 00:01:07 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2010-08-19 00:01:06 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2010-08-19 00:01:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2010-08-19 00:01:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2010-08-19 00:01:05 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2010-08-19 00:01:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2010-08-19 00:01:03 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2010-08-19 00:01:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2010-08-19 00:01:02 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2010-08-19 00:01:01 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2010-08-19 00:01:00 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2010-08-19 00:01:00 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2010-08-19 00:00:59 ----A---- C:\WINDOWS\system32\d3dx9_35.dll ======List of files/folders modified in the last 1 months====== 2010-08-22 20:33:28 ----D---- C:\WINDOWS\Temp 2010-08-22 20:33:27 ----RD---- C:\Program Files 2010-08-22 20:19:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-22 20:19:40 ----A---- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.BAK 2010-08-22 20:19:14 ----D---- C:\WINDOWS 2010-08-22 20:17:52 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-08-20 23:52:13 ----D---- C:\WINDOWS\security 2010-08-20 23:43:40 ----D---- C:\WINDOWS\system 2010-08-20 23:36:23 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-20 20:11:41 ----SHD---- C:\WINDOWS\Installer 2010-08-20 20:11:28 ----SD---- C:\Documents and Settings\Dom\Dane aplikacji\Microsoft 2010-08-20 15:46:51 ----D---- C:\WINDOWS\system32 2010-08-20 15:46:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-19 00:01:38 ----D---- C:\WINDOWS\system32\DirectX 2010-08-19 00:01:37 ----HD---- C:\WINDOWS\inf 2010-08-18 23:56:03 ----D---- C:\WINDOWS\Logs 2010-08-16 20:43:26 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-13 14:27:46 ----RSD---- C:\WINDOWS\Fonts 2010-08-07 12:42:07 ----HD---- C:\LG3G 2010-08-06 19:14:53 ----D---- C:\Documents and Settings\Dom\Dane aplikacji\Skype 2010-08-06 18:39:21 ----D---- C:\Documents and Settings\Dom\Dane aplikacji\skypePM 2010-08-05 22:17:04 ----D---- C:\Program Files\Nowe Gadu-Gadu 2010-08-03 22:07:39 ----D---- C:\Program Files\Acala 3GP Movies Free 2010-07-31 11:44:02 ----D---- C:\Documents and Settings\Dom\Dane aplikacji\Adobe 2010-07-25 09:26:16 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-20 691696] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-07 271360] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-07 18048] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-02-10 14336] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-08-28 186068] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-19 496800] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 ayinygx0;ayinygx0; C:\WINDOWS\system32\drivers\ayinygx0.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [] S3 ctljystk;Port gier dla karty Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696] S3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys [] S3 SONYPVU1;Sterownik filtru USB Sony (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280] R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-18 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-11 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] -----------------EOF-----------------[/log] [log]OTL logfile created on: 2010-08-22 20:32:36 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dom\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,90 Gb Total Space | 10,31 Gb Free Space | 41,39% Space Free | Partition Type: NTFS Drive D: | 49,62 Gb Total Space | 13,87 Gb Free Space | 27,96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 630,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANITA Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-08-22 20:31:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe PRC - [2010-07-25 09:26:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-02-18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-10-07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-04-02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2007-02-11 00:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2004-08-04 02:44:20 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-08-28 10:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-22 20:31:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe MOD - [2007-03-19 00:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll MOD - [2007-02-10 23:51:40 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll MOD - [2004-08-04 01:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2003-08-28 10:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-02-11 17:36:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-22 18:50:07 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2009-10-07 14:23:36 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-07 14:23:36 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-10-07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-10-07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009-10-07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007-07-11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007-07-11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007-02-10 04:04:52 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2004-08-04 02:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2003-09-19 03:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-08-28 10:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-08-28 10:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-08-28 10:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-08-28 10:24:04 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-08-28 10:22:32 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-08-28 10:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-08-28 10:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003-03-05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2002-10-04 04:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139) DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.videoxdvd.