x-kom hosting

Combofix pomocy!

riviera111
utworzono
utworzono

Witam. Czytałem pewne tematy o problemach z dyskiem bo również go mam . Czyli, że nie można otworzyć po 2x kliknięciu i koledzy doradzili zainstalować Combofix. ściągnąłem go i wyskoczył bład o tym, że avg nie może być aktywny więc wyłączyłem combo fix . Co dziwne naprawiło mi się otwieranie dysku Ale teraz przy włączeniu komputer 2x piszczy (pip pip) chciałbym się tego pozbyć bardzo proszę . Albo jak odinstalować combo fix bo chce się go pozbyć

Tomek01
komentarz
komentarz

Odinstaluj ComboFix’a
Start >>> Uruchom >>> combofix /u [i naciskasz OK]


Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.


Wrzuć logi z RSIT i OTL wklejając je w tagi. (przeczytaj regulamin i zasady wstawiania logów).

riviera111
komentarz
komentarz (edytowane)

A więc usunąłem inaczej i niby nie ma wziąłem wyszukaj combofix i pousuwałem pliki. Ale nadal mój komputer piszczy przy uruchomieniu !!! HELP i to sie stało przy instalacji tego całego combofix. To znaczy ja tylko kliknąłem i on nagle z błędem, ze avg cos tam...

ja jestem zielony mógłbyś mi to wytłumaczyć na "chłopski rozum "? Proszeee chciałbym żeby to zrobić jeszcze dziś

Tomek01
komentarz
komentarz

Albo wykonujesz to o co prosiłem albo będziemy gadać o różnych sprawach. Chętnie Ci udzielę pomocy, ale bez Twojej współpracy mi się nie uda.

riviera111
komentarz
komentarz

hmm mógłbyś podać mi twoje gg ? bo tak na forum to nie za bardzo

bo ja to w ogóle to jestem zielony w temacie komputery

bo w ogóle nei wiem co to te logi itp

[color="#FF0000"]//Nie pomagam na GG i na PW.
//Tom01[/color]

Tomek01
komentarz
komentarz

http://www.forumpc.pl/index.php?showtopic=104338

riviera111
komentarz
komentarz

robi mi się ten log RSIT i potem zrobię OTL. Gdzie mam je potem panu pokazać. (o ile wogólę pokazać)

Tomek01
komentarz
komentarz

Po pierwsze nie ma tu Panów
Po drugie, wklejasz tutaj na forum, w poście edycja wstawiasz w tag: log.

P.s.Tymczasem muszę spadać. Cierpliwości, odezwę się.

riviera111
komentarz
komentarz (edytowane)

Niestety jak chciałem dać załącznik to wyskoczył mi błąd daje więc linka : [url="http://www.przeklej.pl/plik/logi-rar-00204hc6196u"]logi[/url]

Rootkit
komentarz
komentarz

objaśnię mu:
robisz tak Wpisujesz [:log]twój log po zakończeniu skanowania OTL'em[:/log] cała filozofia tylko bez tych dwukropków! bbcode zwykłe zaprogramowanie :)

Tekst sam się skróci a Zaawansowany Użytkownik Tomek01 ci pomoże :)

riviera111
komentarz
komentarz

nie rozumiem :> a nie można dać tak w tym linku? jak to zrobiłem?

Rootkit
komentarz
komentarz

zrób tak jak napisałem! I BEZ GADANIA.
[color="#ff0000"]
//kolego od pilnowania porządku to tutaj jesteśmy my
//zrozumiano?
//raaz[/color]

riviera111
komentarz
komentarz (edytowane)

