x-kom hosting

THINK POINT

niesia87
utworzono
utworzono

witam! chcia[color="#FF0000"]ł[/color]am si[color="#FF0000"]ę[/color] dowiedzie[color="#FF0000"]ć[/color] jak usun[color="#FF0000"]ąć[/color] think point'a.

[log]OTL Extras logfile created on: 2010-11-15 18:01:33 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 63,72 Gb Free Space | 57,00% Space Free | Partition Type: NTFS
Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,51% Space Free | Partition Type: FAT

Computer Name: AGA | User Name: Kamik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\games\nfs u\Speed.exe" = C:\games\nfs u\Speed.exe:*:Enabled:Speed -- ()
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe" = C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem -- (Huawei Technologies)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52675D00-AD10-49F7-B129-BEA9FED1C610}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{BEWINTERNET-UK}.UninstallSuite" = Business Everywhere uninstall
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC1ACF58-CD2D-4F36-9195-F13D13962E15}" = PC Connectivity Solution Lite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}" = Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"3 USB Modem" = 3 USB Modem
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CardDetectorZTEMF636" = Card Detector for ZTE MF636
"Chicken Invaders 2_is1" = Chicken Invaders 2 v2.61
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.7
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar
"Gadu-Gadu 10" = Gadu-Gadu 10
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"LManager" = Launch Manager
"Manage Registry ActiveX Control DEMO 2.1_is1" = Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
"PhotoScape" = PhotoScape
"Rapport_msi" = Rapport
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-15 08:13:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 08:13:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 10:01:17 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2010-11-15 13:15:22 | Computer Name = AGA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 2010-11-14 20:35:43 | Computer Name = AGA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.

Error - 2010-11-14 20:35:44 | Computer Name = AGA | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053

Error - 2010-11-15 08:13:13 | Computer Name = AGA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-11-15 08:13:13 | Computer Name = AGA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-11-15 08:13:38 | Computer Name = AGA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.

Error - 2010-11-15 08:13:39 | Computer Name = AGA | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053

Error - 2010-11-15 13:15:38 | Computer Name = AGA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-11-15 13:15:38 | Computer Name = AGA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-11-15 13:15:41 | Computer Name = AGA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Trial Reset service
to connect.

Error - 2010-11-15 13:15:41 | Computer Name = AGA | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%1053


< End of report >
[/log]

[log]OTL logfile created on: 2010-11-15 18:01:33 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 63,72 Gb Free Space | 57,00% Space Free | Partition Type: NTFS
Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,51% Space Free | Partition Type: FAT

Computer Name: AGA | User Name: Kamik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
PRC - [2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe
PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-11-17 16:14:46 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-04-16 10:27:00 | 001,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe
PRC - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE
PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
MOD - [2010-11-15 17:37:33 | 000,081,408 | RHS- | M] () -- C:\Documents and Settings\Kamik\Local Settings\Temp\cvasds0.dll
MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-03-26 11:04:46 | 000,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc)
SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001-08-23 21:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009-08-24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-02-10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec)
DRV - [2009-02-10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook)
DRV - [2009-02-10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage
IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14357 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [wsctf.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe (Mc AUS)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-11-15 18:02:39 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010-11-15 18:02:42 | 000,000,061 | RHS- | M] () - G:\AutoRun.inf -- [ FAT ]
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21dc04c6-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\explore\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\open\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-14 23:55:00 | 000,564,736 | ---- | C] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe
[2010-11-13 18:17:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664
[2010-11-08 22:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2010-11-08 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
[2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy
[2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-11-15 18:09:51 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010-11-15 18:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-15 17:50:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010-11-15 17:44:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010-11-15 17:36:06 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\completescan
[2010-11-15 17:15:47 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010-11-15 17:15:20 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010-11-15 17:15:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-15 15:13:25 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-11-15 12:13:19 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010-11-15 12:13:17 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010-11-15 00:37:02 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\start
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010-11-14 23:56:27 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010-11-14 23:55:51 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kamik\Application Data\install
[2010-11-14 23:55:50 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe
[2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-15 00:14:30 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\start
[2010-11-15 00:11:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\completescan
[2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010-11-14 23:56:26 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010-11-14 23:56:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010-11-14 23:56:21 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010-11-14 23:56:21 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010-11-14 23:56:20 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010-11-14 23:56:19 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010-11-14 23:56:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010-11-14 23:56:17 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010-11-14 23:56:06 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010-11-14 23:55:51 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\install
[2010-11-14 23:55:10 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3
[2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico
[2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-17 16:32:00 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-11-15 18:12:46 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010-04-11 20:29:26 | 000,118,784 | RHS- | M] () -- C:\chxnxyx.exe
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-11-15 17:15:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002-08-29 01:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
[/log]