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "LocalStrike" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike" FF - prefs.js..browser.search.defaulturl: "http://search.localstrike.com.ar/?q={searchTerms}" FF - prefs.js..browser.search.order.1: "LocalStrike" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: zrzuta.eu@gmail.com:1.2 FF - prefs.js..keyword.URL: "http://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-30 13:09:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-03 16:50:50 | 000,000,000 | ---D | M] [2009-01-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2010-08-22 20:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions [2010-08-10 15:39:59 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-08-18 18:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-08-18 18:49:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\extension@virtusdesigns.com [2010-05-23 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\firebug@software.joehewitt.com [2010-04-09 12:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\illimitux@illimitux.net [2010-08-18 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis [2010-07-30 13:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\zrzuta.eu@gmail.com [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis\extension@virtusdesigns.com [2010-01-24 22:40:17 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\searchplugins\daemon-search.xml [2010-08-21 21:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-05-01 17:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2010-06-25 15:23:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-25 15:23:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-10-05 01:48:30 | 000,023,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\localstrike.xml [2010-06-25 15:23:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-25 15:23:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-25 15:23:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-25 15:23:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = metin2.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-17 22:15:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004-08-18 10:55:50 | 000,000,000 | R--D | M] - G:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:37:22 | 000,663,552 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:54:43 | 000,000,083 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:33:44 | 000,598,016 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ CDFS ] O33 - MountPoints2\{02532cde-0929-11df-babc-000c76542400}\Shell - "" = AutoRun O33 - MountPoints2\{02532cde-0929-11df-babc-000c76542400}\Shell\AutoRun\command - "" = G:\setup.exe -- [2004-08-18 10:33:45 | 000,110,592 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\{42420646-f946-11de-ba71-000c76542400}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-22 20:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-08-22 20:30:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-20 19:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-19 00:01:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2010-08-19 00:01:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2010-08-19 00:01:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2010-08-19 00:01:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2010-08-19 00:01:34 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2010-08-19 00:01:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2010-08-19 00:01:33 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2010-08-19 00:01:32 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2010-08-19 00:01:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010-08-19 00:01:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010-08-19 00:01:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010-08-19 00:01:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010-08-19 00:01:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2010-08-19 00:01:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2010-08-19 00:01:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2010-08-19 00:01:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2010-08-19 00:01:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2010-08-19 00:01:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2010-08-19 00:01:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2010-08-19 00:01:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2010-08-19 00:01:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2010-08-19 00:01:23 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2010-08-19 00:01:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2010-08-19 00:01:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2010-08-19 00:01:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2010-08-19 00:01:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010-08-19 00:01:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010-08-19 00:01:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2010-08-19 00:01:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010-08-19 00:01:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010-08-19 00:01:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010-08-19 00:01:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010-08-19 00:01:16 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010-08-19 00:01:16 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010-08-19 00:01:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010-08-19 00:01:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010-08-19 00:01:14 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010-08-19 00:01:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010-08-19 00:01:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010-08-19 00:01:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010-08-19 00:01:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010-08-19 00:01:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010-08-19 00:01:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010-08-19 00:01:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010-08-19 00:01:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010-08-19 00:01:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010-08-19 00:01:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010-08-19 00:01:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010-08-19 00:01:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010-08-19 00:01:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010-08-19 00:01:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010-08-19 00:01:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010-08-19 00:01:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll [2010-08-19 00:01:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll [2010-08-19 00:01:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll [2010-08-19 00:01:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll [2010-08-19 00:01:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll [2010-08-19 00:01:00 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll [2010-08-19 00:01:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll [2010-08-19 00:00:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2010-08-13 14:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\soldat15 [2010-08-06 08:20:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dom\Pulpit\ [2010-08-02 23:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My NPS Files [2010-08-02 23:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My Art [2009-01-17 23:00:25 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-08-22 20:32:59 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\RSIT.exe [2010-08-22 20:31:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-22 20:30:01 