[log] OTL logfile created on: 2010-08-31 21:08:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\krysiak\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 392,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 62,90 Gb Free Space | 64,41% Space Free | Partition Type: NTFS
Drive D: | 88,65 Gb Total Space | 85,44 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRYSIAK-3FE35D4
Current User Name: krysiak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe
PRC - [2010-08-31 21:03:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\trend micro\krysiak.exe
PRC - [2010-08-31 21:03:15 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe
PRC - [2010-08-24 11:20:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\steam.exe
PRC - [2010-08-05 17:54:35 | 000,487,863 | ---- | M] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe
PRC - [2010-07-24 15:58:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-07-24 15:58:27 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-07-24 15:58:27 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-07-24 15:58:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010-07-24 15:58:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010-07-24 15:58:25 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-07-24 15:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010-07-23 04:15:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-07-23 04:15:35 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-07-14 05:39:48 | 007,654,400 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-06-26 14:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe
PRC - [2006-11-17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe
MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-07-27 18:59:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-07-24 15:58:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010-07-24 15:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2010-07-25 18:08:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010-07-24 15:58:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-07-24 15:58:40 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-07-24 15:58:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010-07-09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010-06-07 17:15:50 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2010-02-03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-12-02 14:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2007-05-11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007-01-25 16:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-07-24 15:58:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-31 19:45:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-13 19:38:04 | 000,000,000 | ---D | M]

