riviera111 utworzono 31 sierpnia 2010 utworzono 31 sierpnia 2010 Witam. Czytałem pewne tematy o problemach z dyskiem bo również go mam . Czyli, że nie można otworzyć po 2x kliknięciu i koledzy doradzili zainstalować Combofix. ściągnąłem go i wyskoczył bład o tym, że avg nie może być aktywny więc wyłączyłem combo fix . Co dziwne naprawiło mi się otwieranie dysku Ale teraz przy włączeniu komputer 2x piszczy (pip pip) chciałbym się tego pozbyć bardzo proszę . Albo jak odinstalować combo fix bo chce się go pozbyć
Tomek01 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 Odinstaluj ComboFix’a Start >>> Uruchom >>> combofix /u [i naciskasz OK] Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB. Wrzuć logi z RSIT i OTL wklejając je w tagi. (przeczytaj regulamin i zasady wstawiania logów).
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 (edytowane) A więc usunąłem inaczej i niby nie ma wziąłem wyszukaj combofix i pousuwałem pliki. Ale nadal mój komputer piszczy przy uruchomieniu !!! HELP i to sie stało przy instalacji tego całego combofix. To znaczy ja tylko kliknąłem i on nagle z błędem, ze avg cos tam...ja jestem zielony mógłbyś mi to wytłumaczyć na "chłopski rozum "? Proszeee chciałbym żeby to zrobić jeszcze dziś
Tomek01 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 Albo wykonujesz to o co prosiłem albo będziemy gadać o różnych sprawach. Chętnie Ci udzielę pomocy, ale bez Twojej współpracy mi się nie uda.
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 hmm mógłbyś podać mi twoje gg ? bo tak na forum to nie za bardzo bo ja to w ogóle to jestem zielony w temacie komputery bo w ogóle nei wiem co to te logi itp [color="#FF0000"]//Nie pomagam na GG i na PW. //Tom01[/color]
Tomek01 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 http://www.forumpc.pl/index.php?showtopic=104338
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 robi mi się ten log RSIT i potem zrobię OTL. Gdzie mam je potem panu pokazać. (o ile wogólę pokazać)
Tomek01 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 Po pierwsze nie ma tu Panów Po drugie, wklejasz tutaj na forum, w poście edycja wstawiasz w tag: log. P.s.Tymczasem muszę spadać. Cierpliwości, odezwę się.
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 (edytowane) Niestety jak chciałem dać załącznik to wyskoczył mi błąd daje więc linka : [url="http://www.przeklej.pl/plik/logi-rar-00204hc6196u"]logi[/url]
Rootkit komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 objaśnię mu: robisz tak Wpisujesz [:log]twój log po zakończeniu skanowania OTL'em[:/log] cała filozofia tylko bez tych dwukropków! bbcode zwykłe zaprogramowanie Tekst sam się skróci a Zaawansowany Użytkownik Tomek01 ci pomoże
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 nie rozumiem :> a nie można dać tak w tym linku? jak to zrobiłem?