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003UA.job [2010-08-22 20:30:01 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003Core.job [2010-08-22 20:20:55 | 000,046,096 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-22 20:20:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-22 20:20:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-22 20:20:45 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2010-08-22 20:20:45 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-22 20:19:51 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-22 20:19:51 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-22 20:19:51 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-22 20:19:51 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-22 20:19:51 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-08-22 20:19:51 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-08-22 20:19:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-22 20:19:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-22 20:19:48 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT [2010-08-22 20:19:48 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini [2010-08-22 20:19:40 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF [2010-08-22 20:19:40 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.BAK [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-20 15:46:51 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-20 15:46:51 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-20 15:46:51 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-20 15:46:51 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-20 15:46:50 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-19 21:57:05 | 000,163,171 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-18 21:16:47 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-18 01:07:02 | 004,284,440 | -H-- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-10 14:57:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-06 12:12:27 | 003,278,921 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:07:49 | 003,130,964 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 12:02:58 | 003,659,264 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:56:17 | 003,156,459 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:52:19 | 004,332,564 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-08-03 16:50:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-31 10:00:45 | 000,011,059 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:38 | 000,010,744 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-22 20:32:50 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\RSIT.exe [2010-08-20 19:50:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-20 19:50:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-20 19:04:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\loginTool.exe [2010-08-19 21:57:05 | 000,163,171 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-06 12:09:41 | 003,278,921 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:05:11 | 003,130,964 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 11:59:53 | 003,659,264 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:53:28 | 003,156,459 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:48:41 | 004,332,564 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-07-31 10:00:44 | 000,011,059 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:37 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [2010-07-07 12:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI [2010-05-30 20:09:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-05-01 18:28:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2010-04-22 17:15:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2010-02-11 17:46:26 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2010-01-22 18:50:07 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-12-14 20:15:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009-12-14 20:15:48 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009-12-14 20:15:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dom\Dane aplikacji\$_hpcst$.hpc [2009-11-17 17:08:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-07 14:23:36 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-07 14:23:36 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-16 17:45:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrestoPM.INI [2009-09-16 17:31:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2009-09-16 17:25:08 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini [2009-09-16 17:25:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2009-09-16 17:24:48 | 000,001,256 | ---- | C] () -- C:\WINDOWS\If42le.ini [2009-09-16 17:24:47 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI [2009-09-16 17:24:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009-09-16 17:24:36 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini [2009-09-05 12:53:52 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-02 19:06:12 | 000,000,161 | ---- | C] () -- C:\WINDOWS\l33td.ini [2009-08-24 12:23:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\clofghls.dll [2009-08-22 14:46:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-05-28 17:14:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2009-05-18 17:50:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-17 23:02:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2009-01-17 23:00:39 | 000,035,766 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2009-01-17 23:00:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-01-17 23:00:31 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2009-01-17 23:00:31 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2009-01-17 23:00:09 | 000,000,187 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2007-12-21 09:21:56 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 < End of report > [/log]
Tomek01 komentarz 23 sierpnia 2010 komentarz 23 sierpnia 2010 W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL [2010-01-24 22:40:17 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\searchplugins\daemon-search.xml @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 :Files C:\WINDOWS\clofghls.dll C:\Program Files\DAEMON Tools Toolbar :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum. Wrzuć log OTL z usuwania oraz nowy log OTL, ale z 3 miesięcy.