[2010-07-24 15:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Extensions
[2010-08-30 23:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions
[2010-07-25 18:30:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-07-25 18:12:04 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\searchplugins\daemon-search.xml
[2010-07-25 18:34:44 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\searchplugins\winamp-search.xml
[2010-08-13 19:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] d:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [wsctf.exe] File not found
O4 - Startup: C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.63.64.49 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-02-01 11:35:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-07-24 16:01:11 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-07-24 16:01:26 | 000,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^krysiak^Menu Start^Programy^Autostart^PopTray.lnk - C:\PROGRA~1\PopTray\PopTray.exe - File not found
MsConfig - StartUpReg: [b]AQQ[/b] - hkey= - key= - C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)
MsConfig - StartUpReg: [b]ESL Wire[/b] - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe File not found
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]PATHPILOT[/b] - hkey= - key= - C:\Program Files\Hanso Recorder\Hanso Recorder.lnk ()
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe File not found
MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-08-31 21:06:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe
[2010-08-31 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-08-31 21:03:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010-08-31 20:17:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-08-31 20:17:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-08-31 20:17:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-08-31 20:17:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-08-31 20:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-31 20:11:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-31 19:38:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-08-28 23:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010-08-26 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\screeny esl wire
[2010-08-26 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\esl wire aeq
[2010-08-25 20:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Moje dokumenty\Hanso Recorder
[2010-08-25 20:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hanso Recorder
[2010-08-25 19:53:25 | 000,000,000 | ---D | C] -- C:\My Recordings
[2010-08-25 19:49:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx
[2010-08-25 18:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\esl wire
[2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Themes
[2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Smileys
[2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Plugins
[2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Incoming
[2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Data
[2010-08-19 01:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\PopTray
[2010-08-19 01:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\The Bat!
[2010-08-19 00:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Genie-Soft
[2010-08-19 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Scribe
[2010-08-18 22:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\moje prace
[2010-08-17 20:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010-08-17 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-08-13 21:48:14 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-08-13 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\GHISLER
[2010-08-11 13:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\2K Sports
[2010-08-11 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-08-10 23:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\pokerth
[2010-08-10 14:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\ESL Wire Game Client
[2010-08-10 14:02:47 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2010-08-10 14:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2010-08-10 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ESL Wire
[2010-08-10 10:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Moje dokumenty\ESL Match Media
[2010-08-08 14:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-08-08 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-08-07 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo_2_1_4
[2010-08-06 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010-08-06 14:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Winamp
[2010-08-06 00:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010-08-05 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate
[2010-08-05 17:54:30 | 000,045,056 | ---- | C] (Asprate) -- C:\WINDOWS\Ip Changer Updater.exe
[2010-08-05 17:54:29 | 000,323,584 | ---- | C] (Asprate) -- C:\WINDOWS\Tibia MULTI-ip changer.exe
[2010-08-05 17:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Language
[2010-08-05 17:53:09 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\libeay32.dll
[2010-08-05 17:53:09 | 000,315,392 | ---- | C] (Asprate) -- C:\WINDOWS\ipchanger.exe
[2010-08-05 17:53:09 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\ssleay32.dll
[2010-08-05 17:53:09 | 000,176,128 | ---- | C] (The cURL library, http://curl.haxx.se/) -- C:\WINDOWS\libcurl.dll
[2010-08-05 17:53:09 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\comdlg32.ocx
[2010-08-05 16:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\skypePM
[2010-08-05 16:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Skype
[2010-08-05 16:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
[2010-08-04 11:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\teamspeak2
[2010-08-04 11:32:15 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm
[2010-08-01 22:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\WapSter
[2010-08-01 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-08-31 21:10:22 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe
[2010-08-31 21:03:15 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe
[2010-08-31 20:55:44 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\Flash_Disinfector.exe
[2010-08-31 20:35:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-31 20:35:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-31 20:34:45 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\krysiak\NTUSER.DAT
[2010-08-31 19:39:46 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
[2010-08-31 11:55:01 | 064,128,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-08-31 01:10:39 | 000,009,685 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\mYm config ~ CSCenter.pl.rar
