niesia87 utworzono 15 listopada 2010 utworzono 15 listopada 2010 witam! chcia[color="#FF0000"]ł[/color]am si[color="#FF0000"]ę[/color] dowiedzie[color="#FF0000"]ć[/color] jak usun[color="#FF0000"]ąć[/color] think point'a. [log]OTL Extras logfile created on: 2010-11-15 18:01:33 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 63,72 Gb Free Space | 57,00% Space Free | Partition Type: NTFS Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,51% Space Free | Partition Type: FAT Computer Name: AGA | User Name: Kamik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\games\nfs u\Speed.exe" = C:\games\nfs u\Speed.exe:*:Enabled:Speed -- () "C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) "C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe" = C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem -- (Huawei Technologies) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52675D00-AD10-49F7-B129-BEA9FED1C610}" = Nokia Connectivity Cable Driver "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{BEWINTERNET-UK}.UninstallSuite" = Business Everywhere uninstall "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CC1ACF58-CD2D-4F36-9195-F13D13962E15}" = PC Connectivity Solution Lite "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program "{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "3 USB Modem" = 3 USB Modem "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "CardDetectorZTEMF636" = Card Detector for ZTE MF636 "Chicken Invaders 2_is1" = Chicken Invaders 2 v2.61 "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.7 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers. "KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full "LManager" = Launch Manager "Manage Registry ActiveX Control DEMO 2.1_is1" = Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1 "PhotoScape" = PhotoScape "Rapport_msi" = Rapport "TuneUp Utilities" = TuneUp Utilities "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp (remove only) "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-11-15 08:13:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 08:13:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041 Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. [ System Events ] Error - 2010-11-14 20:35:43 | Computer Name = AGA | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect. Error - 2010-11-14 20:35:44 | Computer Name = AGA | Source = Service Control Manager | ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%1053 Error - 2010-11-15 08:13:13 | Computer Name = AGA | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 2010-11-15 08:13:13 | Computer Name = AGA | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 2010-11-15 08:13:38 | Computer Name = AGA | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect. Error - 2010-11-15 08:13:39 | Computer Name = AGA | Source = Service Control Manager | ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%1053 Error - 2010-11-15 13:15:38 | Computer Name = AGA | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 2010-11-15 13:15:38 | Computer Name = AGA | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 2010-11-15 13:15:41 | Computer Name = AGA | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect. Error - 2010-11-15 13:15:41 | Computer Name = AGA | Source = Service Control Manager | ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%1053 < End of report > [/log] [log]OTL logfile created on: 2010-11-15 18:01:33 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 63,72 Gb Free Space | 57,00% Space Free | Partition Type: NTFS Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,51% Space Free | Partition Type: FAT Computer Name: AGA | User Name: Kamik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe PRC - [2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-11-17 16:14:46 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-04-16 10:27:00 | 001,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe PRC - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe MOD - [2010-11-15 17:37:33 | 000,081,408 | RHS- | M] () -- C:\Documents and Settings\Kamik\Local Settings\Temp\cvasds0.dll MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009-03-26 11:04:46 | 000,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc) SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2001-08-23 21:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009-08-24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-02-10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec) DRV - [2009-02-10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook) DRV - [2009-02-10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14357 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [wsctf.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe (Mc AUS) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-11-15 18:02:39 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010-11-15 18:02:42 | 000,000,061 | RHS- | M] () - G:\AutoRun.inf -- [ FAT ] O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\explore\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\open\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-14 23:55:00 | 000,564,736 | ---- | C] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe [2010-11-13 18:17:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664 [2010-11-08 22:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ConeXware [2010-11-08 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite [2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy [2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-11-15 18:09:51 | 