Hereinder komentarz 23 sierpnia 2010 Autor komentarz 23 sierpnia 2010 [log]OTL logfile created on: 2010-08-23 22:02:08 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dom\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,90 Gb Total Space | 10,18 Gb Free Space | 40,89% Space Free | Partition Type: NTFS Drive D: | 49,62 Gb Total Space | 13,86 Gb Free Space | 27,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 630,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANITA Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-08-23 22:01:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-10-07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-04-02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2007-02-11 00:07:32 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2004-08-04 02:44:20 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-08-28 10:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-23 22:01:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe MOD - [2007-03-19 00:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll MOD - [2007-02-10 23:51:40 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll MOD - [2004-08-04 02:43:30 | 003,344,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll MOD - [2004-08-04 01:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2003-08-28 10:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-02-11 17:36:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-10-07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-22 18:50:07 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2009-10-07 14:23:36 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-07 14:23:36 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-10-07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-10-07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2009-10-07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007-07-11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007-07-11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007-02-10 04:04:52 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2004-08-04 02:35:04 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2003-09-19 03:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-08-28 10:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-08-28 10:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-08-28 10:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-08-28 10:24:04 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-08-28 10:22:32 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-08-28 10:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-08-28 10:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003-03-05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2002-10-04 04:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139) DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.videoxdvd.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "LocalStrike" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike" FF - prefs.js..browser.search.defaulturl: "http://search.localstrike.com.ar/?q={searchTerms}" FF - prefs.js..browser.search.order.1: "LocalStrike" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: zrzuta.eu@gmail.com:1.2 FF - prefs.js..keyword.URL: "http://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-30 13:09:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-03 16:50:50 | 000,000,000 | ---D | M] [2009-01-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2010-08-22 21:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions [2010-08-10 15:39:59 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-08-18 18:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-08-18 18:49:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\extension@virtusdesigns.com [2010-05-23 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\firebug@software.joehewitt.com [2010-04-09 12:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\illimitux@illimitux.net [2010-08-18 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis [2010-07-30 13:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\zrzuta.eu@gmail.com [2010-08-18 18:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\extensions\staged-xpis\extension@virtusdesigns.com [2010-01-24 22:40:17 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\v603563i.default\searchplugins\daemon-search.xml [2010-08-22 21:41:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-05-01 17:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2010-06-25 15:23:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-25 15:23:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-10-05 01:48:30 | 000,023,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\localstrike.xml [2010-06-25 15:23:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-25 15:23:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-25 15:23:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-25 15:23:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Dom\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = metin2.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-17 22:15:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004-08-18 10:55:50 | 000,000,000 | R--D | M] - G:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:37:22 | 000,663,552 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:54:43 | 000,000,083 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2004-08-18 10:33:44 | 000,598,016 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ CDFS ] O33 - MountPoints2\{02532cde-0929-11df-babc-000c76542400}\Shell - "" = AutoRun O33 - MountPoints2\{02532cde-0929-11df-babc-000c76542400}\Shell\AutoRun\command - "" = G:\setup.exe -- [2004-08-18 10:33:45 | 000,110,592 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\{42420646-f946-11de-ba71-000c76542400}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010-08-23 22:01:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-23 20:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\DoctorWeb [2010-08-23 19:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Dane aplikacji\Malwarebytes [2010-08-23 19:14:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-08-23 19:14:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-08-23 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-08-22 20:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-08-20 19:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-19 00:01:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2010-08-19 00:01:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2010-08-19 00:01:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2010-08-19 00:01:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2010-08-19 00:01:34 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2010-08-19 00:01:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2010-08-19 00:01:33 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2010-08-19 00:01:32 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2010-08-19 00:01:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010-08-19 00:01:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010-08-19 00:01:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010-08-19 00:01:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010-08-19 00:01:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2010-08-19 00:01:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2010-08-19 00:01:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2010-08-19 00:01:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2010-08-19 00:01:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2010-08-19 