[2010-08-30 19:36:48 | 001,118,513 | ---- | M] () -- C:\Documents and Settings\krysiak\Moje dokumenty\dane.rar
[2010-08-29 20:07:33 | 000,003,514 | R--- | M] () -- C:\Documents and Settings\krysiak\Pulpit\config.cfg
[2010-08-29 13:24:25 | 000,023,196 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-08-27 22:49:09 | 001,468,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-27 13:34:59 | 000,248,984 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\panele zygat.jpg
[2010-08-27 12:44:24 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-08-26 12:44:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-25 21:18:42 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010-08-25 21:18:42 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010-08-25 20:02:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Hanso Recorder.lnk
[2010-08-25 18:55:29 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-19 00:52:37 | 000,000,965 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK
[2010-08-18 17:32:53 | 000,243,548 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\Photoshop Herb Shapes By DreQ!.csh
[2010-08-17 15:28:50 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\ESL Wire.lnk
[2010-08-08 14:41:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\CCleaner.lnk
[2010-08-05 17:55:55 | 000,002,005 | ---- | M] () -- C:\y.lnk
[2010-08-05 17:54:45 | 000,000,329 | ---- | M] () -- C:\WINDOWS\Last.dat
[2010-08-05 17:54:45 | 000,000,042 | ---- | M] () -- C:\WINDOWS\Ic.Inf
[2010-08-05 17:54:35 | 000,487,863 | ---- | M] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe
[2010-08-05 17:54:30 | 000,045,056 | ---- | M] (Asprate) -- C:\WINDOWS\Ip Changer Updater.exe
[2010-08-05 17:54:29 | 000,323,584 | ---- | M] (Asprate) -- C:\WINDOWS\Tibia MULTI-ip changer.exe
[2010-08-05 17:53:11 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Language.dat
[2010-08-05 16:05:45 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-08-04 11:32:15 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-31 21:03:15 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe
[2010-08-31 20:55:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\Flash_Disinfector.exe
[2010-08-31 20:17:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-08-31 20:17:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-31 20:17:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-31 20:17:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-08-31 20:17:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-31 19:39:46 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
[2010-08-31 01:11:17 | 000,003,514 | R--- | C] () -- C:\Documents and Settings\krysiak\Pulpit\config.cfg
[2010-08-31 01:10:37 | 000,009,685 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\mYm config ~ CSCenter.pl.rar
[2010-08-30 19:36:46 | 001,118,513 | ---- | C] () -- C:\Documents and Settings\krysiak\Moje dokumenty\dane.rar
[2010-08-29 13:24:25 | 000,023,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-08-27 13:34:57 | 000,248,984 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\panele zygat.jpg
[2010-08-25 20:02:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Hanso Recorder.lnk
[2010-08-19 00:52:30 | 000,000,965 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK
[2010-08-18 17:32:50 | 000,243,548 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\Photoshop Herb Shapes By DreQ!.csh
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010-08-10 14:02:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\ESL Wire.lnk
[2010-08-08 14:41:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\CCleaner.lnk
[2010-08-05 17:55:55 | 000,218,624 | ---- | C] () -- C:\lau.exe
[2010-08-05 17:55:55 | 000,182,212 | ---- | C] () -- C:\setu00.rar
[2010-08-05 17:55:55 | 000,002,005 | ---- | C] () -- C:\y.lnk
[2010-08-05 17:55:55 | 000,000,044 | ---- | C] () -- C:\set.ini
[2010-08-05 17:53:11 | 000,487,863 | ---- | C] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe
[2010-08-05 17:53:10 | 000,487,863 | ---- | C] () -- C:\WINDOWS\update.exe
[2010-08-05 17:53:10 | 000,108,217 | ---- | C] () -- C:\WINDOWS\os4.exe
[2010-08-05 17:53:09 | 000,059,904 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2010-08-05 17:53:09 | 000,002,205 | ---- | C] () -- C:\WINDOWS\Bosanski.lang
[2010-08-05 17:53:09 | 000,002,199 | ---- | C] () -- C:\WINDOWS\Svenska.lang
[2010-08-05 17:53:09 | 000,002,073 | ---- | C] () -- C:\WINDOWS\Dutch.lang
[2010-08-05 17:53:09 | 000,002,056 | ---- | C] () -- C:\WINDOWS\English.lang
[2010-08-05 17:53:09 | 000,000,329 | ---- | C] () -- C:\WINDOWS\Last.dat
[2010-08-05 17:53:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Ic.Inf
[2010-08-05 17:53:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\memlist.dat
[2010-08-05 17:53:09 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Language.dat
[2010-08-05 17:53:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\test.dat
[2010-08-05 17:53:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Open.inf
[2010-08-05 17:49:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\sknc.dll
[2010-08-05 16:05:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-07-28 09:34:28 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-24 15:12:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-07-19 12:56:54 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2010-07-19 12:55:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010-07-19 12:55:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010-07-19 12:55:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010-07-19 12:55:10 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010-07-19 12:55:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009-12-20 14:51:02 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009-11-17 19:43:10 | 000,000,218 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009-07-20 15:43:55 | 000,000,060 | ---- | C] () -- C:\Program Files\path6.ini
[2009-03-02 19:32:15 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-02-01 11:35:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-24 16:01:11 | 000,000,057 | RHS- | M] () -- C:\autorun.inf
[2010-07-24 14:56:43 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-10-06 11:11:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-10-06 11:11:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-01-31 21:29:12 | 000,000,111 | RHS- | M] () -- C:\IO32.IDX
[2009-12-12 16:11:00 | 000,218,624 | ---- | M] () -- C:\lau.exe
[2008-10-06 11:11:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-08-31 20:35:30 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2010-07-20 21:35:48 | 000,000,044 | ---- | M] () -- C:\set.ini
[2010-07-19 18:39:53 | 000,182,212 | ---- | M] () -- C:\setu00.rar
[2009-12-12 09:41:31 | 000,000,192 | ---- | M] () -- C:\Skrót do Stacja dysków CD.lnk
[2010-08-05 17:55:55 | 000,002,005 | ---- | M] () -- C:\y.lnk