Rootkit komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 zrób tak jak napisałem! I BEZ GADANIA. [color="#ff0000"] //kolego od pilnowania porządku to tutaj jesteśmy my //zrozumiano? //raaz[/color]
riviera111 komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 (edytowane) [log] OTL logfile created on: 2010-08-31 21:08:26 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\krysiak\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 392,00 Mb Available Physical Memory | 38,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 62,90 Gb Free Space | 64,41% Space Free | Partition Type: NTFS Drive D: | 88,65 Gb Total Space | 85,44 Gb Free Space | 96,38% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRYSIAK-3FE35D4 Current User Name: krysiak Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe PRC - [2010-08-31 21:03:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\trend micro\krysiak.exe PRC - [2010-08-31 21:03:15 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe PRC - [2010-08-24 11:20:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\steam.exe PRC - [2010-08-05 17:54:35 | 000,487,863 | ---- | M] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe PRC - [2010-07-24 15:58:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010-07-24 15:58:27 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010-07-24 15:58:27 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010-07-24 15:58:25 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010-07-24 15:58:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010-07-24 15:58:25 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010-07-24 15:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010-07-23 04:15:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-07-23 04:15:35 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-14 05:39:48 | 007,654,400 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-06-26 14:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.) -- C:\Program Files\VDOTool\TBPANEL.exe PRC - [2006-11-17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe MOD - [2008-04-15 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-07-27 18:59:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-07-24 15:58:25 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010-07-24 15:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2010-07-25 18:08:51 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010-07-24 15:58:47 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010-07-24 15:58:40 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-07-24 15:58:39 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-07-09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-06-07 17:15:50 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2010-02-03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008-12-02 14:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-04-14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-05-11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2007-01-25 16:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-07-24 15:58:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-31 19:45:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-13 19:38:04 | 000,000,000 | ---D | M] [2010-07-24 15:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Extensions [2010-08-30 23:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions [2010-07-25 18:30:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010-07-25 18:12:04 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\searchplugins\daemon-search.xml [2010-07-25 18:34:44 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\searchplugins\winamp-search.xml [2010-08-13 19:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] d:\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [wsctf.exe] File not found O4 - Startup: C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.63.64.49 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-02-01 11:35:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-07-24 16:01:11 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-07-24 16:01:26 | 000,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^krysiak^Menu Start^Programy^Autostart^PopTray.lnk - C:\PROGRA~1\PopTray\PopTray.exe - File not found MsConfig - StartUpReg: [b]AQQ[/b] - hkey= - key= - C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.) MsConfig - StartUpReg: [b]ESL Wire[/b] - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe File not found MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]PATHPILOT[/b] - hkey= - key= - C:\Program Files\Hanso Recorder\Hanso Recorder.lnk () MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe File not found MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-31 21:06:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe [2010-08-31 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-08-31 21:03:33 | 000,000,000 | ---D | C] -- C:\rsit [2010-08-31 20:17:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-08-31 20:17:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-08-31 20:17:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-08-31 20:17:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-08-31 20:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-31 20:11:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-08-31 19:38:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2010-08-28 23:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2010-08-26 