000,000,061 | RHS- | M] () -- C:\autorun.inf [2010-11-15 18:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-15 17:50:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010-11-15 17:44:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010-11-15 17:36:06 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\completescan [2010-11-15 17:15:47 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010-11-15 17:15:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-15 15:13:25 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-11-15 12:13:19 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010-11-15 12:13:17 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010-11-15 00:37:02 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\start [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010-11-14 23:55:51 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\install [2010-11-14 23:55:50 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe [2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-15 00:14:30 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\start [2010-11-15 00:11:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\completescan [2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010-11-14 23:56:21 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010-11-14 23:56:21 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010-11-14 23:56:17 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010-11-14 23:56:06 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010-11-14 23:55:51 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\install [2010-11-14 23:55:10 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico [2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-17 16:32:00 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini [2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-11-15 18:12:46 | 000,000,061 | RHS- | M] () -- C:\autorun.inf [2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010-04-11 20:29:26 | 000,118,784 | RHS- | M] () -- C:\chxnxyx.exe [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010-11-15 17:15:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2002-08-29 01:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report > [/log] [log]info.txt logfile of random's system information tool 1.08 2010-11-15 18:26:11 ======Uninstall list====== -->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3 USB Modem-->C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Agere Systems HDA Modem-->agrsmdel Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Chicken Invaders 2 v2.61-->"C:\Program Files\ChickenInvaders2Polish\unins000.exe" Codec Pack - All In 1 6.0.2.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Free_Lunch_Design Toolbar-->C:\PROGRA~1\FREE_L~1\UNWISE.EXE /U C:\PROGRA~1\FREE_L~1\INSTALL.LOG Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)-->"C:\Program Files\Eltima Software\Manage Registry ActiveX Control DEMO 2.1\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /X{52675D00-AD10-49F7-B129-BEA9FED1C610} OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991} Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95} PC Connectivity Solution Lite-->MsiExec.exe /I{CC1ACF58-CD2D-4F36-9195-F13D13962E15} PC Tools AntiVirus 6.1-->"C:\Program Files\PC Tools AntiVirus\unins000.exe" PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs\uninstall.log" Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF} Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: PC Tools AntiVirus 6.1.0.25 ======System event log====== Computer Name: AGA Event Code: 11 Message: The driver detected a controller error on \Device\Harddisk1\D. Record Number: 60 Source Name: Disk Time Written: 20101109020320.000000+000 Event Type: error User: Computer Name: AGA Event Code: 7000 Message: The Eset Trial Reset service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 8 Source Name: Service Control Manager Time Written: 20101108223127.000000+000 Event Type: error User: Computer Name: AGA Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect. Record Number: 7 Source Name: Service Control Manager Time Written: 20101108223127.000000+000 Event Type: error User: Computer Name: AGA Event Code: 49 Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Record Number: 5 Source Name: Ftdisk Time Written: 20101108223040.000000+000 Event Type: error User: Computer Name: AGA Event Code: 45 Message: The system could not sucessfully load the crash dump driver. Record Number: 4 Source Name: Ftdisk Time Written: 20101108223040.000000+000 Event Type: error User: =====Application event log===== Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14273 Source Name: Userenv Time Written: 20101009100601.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14272 Source Name: Userenv Time Written: 20101009100601.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14271 Source Name: Userenv Time Written: 20101009100601.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14270 Source Name: Userenv Time Written: 20101009100601.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 0 Message: Record Number: 14237 Source Name: TuneUp.UtilitiesSvc Time Written: 20101009081535.000000+060 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- [/log] [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Kamik at 2010-11-15 18:54:28 Microsoft Windows XP Professional Service Pack 3 System drive C: has 69 GB (60%) free of 114 GB Total RAM: 1014 MB (53% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\Automatic troubleshooting.