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:888AFB86
< End of report >
[/log]

[log]OTL Extras logfile created on: 2010-08-31 21:08:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\krysiak\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 392,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 62,90 Gb Free Space | 64,41% Space Free | Partition Type: NTFS
Drive D: | 88,65 Gb Total Space | 85,44 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRYSIAK-3FE35D4
Current User Name: krysiak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59021:TCP" = 59021:TCP:*:Enabled:Pando Media Booster
"59021:UDP" = 59021:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59021:TCP" = 59021:TCP:*:Enabled:Pando Media Booster
"59021:UDP" = 59021:UDP:*:Enabled:Pando Media Booster

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger -- (Creative Team S.A.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\Re-Volt\revolt.exe" = D:\Re-Volt\revolt.exe:*:Enabled:revolt -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Steam\Steam.exe" = D:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe" = C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe:*:Enabled:NaxedOt -- File not found
"C:\Program Files\EslWire\wire.exe" = C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe" = C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe:*:Enabled:2K Sports NBA 2K10 -- File not found
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"D:\Steam\SteamApps\nev113\counter-strike\hl.exe" = D:\Steam\SteamApps\nev113\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"125;_is1" = DAO
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"AQQ" = WapSter AQQ
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ESL Wire_is1" = ESL Wire 1.7.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Hanso Recorder" = Hanso Recorder
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerTH 0.7.1" = PokerTH
"Totalcmd" = Total Commander (Remove or Repair)
"VDOTool_is1" = VDOTool 5.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiwizator WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-08-11 14:09:14 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439
Description = Catalog Database (1272) Nie można dokonać zapisu lustrzanego nagłówka
pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.
Błąd -1032.

Error - 2010-08-11 14:09:15 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 473
Description = Catalog Database (1272) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
została częściowo odłączona. Wystąpił błąd -1032 podczas aktualizacji nagłówków
bazy danych.

Error - 2010-08-11 14:17:13 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 490
Description = svchost (1292) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032
(0xfffffbf8).

Error - 2010-08-11 14:17:13 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439
Description = Catalog Database (1292) Nie można dokonać zapisu lustrzanego nagłówka
pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.
Błąd -1032.

Error - 2010-08-11 14:17:14 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 473
Description = Catalog Database (1292) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
została częściowo odłączona. Wystąpił błąd -1032 podczas aktualizacji nagłówków
bazy danych.

Error - 2010-08-12 14:25:02 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Steam.exe, wersja 1.0.843.387, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-12 14:25:03 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Steam.exe, wersja 1.0.843.387, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-12 15:08:23 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Photoshop.exe, wersja 10.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-08-13 04:29:34 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 490
Description = svchost (1284) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032
(0xfffffbf8).

Error - 2010-08-13 04:29:34 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439
Description = Catalog Database (1284) Nie można dokonać zapisu lustrzanego nagłówka
pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.
Błąd -1032.

[ System Events ]
Error - 2010-08-03 11:42:06 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-07 04:18:09 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-13 15:16:51 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-16 06:01:05 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-27 16:49:41 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-29 05:53:42 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-29 10:43:36 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-31 05:49:03 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183

Error - 2010-08-31 14:21:10 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7023
Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2010-08-31 14:35:46 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7023
Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący
błąd: %%126


< End of report >
[/log]

[log]info.txt logfile of random's system information tool 1.08 2010-08-31 21:09:58

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\678cd98c8365a5647f9a2e539d120a8\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{78EFD06D-7583-42F1-9E77-671D8782EB70}
Adobe Setup-->MsiExec.exe /I{CBF4DADD-974D-49C8-BC83-C6F31554001E}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DAO-->"C:\Program Files\DAO\unins000.exe"
ESL Wire 1.7.0-->"C:\Program Files\EslWire\unins000.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
Hanso Recorder-->C:\Program Files\Hanso Recorder\uninstall.exe
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_618EA050DAEAC55E2156257D6C6282397D4DF013\amdk8.inf
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PokerTH-->D:\PokerTH\uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
Sony Vegas Pro 8.0-->MsiExec.exe /X{0F31532A-16F1-4812-8B7B-D321A4CE91A6}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VDOTool 5.3-->"C:\Program Files\VDOTool\unins000.exe"
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

======System event log======

Computer Name: KRYSIAK-3FE35D4
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.

Record Number: 3879
Source Name: Service Control Manager
Time Written: 20100728161214.000000+120
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 3878
Source Name: Service Control Manager
Time Written: 20100728161214.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KRYSIAK-3FE35D4
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania.

Record Number: 3877
Source Name: Service Control Manager
Time Written: 20100728161109.000000+120
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.