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\screeny esl wire [2010-08-26 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\esl wire aeq [2010-08-25 20:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Moje dokumenty\Hanso Recorder [2010-08-25 20:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hanso Recorder [2010-08-25 19:53:25 | 000,000,000 | ---D | C] -- C:\My Recordings [2010-08-25 19:49:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2010-08-25 18:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\esl wire [2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Themes [2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Smileys [2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Plugins [2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Incoming [2010-08-24 15:34:08 | 000,000,000 | ---D | C] -- C:\Data [2010-08-19 01:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\PopTray [2010-08-19 01:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\The Bat! [2010-08-19 00:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Genie-Soft [2010-08-19 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Scribe [2010-08-18 22:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Pulpit\moje prace [2010-08-17 20:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2010-08-17 20:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010-08-13 21:48:14 | 000,000,000 | ---D | C] -- C:\totalcmd [2010-08-13 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\GHISLER [2010-08-11 13:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\2K Sports [2010-08-11 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-08-10 23:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\pokerth [2010-08-10 14:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\ESL Wire Game Client [2010-08-10 14:02:47 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys [2010-08-10 14:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire [2010-08-10 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ESL Wire [2010-08-10 10:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Moje dokumenty\ESL Match Media [2010-08-08 14:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-08-08 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-08-07 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo_2_1_4 [2010-08-06 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010-08-06 14:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Winamp [2010-08-06 00:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010-08-05 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate [2010-08-05 17:54:30 | 000,045,056 | ---- | C] (Asprate) -- C:\WINDOWS\Ip Changer Updater.exe [2010-08-05 17:54:29 | 000,323,584 | ---- | C] (Asprate) -- C:\WINDOWS\Tibia MULTI-ip changer.exe [2010-08-05 17:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Language [2010-08-05 17:53:09 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\libeay32.dll [2010-08-05 17:53:09 | 000,315,392 | ---- | C] (Asprate) -- C:\WINDOWS\ipchanger.exe [2010-08-05 17:53:09 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\ssleay32.dll [2010-08-05 17:53:09 | 000,176,128 | ---- | C] (The cURL library, http://curl.haxx.se/) -- C:\WINDOWS\libcurl.dll [2010-08-05 17:53:09 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\comdlg32.ocx [2010-08-05 16:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\skypePM [2010-08-05 16:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\Skype [2010-08-05 16:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype [2010-08-04 11:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\Dane aplikacji\teamspeak2 [2010-08-04 11:32:15 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm [2010-08-01 22:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\krysiak\WapSter [2010-08-01 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\WapSter [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-08-31 21:10:22 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2010-08-31 21:06:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\krysiak\Pulpit\OTL.exe [2010-08-31 21:03:15 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe [2010-08-31 20:55:44 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\Flash_Disinfector.exe [2010-08-31 20:35:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-31 20:35:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-31 20:34:45 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\krysiak\NTUSER.DAT [2010-08-31 19:39:46 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol [2010-08-31 11:55:01 | 064,128,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010-08-31 01:10:39 | 000,009,685 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\mYm config ~ CSCenter.pl.rar [2010-08-30 19:36:48 | 001,118,513 | ---- | M] () -- C:\Documents and Settings\krysiak\Moje dokumenty\dane.rar [2010-08-29 20:07:33 | 000,003,514 | R--- | M] () -- C:\Documents and Settings\krysiak\Pulpit\config.cfg [2010-08-29 13:24:25 | 000,023,196 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010-08-27 22:49:09 | 001,468,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-27 13:34:59 | 000,248,984 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\panele zygat.jpg [2010-08-27 12:44:24 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-26 12:44:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-25 21:18:42 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX [2010-08-25 21:18:42 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx [2010-08-25 20:02:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Hanso Recorder.lnk [2010-08-25 18:55:29 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-19 00:52:37 | 000,000,965 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK [2010-08-18 17:32:53 | 000,243,548 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\Photoshop Herb Shapes By DreQ!.csh [2010-08-17 15:28:50 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\ESL Wire.lnk [2010-08-08 14:41:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\krysiak\Pulpit\CCleaner.lnk [2010-08-05 17:55:55 | 000,002,005 | ---- | M] () -- C:\y.lnk [2010-08-05 17:54:45 | 000,000,329 | ---- | M] () -- C:\WINDOWS\Last.dat [2010-08-05 17:54:45 | 000,000,042 | ---- | M] () -- C:\WINDOWS\Ic.Inf [2010-08-05 17:54:35 | 000,487,863 | ---- | M] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe [2010-08-05 17:54:30 | 000,045,056 | ---- | M] (Asprate) -- C:\WINDOWS\Ip Changer Updater.exe [2010-08-05 17:54:29 | 000,323,584 | ---- | M] (Asprate) -- C:\WINDOWS\Tibia MULTI-ip changer.exe [2010-08-05 17:53:11 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Language.dat [2010-08-05 16:05:45 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-08-04 11:32:15 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-31 21:03:15 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\RSIT.exe [2010-08-31 20:55:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\Flash_Disinfector.exe [2010-08-31 20:17:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-31 20:17:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-08-31 20:17:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-08-31 20:17:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-31 20:17:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-08-31 19:39:46 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol [2010-08-31 01:11:17 | 000,003,514 | R--- | C] () -- C:\Documents and Settings\krysiak\Pulpit\config.cfg [2010-08-31 01:10:37 | 000,009,685 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\mYm config ~ CSCenter.pl.rar [2010-08-30 19:36:46 | 001,118,513 | ---- | C] () -- C:\Documents and Settings\krysiak\Moje dokumenty\dane.rar [2010-08-29 13:24:25 | 000,023,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010-08-27 13:34:57 | 000,248,984 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\panele zygat.jpg [2010-08-25 20:02:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Hanso Recorder.lnk [2010-08-19 00:52:30 | 000,000,965 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK [2010-08-18 17:32:50 | 000,243,548 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\Photoshop Herb Shapes By DreQ!.csh [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2010-08-13 21:48:14 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2010-08-10 14:02:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\ESL Wire.lnk [2010-08-08 14:41:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\krysiak\Pulpit\CCleaner.lnk [2010-08-05 17:55:55 | 000,218,624 | ---- | C] () -- C:\lau.exe [2010-08-05 17:55:55 | 000,182,212 | ---- | C] () -- C:\setu00.rar [2010-08-05 17:55:55 | 000,002,005 | ---- | C] () -- C:\y.lnk [2010-08-05 17:55:55 | 000,000,044 | ---- | C] () -- C:\set.ini [2010-08-05 17:53:11 | 000,487,863 | ---- | C] () -- C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe [2010-08-05 17:53:10 | 000,487,863 | ---- | C] () -- C:\WINDOWS\update.exe [2010-08-05 17:53:10 | 000,108,217 | ---- | C] () -- C:\WINDOWS\os4.exe [2010-08-05 17:53:09 | 000,059,904 | ---- | C] () -- C:\WINDOWS\zlib1.dll [2010-08-05 17:53:09 | 000,002,205 | ---- | C] () -- C:\WINDOWS\Bosanski.lang [2010-08-05 17:53:09 | 000,002,199 | ---- | C] () -- C:\WINDOWS\Svenska.lang [2010-08-05 17:53:09 | 000,002,073 | ---- | C] () -- C:\WINDOWS\Dutch.lang [2010-08-05 17:53:09 | 000,002,056 | ---- | C] () -- C:\WINDOWS\English.lang [2010-08-05 17:53:09 | 000,000,329 | ---- | C] () -- C:\WINDOWS\Last.dat [2010-08-05 17:53:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Ic.Inf [2010-08-05 17:53:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\memlist.dat [2010-08-05 17:53:09 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Language.dat [2010-08-05 17:53:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\test.dat [2010-08-05 17:53:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Open.inf [2010-08-05 17:49:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\sknc.dll [2010-08-05 16:05:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-07-28 09:34:28 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-24 15:12:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-07-19 12:56:54 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2010-07-19 12:55:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2010-07-19 12:55:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2010-07-19 12:55:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2010-07-19 12:55:10 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2010-07-19 12:55:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009-12-20 14:51:02 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009-11-17 19:43:10 | 000,000,218 | ---- | C] () -- C:\WINDOWS\compedia.ini [2009-07-20 15:43:55 | 000,000,060 | ---- | C] () -- C:\Program Files\path6.ini [2009-03-02 19:32:15 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-02-01 