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre0.dll [2010-09-21 2735200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre0.dll [2010-09-21 2735200] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632] "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792] "PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-04-16 1505168] "BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824] "CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432] "MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2006-10-25 36864] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344] "wsctf.exe"=wsctf.exe [] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "cdoosoft"=C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed" "C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-11-15 18:40:07 ----D---- C:\_OTL 2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro 2010-11-15 18:26:06 ----D---- C:\rsit 2010-11-14 23:55:00 ----A---- C:\Documents and Settings\Kamik\Application Data\hotfix.exe 2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664 2010-11-08 22:52:57 ----D---- C:\Documents and Settings\All Users\Application Data\ConeXware 2010-11-08 22:43:09 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys 2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite 2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite 2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite ======List of files/folders modified in the last 1 months====== 2010-11-15 18:54:31 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc 2010-11-15 18:54:01 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-15 18:53:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-11-15 18:53:45 ----D---- C:\WINDOWS\Temp 2010-11-15 18:52:38 ----D---- C:\Program Files\PC Tools AntiVirus 2010-11-15 18:48:00 ----D---- C:\WINDOWS\system32\drivers 2010-11-15 18:46:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-15 18:41:52 ----SHD---- C:\System Volume Information 2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore 2010-11-15 18:41:31 ----D---- C:\WINDOWS\system32 2010-11-15 18:41:31 ----D---- C:\WINDOWS 2010-11-15 18:41:18 ----D---- C:\WINDOWS\Prefetch 2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer 2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com 2010-11-15 18:38:39 ----SD---- C:\WINDOWS\Tasks 2010-11-15 18:26:07 ----RD---- C:\Program Files 2010-11-15 15:13:25 ----A---- C:\WINDOWS\winamp.ini 2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt 2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype 2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM 2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM 2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia 2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer 2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10 2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-08-24 206256] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [] R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728] R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560] R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952] S3 a5qbffcr;a5qbffcr; C:\WINDOWS\system32\drivers\a5qbffcr.sys [] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936] S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096] R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-04-16 933720] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576] S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\system32\regedt32.exe [2001-08-23 3584] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936] -----------------EOF----------------- [/log] [color="#FF0000"]//Na forum stosujemy polskie znaki i interpunkcję. //Logi wklejamy w tagi //Zmieniam //Tom01[/color]
Tomek01 komentarz 15 listopada 2010 komentarz 15 listopada 2010 W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL PRC - [2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe MOD - [2010-11-15 17:37:33 | 000,081,408 | RHS- | M] () -- C:\Documents and Settings\Kamik\Local Settings\Temp\cvasds0.dll IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe () O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKCU..\Run: [wsctf.exe] File not found O32 - AutoRun File - [2010-11-15 18:02:39 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010-11-15 18:02:42 | 000,000,061 | RHS- | M] () - G:\AutoRun.inf -- [ FAT ] O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not foundO33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\explore\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\open\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 :Files C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe C:\Program Files\Free_Lunch_Design C:\Program Files\DAEMON Tools Toolbar C:\Documents and Settings\Kamik\Application Data\hotfix.exe C:\Documents and Settings\All Users\Application Data\ConeXware C:\Program Files\DAEMON Tools Toolbar C:\autorun.inf C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\Automatic troubleshooting.job C:\Documents and Settings\Kamik\Application Data\completescan C:\Documents and Settings\Kamik\Application Data\start C:\Documents and Settings\Kamik\Application Data\install C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At2.job C:\Documents and Settings\Kamik\Application Data\install C:\WINDOWS\tasks\At1.job C:\WINDOWS\System32\Desktop_.ini C:\chxnxyx.exe C:\WINDOWS\System32\EXPLORER.EXE :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}=- {32099AAC-C132-4136-9E9A-4E364A424E17}=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EXPLORER.EXE"=- "wsctf.exe"=- "cdoosoft"=- :Services .EsetTrialReset :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.