Record Number: 3876
Source Name: Service Control Manager
Time Written: 20100728161103.000000+120
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 3875
Source Name: Service Control Manager
Time Written: 20100728161103.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Application event log=====

Computer Name: KRYSIAK-3FE35D4
Event Code: 100
Message: wuauclt (476) Aparat bazy danych 5.01.2600.5512 został uruchomiony.

Record Number: 288
Source Name: ESENT
Time Written: 20091128144157.000000+060
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 1800
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.

Record Number: 287
Source Name: SecurityCenter
Time Written: 20091128144111.000000+060
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 102
Message: wuaueng.dll (468) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0).

Record Number: 286
Source Name: ESENT
Time Written: 20091128141304.000000+060
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 100
Message: wuauclt (468) Aparat bazy danych 5.01.2600.5512 został uruchomiony.

Record Number: 285
Source Name: ESENT
Time Written: 20091128141304.000000+060
Event Type: informacje
User:

Computer Name: KRYSIAK-3FE35D4
Event Code: 4097
Message: Aplikacja C:\PROGRA~1\Offroad\Setup.exe wygenerowała błąd aplikacji.
Błąd wystąpił na 11/28/2009 @ 14:00:24.765.
Wygenerowany wyjątek to c0000005 pod adresem 00403F7A (Setup).

Record Number: 284
Source Name: DrWatson
Time Written: 20091128140024.000000+060
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by krysiak at 2010-08-31 21:03:33
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 64 GB (64%) free of 100 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:55, on 2010-08-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\krysiak\Pulpit\RSIT.exe
C:\Program Files\trend micro\krysiak.exe
C:\Documents and Settings\krysiak\Pulpit\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.techland.com.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: update.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5352 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-24 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-31 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\Program Files\VDOTool\TBPanel.exe [2007-06-26 2165272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-24 2065760]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"wsctf.exe"=wsctf.exe []
"EXPLORER.EXE"=C:\WINDOWS\EXPLORER.EXE [2008-04-15 1035264]
"Steam"=d:\steam\steam.exe [2010-08-24 1242448]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2010-07-14 7654400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
C:\Program Files\EslWire\wire.exe [2010-08-17 7123456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT]
C:\Program Files\Hanso Recorder\Hanso Recorder.lnk [2010-08-25 682]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^krysiak^Menu Start^Programy^Autostart^PopTray.lnk]
C:\PROGRA~1\PopTray\PopTray.exe []