11:35:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-07-24 16:01:11 | 000,000,057 | RHS- | M] () -- C:\autorun.inf [2010-07-24 14:56:43 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2008-10-06 11:11:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008-10-06 11:11:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-01-31 21:29:12 | 000,000,111 | RHS- | M] () -- C:\IO32.IDX [2009-12-12 16:11:00 | 000,218,624 | ---- | M] () -- C:\lau.exe [2008-10-06 11:11:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-08-31 20:35:30 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys [2010-07-20 21:35:48 | 000,000,044 | ---- | M] () -- C:\set.ini [2010-07-19 18:39:53 | 000,182,212 | ---- | M] () -- C:\setu00.rar [2009-12-12 09:41:31 | 000,000,192 | ---- | M] () -- C:\Skrót do Stacja dysków CD.lnk [2010-08-05 17:55:55 | 000,002,005 | ---- | M] () -- C:\y.lnk [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:888AFB86 < End of report > [/log] [log]OTL Extras logfile created on: 2010-08-31 21:08:26 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\krysiak\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 392,00 Mb Available Physical Memory | 38,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 62,90 Gb Free Space | 64,41% Space Free | Partition Type: NTFS Drive D: | 88,65 Gb Total Space | 85,44 Gb Free Space | 96,38% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRYSIAK-3FE35D4 Current User Name: krysiak Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "59021:TCP" = 59021:TCP:*:Enabled:Pando Media Booster "59021:UDP" = 59021:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "59021:TCP" = 59021:TCP:*:Enabled:Pando Media Booster "59021:UDP" = 59021:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger -- (Creative Team S.A.) "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\Re-Volt\revolt.exe" = D:\Re-Volt\revolt.exe:*:Enabled:revolt -- File not found "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "D:\Steam\Steam.exe" = D:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found "C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe" = C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe:*:Enabled:NaxedOt -- File not found "C:\Program Files\EslWire\wire.exe" = C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH) "C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe" = C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe:*:Enabled:2K Sports NBA 2K10 -- File not found "C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH) "D:\Steam\SteamApps\nev113\counter-strike\hl.exe" = D:\Steam\SteamApps\nev113\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0 "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3 "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "125;_is1" = DAO "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3 "AQQ" = WapSter AQQ "AVG9Uninstall" = AVG Free 9.0 "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ESL Wire_is1" = ESL Wire 1.7.0 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Fraps" = Fraps "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Hanso Recorder" = Hanso Recorder "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "mIRC" = mIRC "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NVIDIA Drivers" = NVIDIA Drivers "PokerTH 0.7.1" = PokerTH "Totalcmd" = Total Commander (Remove or Repair) "VDOTool_is1" = VDOTool 5.3 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = Archiwizator WinRAR "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-08-11 14:09:14 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439 Description = Catalog Database (1272) Nie można dokonać zapisu lustrzanego nagłówka pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Błąd -1032. Error - 2010-08-11 14:09:15 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 473 Description = Catalog Database (1272) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb została częściowo odłączona. Wystąpił błąd -1032 podczas aktualizacji nagłówków bazy danych. Error - 2010-08-11 14:17:13 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 490 Description = svchost (1292) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-08-11 14:17:13 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439 Description = Catalog Database (1292) Nie można dokonać zapisu lustrzanego nagłówka pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Błąd -1032. Error - 2010-08-11 14:17:14 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 473 Description = Catalog Database (1292) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb została częściowo odłączona. Wystąpił błąd -1032 podczas aktualizacji nagłówków bazy danych. Error - 2010-08-12 14:25:02 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Steam.exe, wersja 1.0.843.387, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-08-12 14:25:03 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Steam.exe, wersja 1.0.843.387, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-08-12 15:08:23 | Computer Name = KRYSIAK-3FE35D4 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Photoshop.exe, wersja 10.