niesia87 komentarz 15 listopada 2010 Autor komentarz 15 listopada 2010 (edytowane) Log z usuwania: [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== No active process named hotfix.exe was found! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully. C:\Program Files\Free_Lunch_Design\tbFre0.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. C:\autorun.inf moved successfully. File move failed. E:\Autorun.inf scheduled to be moved on reboot. G:\AutoRun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found. G:\EXPLORER.EXE moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found. File E:\NokiaPCIA_Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found. File E:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55792e4-aee7-11df-b867-00197e79db47}\ not found. File E:\AutoRunCardDetector.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found. File E:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully. ========== FILES ========== File\Folder C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe not found. C:\Program Files\Free_Lunch_Design folder moved successfully. C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully. C:\Program Files\DAEMON Tools Toolbar folder moved successfully. C:\Documents and Settings\Kamik\Application Data\hotfix.exe moved successfully. C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver\Skins folder moved successfully. C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver\Plugins folder moved successfully. C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver folder moved successfully. C:\Documents and Settings\All Users\Application Data\ConeXware folder moved successfully. File\Folder C:\Program Files\DAEMON Tools Toolbar not found. File\Folder C:\autorun.inf not found. File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found. C:\WINDOWS\tasks\Automatic troubleshooting.job moved successfully. C:\Documents and Settings\Kamik\Application Data\completescan moved successfully. C:\Documents and Settings\Kamik\Application Data\start moved successfully. C:\Documents and Settings\Kamik\Application Data\install moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. File\Folder C:\Documents and Settings\Kamik\Application Data\install not found. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\System32\Desktop_.ini moved successfully. C:\chxnxyx.exe moved successfully. Item C:\WINDOWS\System32\EXPLORER.EXE is whitelisted and cannot be moved. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found. ========== SERVICES/DRIVERS ========== Service .EsetTrialReset stopped successfully! Service .EsetTrialReset deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kamik ->Temp folder emptied: 1193312 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 39124 bytes Total Files Cleaned = 1,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11152010_201721 Files\Folders moved on Reboot... File move failed. E:\Autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot...[/log] LOG OTL: [log]OTL logfile created on: 2010-11-15 20:26:22 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 529,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 69,96 Gb Free Space | 62,58% Space Free | Partition Type: NTFS Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,12 Gb Free Space | 59,15% Space Free | Partition Type: FAT Computer Name: AGA | User Name: Kamik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-11-15 20:20:54 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe PRC - [2010-10-07 08:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-04-16 10:27:00 | 001,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe PRC - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009-03-26 11:04:46 | 000,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc) SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009-08-24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-02-10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec) DRV - [2009-02-10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook) DRV - [2009-02-10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14357 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [wsctf.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKU\S-1-5-21-299502267-1708537768-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-11-15 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\New Folder (2) [2010-11-15 19:00:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-11-15 19:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010-11-15 19:00:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-11-15 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-11-15 18:55:43 | 007,421,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe [2010-11-15 18:40:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010-11-15 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-11-15 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\rsit [2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664 [2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite [2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy [2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-11-15 20:21:51 | 000,035,896 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\log z usuwania [2010-11-15 20:20:50 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-15 20:19:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-15 19:00:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-15 18:12:12 | 007,421,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe [2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-15 15:13:25 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-11-10 10:19:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-11-10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-15 20:21:50 | 000,035,896 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\log z usuwania [2010-11-15 19:00:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico [2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll [color=#E56717]========== LOP Check ==========[/color] [2010-03-30 15:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F2FD [2010-03-30 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\292AF [2010-01-29 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010-11-08 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009-11-17 17:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010-05-28 19:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 [2010-10-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2010-06-08 11:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios [2010-11-14 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-10-05 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2010-11-15 20:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010-02-05 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2009-11-17 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010-10-06 15:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2009-11-17 18:55:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010-03-26 06:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer [2010-11-09 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\BESTplayer [2010-01-29 21:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe Limited [2010-01-29 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe_Limited [2010-11-10 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite [2010-09-05 19:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Gadu-Gadu 10 [2009-12-16 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenFM [2009-11-17 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenOffice.org [2010-01-11 19:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Opera [2010-10-05 20:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\PC Suite [2010-02-26 09:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Trusteer [2009-11-17 18:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\TuneUp Software [2010-04-26 19:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Vodafone [2009-11-17 19:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software [2010-04-26 19:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone [2010-02-26 10:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010-11-15 20:19:49 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD < End of report >[/log] RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Kamik at 2010-11-15 20:40:48 Microsoft Windows XP Professional Service Pack 3 System drive C: has 72 GB (63%) free of 114 GB Total RAM: 1014 MB (55% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632] "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792] "PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-04-16 1505168] "BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824] "CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432] "MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "wsctf.exe"=wsctf.exe [] "EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2006-10-25 36864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed" "C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-11-15 20:40:48 ----D---- C:\rsit 2010-11-15 19:00:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-11-15 19:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-11-15 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-11-15 19:00:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-11-15 18:40:07 ----D---- C:\_OTL 2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro 2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664 2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys 2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite 2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite 2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite ======List of files/folders modified in the last 1 months====== 2010-11-15 20:39:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-11-15 20:22:24 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-15 20:21:53 ----D---- C:\WINDOWS\Temp 2010-11-15 20:21:01 ----D---- C:\Program Files\PC Tools AntiVirus 2010-11-15 20:20:20 ----D---- C:\WINDOWS\system32\drivers 2010-11-15 20:18:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-15 20:17:34 ----SD---- C:\WINDOWS\Tasks 2010-11-15 20:17:34 ----RD---- C:\Program Files 2010-11-15 20:17:34 ----D---- C:\WINDOWS\system32 2010-11-15 20:12:20 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc 2010-11-15 18:59:42 ----D---- C:\WINDOWS\Prefetch 2010-11-15 18:41:52 ----SHD---- C:\System Volume Information 2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore 2010-11-15 18:41:31 ----D---- C:\WINDOWS 2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer 2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com 2010-11-15 15:13:25 ----A---- C:\WINDOWS\winamp.ini 2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt 2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype 2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM 2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM 2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia 2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer 2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10 2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-08-24 206256] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [] R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728] R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560] R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952] S3 a6c8svd8;a6c8svd8; C:\WINDOWS\system32\drivers\a6c8svd8.sys [] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936] S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576] S2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-04-16 933720] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936] -----------------EOF-----------------[/log] [log]info.txt logfile of random's system information tool 1.08 2010-11-15 20:40:53 ======Uninstall list====== -->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3 USB Modem-->C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Agere Systems HDA Modem-->agrsmdel Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Chicken Invaders 2 v2.61-->"C:\Program Files\ChickenInvaders2Polish\unins000.exe" Codec Pack - All In 1 6.0.2.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Free_Lunch_Design Toolbar-->C:\PROGRA~1\FREE_L~1\UNWISE.EXE /U C:\PROGRA~1\FREE_L~1\INSTALL.LOG Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)-->"C:\Program Files\Eltima Software\Manage Registry ActiveX Control DEMO 2.1\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /X{52675D00-AD10-49F7-B129-BEA9FED1C610} OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991} Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95} PC Connectivity Solution Lite-->MsiExec.exe /I{CC1ACF58-CD2D-4F36-9195-F13D13962E15} PC Tools AntiVirus 6.1-->"C:\Program Files\PC Tools AntiVirus\unins000.exe" PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs\uninstall.log" Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF} Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: PC Tools AntiVirus 6.1.0.25 ======System event log====== Computer Name: AGA Event Code: 11 Message: The driver detected a controller error on \Device\Harddisk1\D. Record Number: 60 Source Name: Disk Time Written: 20101109020320.000000+000 Event Type: error User: Computer Name: AGA Event Code: 7000 Message: The Eset Trial Reset service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Record Number: 8 Source Name: Service Control Manager Time Written: 20101108223127.000000+000 Event Type: error User: Computer Name: AGA Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect. Record Number: 7 Source Name: Service Control Manager Time Written: 20101108223127.000000+000 Event Type: error User: Computer Name: AGA Event Code: 49 Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Record Number: 5 Source Name: Ftdisk Time Written: 20101108223040.000000+000 Event Type: error User: Computer Name: AGA Event Code: 45 Message: The system could not sucessfully load the crash dump driver. Record Number: 4 Source Name: Ftdisk Time Written: 20101108223040.000000+000 Event Type: error User: =====Application event log===== Computer Name: AGA Event Code: 0 Message: Record Number: 14336 Source Name: TuneUp.UtilitiesSvc Time Written: 20101009135114.000000+060 Event Type: User: Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14331 Source Name: Userenv Time Written: 20101009135005.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14330 Source Name: Userenv Time Written: 20101009135005.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14329 Source Name: Userenv Time Written: 20101009135005.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: AGA Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 14328 Source Name: Userenv Time Written: 20101009135005.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------[/log]
Tomek01 komentarz 15 listopada 2010 komentarz 15 listopada 2010 1. Do notatnika systemowego wklej taki tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "wsctf.exe"=- "EXPLORER.EXE"=-[/code] 2. Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst : [code]Files to delete: C:\WINDOWS\System32\EXPLORER.EXE c:\documents and settings\Kamik\Menu Start\Programy\Autostart\wsctf.exe Folders to delete: C:\Documents and Settings\All Users\Application Data\1F2FD C:\Documents and Settings\All Users\Application Data\292AF[/code] 3. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [wsctf.exe] File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKU\S-1-5-21-299502267-1708537768-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD Files AUTORUN.INF /alldrives $RECYCLE.BIN /alldrives RECYCLER /alldrives :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.