C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart
update.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-24 12536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\WapSter\WapSter AQQ\AQQ.exe"="C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Re-Volt\revolt.exe"="D:\Re-Volt\revolt.exe:*:Enabled:revolt"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe"="C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe:*:Enabled:NaxedOt"
"C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe"="C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Steam\SteamApps\nev113\counter-strike\hl.exe"="D:\Steam\SteamApps\nev113\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-08-31 21:03:33 ----D---- C:\rsit
2010-08-31 21:03:33 ----D---- C:\Program Files\trend micro
2010-08-31 20:17:45 ----A---- C:\WINDOWS\zip.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWSC.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWREG.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\sed.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\PEV.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\MBR.exe
2010-08-31 20:17:45 ----A---- C:\WINDOWS\grep.exe
2010-08-31 20:17:32 ----D---- C:\WINDOWS\ERDNT
2010-08-31 20:11:46 ----D---- C:\Qoobox
2010-08-31 19:38:53 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-08-28 23:43:34 ----D---- C:\Program Files\mIRC
2010-08-25 20:02:28 ----D---- C:\Program Files\Hanso Recorder
2010-08-25 19:53:25 ----D---- C:\My Recordings
2010-08-24 15:34:08 ----D---- C:\Themes
2010-08-24 15:34:08 ----D---- C:\Smileys
2010-08-24 15:34:08 ----D---- C:\Plugins
2010-08-24 15:34:08 ----D---- C:\Incoming
2010-08-24 15:34:08 ----D---- C:\Data
2010-08-19 01:16:41 ----D---- C:\Program Files\PopTray
2010-08-19 01:03:07 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\The Bat!
2010-08-19 00:52:30 ----A---- C:\WINDOWS\Active Setup Log.txt
2010-08-19 00:52:30 ----A---- C:\WINDOWS\Active Setup Log.BAK
2010-08-19 00:49:53 ----A---- C:\WINDOWS\~GLH0000.TMP
2010-08-19 00:49:53 ----A---- C:\WINDOWS\~GLC0000.TMP
2010-08-19 00:41:35 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Genie-Soft
2010-08-19 00:38:11 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Scribe
2010-08-17 20:49:56 ----D---- C:\Program Files\Ventrilo
2010-08-17 20:49:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-13 21:48:14 ----D---- C:\totalcmd
2010-08-13 21:48:14 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\GHISLER
2010-08-13 21:48:14 ----A---- C:\WINDOWS\UC.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\RAR.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\PKZIP.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\LHA.PIF
2010-08-13 21:48:14 ----A---- C:\WINDOWS\ARJ.PIF
2010-08-11 13:39:30 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\2K Sports
2010-08-11 13:18:53 ----D---- C:\Program Files\Lavalys
2010-08-10 23:16:57 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\pokerth
2010-08-10 14:02:47 ----D---- C:\Program Files\EslWire
2010-08-10 14:02:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ESL Wire
2010-08-10 14:02:47 ----A---- C:\WINDOWS\system32\drivers\ESLvnic.sys
2010-08-08 14:46:06 ----D---- C:\WINDOWS\pss
2010-08-08 14:41:26 ----D---- C:\Program Files\CCleaner
2010-08-07 10:22:27 ----D---- C:\Program Files\Ventrilo_2_1_4
2010-08-06 14:21:09 ----D---- C:\Program Files\Winamp Detect
2010-08-06 14:19:54 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Winamp
2010-08-06 00:18:47 ----D---- C:\Program Files\Winamp
2010-08-05 17:55:59 ----D---- C:\Program Files\Asprate
2010-08-05 17:55:55 ----A---- C:\set.ini
2010-08-05 17:55:55 ----A---- C:\lau.exe
2010-08-05 17:54:30 ----A---- C:\WINDOWS\Ip Changer Updater.exe
2010-08-05 17:54:29 ----A---- C:\WINDOWS\Tibia MULTI-ip changer.exe
2010-08-05 17:53:11 ----D---- C:\WINDOWS\Language
2010-08-05 17:53:10 ----A---- C:\WINDOWS\update.exe
2010-08-05 17:53:10 ----A---- C:\WINDOWS\os4.exe
2010-08-05 17:53:09 ----A---- C:\WINDOWS\zlib1.dll
2010-08-05 17:53:09 ----A---- C:\WINDOWS\ssleay32.dll
2010-08-05 17:53:09 ----A---- C:\WINDOWS\libeay32.dll
2010-08-05 17:53:09 ----A---- C:\WINDOWS\libcurl.dll
2010-08-05 17:53:09 ----A---- C:\WINDOWS\ipchanger.exe
2010-08-05 17:49:23 ----A---- C:\WINDOWS\system32\sknc.dll
2010-08-05 16:05:44 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\skypePM
2010-08-05 16:04:20 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Skype
2010-08-05 16:03:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2010-08-04 11:32:24 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\teamspeak2
2010-08-01 22:11:25 ----D---- C:\Program Files\WapSter