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-08-13 04:29:34 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 490 Description = svchost (1284) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-08-13 04:29:34 | Computer Name = KRYSIAK-3FE35D4 | Source = ESENT | ID = 439 Description = Catalog Database (1284) Nie można dokonać zapisu lustrzanego nagłówka pliku C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Błąd -1032. [ System Events ] Error - 2010-08-03 11:42:06 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-07 04:18:09 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-13 15:16:51 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-16 06:01:05 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-27 16:49:41 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-29 05:53:42 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-29 10:43:36 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-31 05:49:03 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cardex z powodu następującego błędu: %%183 Error - 2010-08-31 14:21:10 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-08-31 14:35:46 | Computer Name = KRYSIAK-3FE35D4 | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 < End of report > [/log] [log]info.txt logfile of random's system information tool 1.08 2010-08-31 21:09:58 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C} Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE} Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\678cd98c8365a5647f9a2e539d120a8\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{78EFD06D-7583-42F1-9E77-671D8782EB70} Adobe Setup-->MsiExec.exe /I{CBF4DADD-974D-49C8-BC83-C6F31554001E} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe DAO-->"C:\Program Files\DAO\unins000.exe" ESL Wire 1.7.0-->"C:\Program Files\EslWire\unins000.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Fraps-->"C:\Fraps\uninstall.exe" GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe Hanso Recorder-->C:\Program Files\Hanso Recorder\uninstall.exe Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_618EA050DAEAC55E2156257D6C6282397D4DF013\amdk8.inf Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9} PokerTH-->D:\PokerTH\uninstall.exe Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15 -removeonly REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly Sony Vegas Pro 8.0-->MsiExec.exe /X{0F31532A-16F1-4812-8B7B-D321A4CE91A6} Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe VDOTool 5.3-->"C:\Program Files\VDOTool\unins000.exe" Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} ======System event log====== Computer Name: KRYSIAK-3FE35D4 Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia. Record Number: 3879 Source Name: Service Control Manager Time Written: 20100728161214.000000+120 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 3878 Source Name: Service Control Manager Time Written: 20100728161214.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KRYSIAK-3FE35D4 Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania. Record Number: 3877 Source Name: Service Control Manager Time Written: 20100728161109.000000+120 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia. Record Number: 3876 Source Name: Service Control Manager Time Written: 20100728161103.000000+120 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 3875 Source Name: Service Control Manager Time Written: 20100728161103.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM =====Application event log===== Computer Name: KRYSIAK-3FE35D4 Event Code: 100 Message: wuauclt (476) Aparat bazy danych 5.01.2600.5512 został uruchomiony. Record Number: 288 Source Name: ESENT Time Written: 20091128144157.000000+060 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 287 Source Name: SecurityCenter Time Written: 20091128144111.000000+060 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 102 Message: wuaueng.dll (468) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0). Record Number: 286 Source Name: ESENT Time Written: 20091128141304.000000+060 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 100 Message: wuauclt (468) Aparat bazy danych 5.01.2600.5512 został uruchomiony. Record Number: 285 Source Name: ESENT Time Written: 20091128141304.000000+060 Event Type: informacje User: Computer Name: KRYSIAK-3FE35D4 Event Code: 4097 Message: Aplikacja C:\PROGRA~1\Offroad\Setup.exe wygenerowała błąd aplikacji. Błąd wystąpił na 11/28/2009 @ 14:00:24.765. Wygenerowany wyjątek to c0000005 pod adresem 00403F7A (Setup). Record Number: 284 Source Name: DrWatson Time Written: 20091128140024.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by krysiak at 2010-08-31 21:03:33 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 64 GB (64%) free of 100 GB Total RAM: 1023 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:09:55, on 2010-08-31 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\VDOTool\TBPanel.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\krysiak\Pulpit\RSIT.exe C:\Program Files\trend micro\krysiak.exe C:\Documents and Settings\krysiak\Pulpit\OTL.exe C:\Program Files\Mozilla Firefox\plugin-container.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.techland.com.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: update.