00:01:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2010-08-19 00:01:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2010-08-19 00:01:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2010-08-19 00:01:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2010-08-19 00:01:23 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2010-08-19 00:01:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2010-08-19 00:01:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2010-08-19 00:01:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2010-08-19 00:01:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010-08-19 00:01:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010-08-19 00:01:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2010-08-19 00:01:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010-08-19 00:01:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010-08-19 00:01:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010-08-19 00:01:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010-08-19 00:01:16 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010-08-19 00:01:16 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010-08-19 00:01:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010-08-19 00:01:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010-08-19 00:01:14 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010-08-19 00:01:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010-08-19 00:01:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010-08-19 00:01:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010-08-19 00:01:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010-08-19 00:01:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010-08-19 00:01:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010-08-19 00:01:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010-08-19 00:01:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010-08-19 00:01:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010-08-19 00:01:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010-08-19 00:01:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010-08-19 00:01:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010-08-19 00:01:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010-08-19 00:01:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010-08-19 00:01:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010-08-19 00:01:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll [2010-08-19 00:01:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll [2010-08-19 00:01:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll [2010-08-19 00:01:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll [2010-08-19 00:01:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll [2010-08-19 00:01:00 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll [2010-08-19 00:01:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll [2010-08-19 00:00:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2010-08-13 14:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\soldat15 [2010-08-06 08:20:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dom\Pulpit\ [2010-08-02 23:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My NPS Files [2010-08-02 23:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Moje dokumenty\My Art [2010-07-22 12:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2010-07-20 15:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010-07-02 22:49:36 | 000,000,000 | ---D | C] -- C:\Acala3gpMovies [2010-07-02 22:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acala 3GP Movies Free [2010-06-01 15:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Pulpit\tasker [2010-05-26 13:09:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dom\Recent [2009-01-17 23:00:25 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010-08-23 22:01:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Pulpit\OTL.exe [2010-08-23 21:59:25 | 000,046,096 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-23 21:59:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-23 21:59:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-23 21:59:14 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2010-08-23 21:59:14 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-23 21:58:20 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT [2010-08-23 21:58:19 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-23 21:58:19 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-23 21:58:19 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-23 21:58:19 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx [2010-08-23 21:58:19 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-08-23 21:58:19 | 000,002,064 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-08-23 21:58:19 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-23 21:58:19 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80661102}.dat [2010-08-23 21:58:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini [2010-08-23 21:57:55 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF [2010-08-23 21:57:54 | 003,376,727 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.BAK [2010-08-23 21:30:05 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003UA.job [2010-08-23 20:30:02 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1979792683-839522115-1003Core.job [2010-08-23 19:31:13 | 000,004,741 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Obraz.GIF [2010-08-23 19:30:03 | 000,005,733 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Obraz.jpg [2010-08-23 19:14:53 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-08-23 19:13:31 | 048,631,008 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\launch.exe [2010-08-23 13:00:53 | 002,109,540 | -H-- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-23 12:49:34 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Icy Tower.lnk [2010-08-20 22:11:38 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-08-20 15:46:51 | 000,451,696 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-20 15:46:51 | 000,395,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-20 15:46:51 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-20 15:46:51 | 000,059,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-20 15:46:50 | 000,993,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-19 21:57:05 | 000,163,171 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-18 21:16:47 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-10 14:57:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-06 12:12:27 | 003,278,921 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:07:49 | 003,130,964 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 12:02:58 | 003,659,264 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:56:17 | 003,156,459 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:52:19 | 004,332,564 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-08-03 16:50:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-31 10:00:45 | 000,011,059 