======List of files/folders modified in the last 1 months======

2010-08-31 21:07:41 ----D---- C:\WINDOWS\Prefetch
2010-08-31 21:05:22 ----A---- C:\WINDOWS\DFC.INI
2010-08-31 21:03:33 ----D---- C:\Program Files
2010-08-31 20:35:53 ----D---- C:\WINDOWS\Temp
2010-08-31 20:34:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-31 20:17:45 ----D---- C:\WINDOWS
2010-08-31 19:46:44 ----SHD---- C:\WINDOWS\Installer
2010-08-31 19:46:02 ----D---- C:\WINDOWS\system32
2010-08-31 19:46:00 ----D---- C:\Program Files\QuickTime
2010-08-31 19:04:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-31 13:13:37 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\mIRC
2010-08-31 11:55:19 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-27 12:44:15 ----RSD---- C:\WINDOWS\Fonts
2010-08-25 21:55:42 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2010-08-24 15:28:57 ----HD---- C:\WINDOWS\inf
2010-08-19 20:09:34 ----D---- C:\Program Files\Mozilla Firefox
2010-08-17 20:49:41 ----D---- C:\Program Files\Common Files
2010-08-17 15:28:14 ----D---- C:\WINDOWS\WinSxS
2010-08-17 12:57:02 ----SD---- C:\WINDOWS\Tasks
2010-08-14 14:23:34 ----D---- C:\WINDOWS\system32\drivers
2010-08-07 14:06:17 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Adobe
2010-08-05 17:49:23 ----A---- C:\WINDOWS\system32\ws2_32.dll
2010-08-05 16:03:45 ----D---- C:\Program Files\Common Files\Skype
2010-08-03 13:07:40 ----RSD---- C:\WINDOWS\assembly
2010-08-03 13:06:50 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr rodzajowy AGPv3.0 firmy Microsoft dla platform procesora K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-24 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-24 243024]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720]
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-01-25 4027456]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2010-06-07 24504]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-25 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-24 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-24 308136]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-31 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
[/log]

o prosze tu te 4 pliki które mi sie zapisały.

Tomek01
komentarz
komentarz

Niestety, jest infekcja C:\WINDOWS\System32\sknc.dll infekująca bibliotekę: C:\WINDOWS\system32\ws2_32.dll
Podmianą tego pliku zajmiemy się za chwilę.

Odinstaluj Deamon Tools toolbar.



W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
[2010-07-25 18:30:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - Startup: C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe ()
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - Startup: update.exe
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:888AFB86


:Files
C:\WINDOWS\~GLH0000.TMP
C:\WINDOWS\~GLC0000.TMP
C:\WINDOWS\Ip Changer Updater.exe
C:\WINDOWS\Tibia MULTI-ip changer.exe
C:\WINDOWS\ipchanger.exe
C:\y.lnk
C:\WINDOWS\Last.dat
C:\WINDOWS\Ic.Inf
C:\lau.exe
C:\setu00.rar
C:\set.ini
C:\WINDOWS\_delis32.ini
C:\autorun.inf

Reg:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"wsctf.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.





Wypalasz CD z Windowsem i uruchamiasz Konsolę Odzyskiwania.
Wpisujesz komendę:

[code]EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32
EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32\dllcache[/code]

Restartujesz system.


Wtedy wrzucasz log OTL z usuwania oraz nowe logi OTL i RSIT.

riviera111
komentarz
komentarz (edytowane)

niestety nie rozumiem ostatniej czesci. czy będę musiał formatować czy to nic groźnego.

[quote name='Tomek01' date='31 sierpień 2010 - 21:55' timestamp='1283288236' post='1080859']


Wypalasz CD z Windowsem i uruchamiasz Konsolę Odzyskiwania.
Wpisujesz komendę:

EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32
EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32\dllcache



Restartujesz system.


Wtedy wrzucasz log OTL z usuwania oraz nowe logi OTL i RSIT.
[/quote]

dokładnie tego nie rozumiem. Już mam zrobiony ten skrypt uruchomił się ponownie. Płytkę windowsa chyba mam. Gdzie te komendy wpisać dokładnie ? Gdzie jest ta konsola odzyskiwania ? i gdzie wgrać te logi z OTL z usuwania i nowe logi OTL i RSIT. A i czy te "nowe logi" to musze je od nowa zrobić czy tamte będą dobre? I jeżeli nowe to czy przed wpisaniem tych komend czy po?

Tomek01
komentarz
komentarz

Dokładniej się nie da opisać. Zrób dokładnie krok po kroku to o co Cię prosiłem.
Format nie będzie konieczny.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.