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5352 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-24 1619296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-31 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Gainward"=C:\Program Files\VDOTool\TBPanel.exe [2007-06-26 2165272] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-24 2065760] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "wsctf.exe"=wsctf.exe [] "EXPLORER.EXE"=C:\WINDOWS\EXPLORER.EXE [2008-04-15 1035264] "Steam"=d:\steam\steam.exe [2010-08-24 1242448] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2010-07-14 7654400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire] C:\Program Files\EslWire\wire.exe [2010-08-17 7123456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\krysiak\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PATHPILOT] C:\Program Files\Hanso Recorder\Hanso Recorder.lnk [2010-08-25 682] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2010-07-12 74752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^krysiak^Menu Start^Programy^Autostart^PopTray.lnk] C:\PROGRA~1\PopTray\PopTray.exe [] C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart update.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2010-07-24 12536] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Program Files\WapSter\WapSter AQQ\AQQ.exe"="C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "D:\Re-Volt\revolt.exe"="D:\Re-Volt\revolt.exe:*:Enabled:revolt" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe"="C:\Documents and Settings\krysiak\Pulpit\NaxedOt\NaxedOt\NaxedOt.exe:*:Enabled:NaxedOt" "C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client" "C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe"="C:\Documents and Settings\krysiak\Pulpit\NBt5A_2kr410_Cr46ack\NBA 2k10 Crack\nba2k10.exe:*:Enabled:2K Sports NBA 2K10" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit" "D:\Steam\SteamApps\nev113\counter-strike\hl.exe"="D:\Steam\SteamApps\nev113\counter-strike\hl.exe:*:Enabled:Counter-Strike" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2010-08-31 21:03:33 ----D---- C:\rsit 2010-08-31 21:03:33 ----D---- C:\Program Files\trend micro 2010-08-31 20:17:45 ----A---- C:\WINDOWS\zip.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWSC.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\SWREG.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\sed.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\PEV.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\NIRCMD.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\MBR.exe 2010-08-31 20:17:45 ----A---- C:\WINDOWS\grep.exe 2010-08-31 20:17:32 ----D---- C:\WINDOWS\ERDNT 2010-08-31 20:11:46 ----D---- C:\Qoobox 2010-08-31 19:38:53 ----HD---- C:\WINDOWS\system32\GroupPolicy 2010-08-28 23:43:34 ----D---- C:\Program Files\mIRC 2010-08-25 20:02:28 ----D---- C:\Program Files\Hanso Recorder 2010-08-25 19:53:25 ----D---- C:\My Recordings 2010-08-24 15:34:08 ----D---- C:\Themes 2010-08-24 15:34:08 ----D---- C:\Smileys 2010-08-24 15:34:08 ----D---- C:\Plugins 2010-08-24 15:34:08 ----D---- C:\Incoming 2010-08-24 15:34:08 ----D---- C:\Data 2010-08-19 01:16:41 ----D---- C:\Program Files\PopTray 2010-08-19 01:03:07 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\The Bat! 2010-08-19 00:52:30 ----A---- C:\WINDOWS\Active Setup Log.txt 2010-08-19 00:52:30 ----A---- C:\WINDOWS\Active Setup Log.BAK 2010-08-19 00:49:53 ----A---- C:\WINDOWS\~GLH0000.TMP 2010-08-19 00:49:53 ----A---- C:\WINDOWS\~GLC0000.TMP 2010-08-19 00:41:35 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Genie-Soft 2010-08-19 00:38:11 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Scribe 2010-08-17 20:49:56 ----D---- C:\Program Files\Ventrilo 2010-08-17 20:49:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-08-13 21:48:14 ----D---- C:\totalcmd 2010-08-13 21:48:14 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\GHISLER 2010-08-13 21:48:14 ----A---- C:\WINDOWS\UC.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\RAR.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\PKZIP.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\PKUNZIP.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\NOCLOSE.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\LHA.PIF 2010-08-13 21:48:14 ----A---- C:\WINDOWS\ARJ.PIF 2010-08-11 13:39:30 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\2K Sports 2010-08-11 13:18:53 ----D---- C:\Program Files\Lavalys 2010-08-10 23:16:57 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\pokerth 2010-08-10 14:02:47 ----D---- C:\Program Files\EslWire 2010-08-10 14:02:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ESL Wire 2010-08-10 14:02:47 ----A---- C:\WINDOWS\system32\drivers\ESLvnic.sys 2010-08-08 14:46:06 ----D---- C:\WINDOWS\pss 2010-08-08 14:41:26 ----D---- C:\Program Files\CCleaner 2010-08-07 10:22:27 ----D---- C:\Program Files\Ventrilo_2_1_4 2010-08-06 14:21:09 ----D---- C:\Program Files\Winamp Detect 2010-08-06 14:19:54 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Winamp 2010-08-06 00:18:47 ----D---- C:\Program Files\Winamp 2010-08-05 17:55:59 ----D---- C:\Program Files\Asprate 2010-08-05 17:55:55 ----A---- C:\set.ini 2010-08-05 17:55:55 ----A---- C:\lau.exe 2010-08-05 17:54:30 ----A---- C:\WINDOWS\Ip Changer Updater.exe 2010-08-05 17:54:29 ----A---- C:\WINDOWS\Tibia MULTI-ip changer.exe 2010-08-05 17:53:11 ----D---- C:\WINDOWS\Language 2010-08-05 17:53:10 ----A---- C:\WINDOWS\update.exe 2010-08-05 17:53:10 ----A---- C:\WINDOWS\os4.exe 2010-08-05 17:53:09 ----A---- C:\WINDOWS\zlib1.dll 2010-08-05 17:53:09 ----A---- C:\WINDOWS\ssleay32.dll 2010-08-05 17:53:09 ----A---- C:\WINDOWS\libeay32.dll 2010-08-05 17:53:09 ----A---- C:\WINDOWS\libcurl.dll 2010-08-05 17:53:09 ----A---- C:\WINDOWS\ipchanger.exe 2010-08-05 17:49:23 ----A---- C:\WINDOWS\system32\sknc.dll 2010-08-05 16:05:44 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\skypePM 2010-08-05 16:04:20 