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:38 | 000,010,744 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [2010-07-07 12:35:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Viewer.INI [2010-07-04 20:33:43 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\The Sims 2.lnk [2010-07-02 22:59:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-24 14:01:13 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Testy B.lnk [2010-06-13 22:05:24 | 000,000,943 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-10 12:25:07 | 000,103,679 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\odwołanie.jpg [2010-06-09 16:56:01 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-06-02 04:55:30 | 000,527,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2010-06-02 04:55:30 | 000,239,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2010-06-02 04:55:30 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2010-06-01 15:21:30 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Tasker.lnk [2010-05-26 11:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2010-05-26 11:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2010-05-26 11:41:02 | 001,868,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2010-05-26 11:41:02 | 000,470,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2010-05-26 11:41:02 | 000,248,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-23 19:30:45 | 000,005,733 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Obraz.jpg [2010-08-23 19:30:45 | 000,004,741 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Obraz.GIF [2010-08-23 19:14:53 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-08-23 19:09:32 | 048,631,008 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\launch.exe [2010-08-23 18:48:23 | 001,694,208 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\FRANXBOT_pubEnglish.fla [2010-08-23 18:48:23 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\codeInText.doc [2010-08-23 12:49:34 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Icy Tower.lnk [2010-08-20 19:50:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-20 19:50:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-20 19:04:25 | 000,053,248 | ---- | C] () -- C:\WINDOWS\loginTool.exe [2010-08-19 21:57:05 | 000,163,171 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\podanie.pdf [2010-08-18 22:38:32 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Prawo Jazdy 2010.lnk [2010-08-06 12:09:41 | 003,278,921 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Volver - Volveremos.mp3 [2010-08-06 12:05:11 | 003,130,964 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\alan basski- zycie jest piękne.mp3 [2010-08-06 11:59:53 | 003,659,264 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\sumptuastic-mali wielcy.mp3 [2010-08-06 11:53:28 | 003,156,459 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\cerekwicka-nie ma nic.mp3 [2010-08-06 11:48:41 | 004,332,564 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\De Mono Kamień i Aksamit.mp3 [2010-07-31 10:00:44 | 000,011,059 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Drodzy Państwo Młodzi.docx [2010-07-29 08:19:37 | 000,010,744 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\WUJO.docx [2010-07-07 12:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.INI [2010-07-04 20:33:43 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\The Sims 2.lnk [2010-06-24 14:01:13 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Testy B.lnk [2010-06-10 12:25:06 | 000,103,679 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\odwołanie.jpg [2010-06-01 15:21:30 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\Tasker.lnk [2010-05-30 20:09:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-05-26 16:21:04 | 003,376,727 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.BAK [2010-05-01 18:28:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2010-04-22 17:15:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2010-02-11 17:46:26 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2010-01-22 18:50:07 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009-12-14 20:15:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009-12-14 20:15:48 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009-12-14 20:15:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dom\Dane aplikacji\$_hpcst$.hpc [2009-11-17 17:08:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-07 14:23:36 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-07 14:23:36 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-16 17:45:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PrestoPM.INI [2009-09-16 17:31:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2009-09-16 17:25:08 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini [2009-09-16 17:25:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2009-09-16 17:24:48 | 000,001,256 | ---- | C] () -- C:\WINDOWS\If42le.ini [2009-09-16 17:24:47 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI [2009-09-16 17:24:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009-09-16 17:24:36 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini [2009-09-05 12:53:52 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-02 19:06:12 | 000,000,161 | ---- | C] () -- C:\WINDOWS\l33td.ini [2009-08-24 12:23:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\clofghls.dll [2009-08-22 14:46:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-05-28 17:14:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2009-05-18 17:50:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-17 23:02:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2009-01-17 23:00:39 | 000,035,766 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2009-01-17 23:00:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-01-17 23:00:31 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2009-01-17 23:00:31 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2009-01-17 23:00:09 | 000,000,187 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2007-12-21 09:21:56 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4 < End of report >[/log] <- OTL [log]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4466 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 8.0.6001.18702 2010-08-23 20:09:58 mbam-log-2010-08-23 (20-09-58).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 229473 Upłynęło: 50 minut(y), 25 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 4 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\WINDOWS\system\smss.txt (Heuristics.Reserved.Word.Exploit) -> No action taken.[/log] <--Malwarebytes' Anti-MalwareSkanu z DrWebCureIt nie moge podac bo to bedzie trwac okolo 4h a przez ten czas nie mozna nic robic wiec nie chce mi sie zostawic na tyle komputera a na noc nie moge . A loga z usuwania nie podam poniewaz nie wiem jak to zrobic .Gdy gdy komputer mi sie zresetuje nie mam juz OTLa i musze go od nowa zainstalowac i nie zostawia po sobie zadnego sladu
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.