niesia87 komentarz 15 listopada 2010 Autor komentarz 15 listopada 2010 log z usuwania: [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Kamik\Application Data\hotfix.exe deleted successfully. File move failed. E:\Autorun.inf scheduled to be moved on reboot. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kamik ->Temp folder emptied: 1883960 bytes ->Temporary Internet Files folder emptied: 151405 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 240 bytes ->Flash cache emptied: 456 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11152010_231314 Files\Folders moved on Reboot... File move failed. E:\Autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot...[/log] OTL: [log]OTL logfile created on: 2010-11-15 23:18:44 - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory | 594,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 69,95 Gb Free Space | 62,58% Space Free | Partition Type: NTFS Drive D: | 620,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,52% Space Free | Partition Type: FAT Computer Name: AGA | User Name: Kamik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-11-15 23:15:07 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14357 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-11-15 23:11:11 | 000,000,000 | ---D | C] -- C:\Avenger [2010-11-15 23:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\avenger [2010-11-15 20:40:48 | 000,000,000 | ---D | C] -- C:\rsit [2010-11-15 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\New Folder (2) [2010-11-15 19:00:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-11-15 19:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010-11-15 19:00:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-11-15 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-11-15 18:55:43 | 007,421,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe [2010-11-15 18:40:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010-11-15 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664 [2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite [2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy [2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-11-15 23:14:46 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-15 23:14:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-15 23:09:39 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\fix.reg [2010-11-15 23:02:52 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\avenger.zip [2010-11-15 22:12:46 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-11-15 19:00:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-15 18:12:12 | 007,421,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe [2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe [2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-11-10 10:19:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-11-10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-15 23:09:39 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\fix.reg [2010-11-15 23:07:45 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\avenger.zip [2010-11-15 19:00:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe [2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3 [2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3 [2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3 [2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3 [2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3 [2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3 [2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3 [2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3 [2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico [2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll [color=#E56717]========== LOP Check ==========[/color] [2010-01-29 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010-11-08 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009-11-17 17:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010-05-28 19:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 [2010-10-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2010-06-08 11:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios [2010-11-14 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-10-05 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2010-11-15 21:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010-02-05 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2009-11-17 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010-10-06 15:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2009-11-17 18:55:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010-11-09 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\BESTplayer [2010-01-29 21:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe Limited [2010-01-29 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe_Limited [2010-11-10 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite [2010-09-05 19:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Gadu-Gadu 10 [2009-12-16 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenFM [2009-11-17 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenOffice.org [2010-01-11 19:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Opera [2010-10-05 20:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\PC Suite [2010-02-26 09:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Trusteer [2009-11-17 18:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\TuneUp Software [2010-04-26 19:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Vodafone [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-11-15 23:11:11 | 000,002,000 | ---- | M] () -- C:\avenger.txt [2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010-11-15 23:14:31 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2002-08-29 01:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|ö°pctlsp.log < End of report >[/log] RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Kamik at 2010-11-15 23:22:43 Microsoft Windows XP Professional Service Pack 3 System drive C: has 72 GB (63%) free of 114 GB Total RAM: 1014 MB (55% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632] "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792] "BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824] "CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432] "MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed" "C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-11-15 23:12:32 ----RSH---- C:\WINDOWS\system32\EXPLORER.EXE 2010-11-15 23:11:11 ----D---- C:\Avenger 2010-11-15 23:11:11 ----A---- C:\avenger.txt 2010-11-15 20:40:48 ----D---- C:\rsit 2010-11-15 19:00:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-11-15 19:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-11-15 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-11-15 19:00:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-11-15 18:40:07 ----D---- C:\_OTL 2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro 2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664 2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys 2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite 2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite 2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite ======List of files/folders modified in the last 1 months====== 2010-11-15 23:15:12 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-15 23:15:02 ----D---- C:\WINDOWS\Temp 2010-11-15 23:13:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-15 23:12:32 ----AD---- C:\WINDOWS\system32 2010-11-15 23:11:11 ----D---- C:\WINDOWS\system32\drivers 2010-11-15 23:11:11 ----D---- C:\WINDOWS 2010-11-15 23:08:17 ----D---- C:\WINDOWS\Prefetch 2010-11-15 22:54:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2010-11-15 22:12:46 ----A---- C:\WINDOWS\winamp.ini 2010-11-15 21:51:22 ----RD---- C:\Program Files 2010-11-15 21:51:22 ----D---- C:\Program Files\Common Files 2010-11-15 21:46:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-11-15 20:17:34 ----SD---- C:\WINDOWS\Tasks 2010-11-15 20:12:20 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc 2010-11-15 18:41:52 ----SHD---- C:\System Volume Information 2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore 2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer 2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com 2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt 2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype 2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM 2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM 2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia 2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer 2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10 2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [] R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952] S3 a6sx930l;a6sx930l; C:\WINDOWS\system32\drivers\a6sx930l.sys [] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936] S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936] S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936] -----------------EOF-----------------[/log]
Tomek01 komentarz 17 listopada 2010 komentarz 17 listopada 2010 Z pewnością możesz narzekać na powolność systemu. Widać tutaj gigantyczny plik HOSTS. Otwórz notatnik, wklep: C:\windows\System32\drivers\etc\Hosts - enter. Usuwasz wszystko poza prawidłowym wpisem 127.0.0.1 localhost. Zapisujesz zmiany. Pamiętaj aby nie skojarzyć go na stałe z Notatnikiem ! To jest jeden z opornych explorerów w nieodpowiednie lokalizacji. OTL uważa go za prawidłowy. Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst : [code]Files to delete: C:\WINDOWS\system32\EXPLORER.EXE [/code] Klikasz execute, komputer uruchamia się ponownie i generuje raport, który pokaż na forum. Do OTL wklej: [code]:Processes Explorer.exe :OTL @Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|ö°pctlsp.log :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "SuperHidden"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Hidden"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ShowSuperHidden"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.
niesia87 komentarz 17 listopada 2010 Autor komentarz 17 listopada 2010 C:\windows\System32\drivers\etc\Hosts - jakim programem to otworzyc?
Tomek01 komentarz 17 listopada 2010 komentarz 17 listopada 2010 [quote name='Tomek01' date='17 listopad 2010 - 19:58' timestamp='1290016816' post='1123725'] [b]Otwórz notatnik[/b], wklep: C:\windows\System32\drivers\etc\Hosts - enter [/quote] Znajdziesz go w Menu start.
niesia87 komentarz 17 listopada 2010 Autor komentarz 17 listopada 2010 robie tak jak napisales, ale po wcisnieciu enter wyskakuje okno "otwórz w". (przepraszam ze bez polskich znakow ale ich nie mam)
Tomek01 komentarz 17 listopada 2010 komentarz 17 listopada 2010 W takim razie dopisz mu rozszerzenie.txt czyli hosts.txt Po modyfikacji, czyli usunięciu tych wpisów musisz usunąć to rozszerzenie.
Sohei komentarz 18 listopada 2010 komentarz 18 listopada 2010 z okna otworz w wybierz notatnik i nim zmodyfikuj plik:) Przed modyfikacja kliknij na plik prawym wlasciwosci i odznacz opacje tylko do odczytu. Po modyfikacji pliku opcja ta ma być zaznaczona ponownie
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.