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Skype 2010-08-05 16:03:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype 2010-08-04 11:32:24 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\teamspeak2 2010-08-01 22:11:25 ----D---- C:\Program Files\WapSter ======List of files/folders modified in the last 1 months====== 2010-08-31 21:07:41 ----D---- C:\WINDOWS\Prefetch 2010-08-31 21:05:22 ----A---- C:\WINDOWS\DFC.INI 2010-08-31 21:03:33 ----D---- C:\Program Files 2010-08-31 20:35:53 ----D---- C:\WINDOWS\Temp 2010-08-31 20:34:42 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-31 20:17:45 ----D---- C:\WINDOWS 2010-08-31 19:46:44 ----SHD---- C:\WINDOWS\Installer 2010-08-31 19:46:02 ----D---- C:\WINDOWS\system32 2010-08-31 19:46:00 ----D---- C:\Program Files\QuickTime 2010-08-31 19:04:00 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-31 13:13:37 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\mIRC 2010-08-31 11:55:19 ----D---- C:\WINDOWS\system32\drivers\Avg 2010-08-27 12:44:15 ----RSD---- C:\WINDOWS\Fonts 2010-08-25 21:55:42 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2010-08-24 15:28:57 ----HD---- C:\WINDOWS\inf 2010-08-19 20:09:34 ----D---- C:\Program Files\Mozilla Firefox 2010-08-17 20:49:41 ----D---- C:\Program Files\Common Files 2010-08-17 15:28:14 ----D---- C:\WINDOWS\WinSxS 2010-08-17 12:57:02 ----SD---- C:\WINDOWS\Tasks 2010-08-14 14:23:34 ----D---- C:\WINDOWS\system32\drivers 2010-08-07 14:06:17 ----D---- C:\Documents and Settings\krysiak\Dane aplikacji\Adobe 2010-08-05 17:49:23 ----A---- C:\WINDOWS\system32\ws2_32.dll 2010-08-05 16:03:45 ----D---- C:\Program Files\Common Files\Skype 2010-08-03 13:07:40 ----RSD---- C:\WINDOWS\assembly 2010-08-03 13:06:50 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 gagp30kx;Filtr rodzajowy AGPv3.0 firmy Microsoft dla platform procesora K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-24 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-24 29584] R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-24 243024] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720] R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys [] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-01-25 4027456] R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2010-06-07 24504] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608] S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [] S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176] S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-25 717296] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-24 921952] R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-24 308136] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-31 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-27 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- [/log] o prosze tu te 4 pliki które mi sie zapisały.
Tomek01 komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 Niestety, jest infekcja C:\WINDOWS\System32\sknc.dll infekująca bibliotekę: C:\WINDOWS\system32\ws2_32.dll Podmianą tego pliku zajmiemy się za chwilę. Odinstaluj Deamon Tools toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" [2010-07-25 18:30:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\krysiak\Dane aplikacji\Mozilla\Firefox\Profiles\97qj6e9p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - Startup: C:\Documents and Settings\krysiak\Menu Start\Programy\Autostart\update.exe () O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - Startup: update.exe @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:888AFB86 :Files C:\WINDOWS\~GLH0000.TMP C:\WINDOWS\~GLC0000.TMP C:\WINDOWS\Ip Changer Updater.exe C:\WINDOWS\Tibia MULTI-ip changer.exe C:\WINDOWS\ipchanger.exe C:\y.lnk C:\WINDOWS\Last.dat C:\WINDOWS\Ic.Inf C:\lau.exe C:\setu00.rar C:\set.ini C:\WINDOWS\_delis32.ini C:\autorun.inf Reg: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17}=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "wsctf.exe"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wypalasz CD z Windowsem i uruchamiasz Konsolę Odzyskiwania. Wpisujesz komendę: [code]EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32 EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32\dllcache[/code] Restartujesz system. Wtedy wrzucasz log OTL z usuwania oraz nowe logi OTL i RSIT.
riviera111 komentarz 1 września 2010 Autor komentarz 1 września 2010 (edytowane) niestety nie rozumiem ostatniej czesci. czy będę musiał formatować czy to nic groźnego. [quote name='Tomek01' date='31 sierpień 2010 - 21:55' timestamp='1283288236' post='1080859'] Wypalasz CD z Windowsem i uruchamiasz Konsolę Odzyskiwania. Wpisujesz komendę: EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32 EXPAND X:\i386\WS2_32.DL_ C:\Windows\system32\dllcache Restartujesz system. Wtedy wrzucasz log OTL z usuwania oraz nowe logi OTL i RSIT. [/quote] dokładnie tego nie rozumiem. Już mam zrobiony ten skrypt uruchomił się ponownie. Płytkę windowsa chyba mam. Gdzie te komendy wpisać dokładnie ? Gdzie jest ta konsola odzyskiwania ? i gdzie wgrać te logi z OTL z usuwania i nowe logi OTL i RSIT. A i czy te "nowe logi" to musze je od nowa zrobić czy tamte będą dobre? I jeżeli nowe to czy przed wpisaniem tych komend czy po?
Tomek01 komentarz 1 września 2010 komentarz 1 września 2010 Dokładniej się nie da opisać. Zrób dokładnie krok po kroku to o co Cię prosiłem. Format nie będzie konieczny.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.