[log]info.txt logfile of random's system information tool 1.08 2010-11-15 18:26:11

======Uninstall list======

-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3 USB Modem-->C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems HDA Modem-->agrsmdel
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly
Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u
Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Chicken Invaders 2 v2.61-->"C:\Program Files\ChickenInvaders2Polish\unins000.exe"
Codec Pack - All In 1 6.0.2.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Free_Lunch_Design Toolbar-->C:\PROGRA~1\FREE_L~1\UNWISE.EXE /U C:\PROGRA~1\FREE_L~1\INSTALL.LOG
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)-->"C:\Program Files\Eltima Software\Manage Registry ActiveX Control DEMO 2.1\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{52675D00-AD10-49F7-B129-BEA9FED1C610}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
PC Connectivity Solution Lite-->MsiExec.exe /I{CC1ACF58-CD2D-4F36-9195-F13D13962E15}
PC Tools AntiVirus 6.1-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: PC Tools AntiVirus 6.1.0.25

======System event log======

Computer Name: AGA
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 60
Source Name: Disk
Time Written: 20101109020320.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 7000
Message: The Eset Trial Reset service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 8
Source Name: Service Control Manager
Time Written: 20101108223127.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect.

Record Number: 7
Source Name: Service Control Manager
Time Written: 20101108223127.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 5
Source Name: Ftdisk
Time Written: 20101108223040.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 4
Source Name: Ftdisk
Time Written: 20101108223040.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14273
Source Name: Userenv
Time Written: 20101009100601.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14272
Source Name: Userenv
Time Written: 20101009100601.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14271
Source Name: Userenv
Time Written: 20101009100601.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14270
Source Name: Userenv
Time Written: 20101009100601.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 0
Message:
Record Number: 14237
Source Name: TuneUp.UtilitiesSvc
Time Written: 20101009081535.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
[/log]

[log]
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kamik at 2010-11-15 18:54:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 69 GB (60%) free of 114 GB
Total RAM: 1014 MB (53% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Automatic troubleshooting.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre0.dll [2010-09-21 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre0.dll [2010-09-21 2735200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-04-16 1505168]
"BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824]
"CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2006-10-25 36864]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344]
"wsctf.exe"=wsctf.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"cdoosoft"=C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed"
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-15 18:40:07 ----D---- C:\_OTL
2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro
2010-11-15 18:26:06 ----D---- C:\rsit
2010-11-14 23:55:00 ----A---- C:\Documents and Settings\Kamik\Application Data\hotfix.exe
2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664
2010-11-08 22:52:57 ----D---- C:\Documents and Settings\All Users\Application Data\ConeXware
2010-11-08 22:43:09 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite
2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-15 18:54:31 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc
2010-11-15 18:54:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 18:53:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-15 18:53:45 ----D---- C:\WINDOWS\Temp
2010-11-15 18:52:38 ----D---- C:\Program Files\PC Tools AntiVirus
2010-11-15 18:48:00 ----D---- C:\WINDOWS\system32\drivers
2010-11-15 18:46:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 18:41:52 ----SHD---- C:\System Volume Information
2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore
2010-11-15 18:41:31 ----D---- C:\WINDOWS\system32
2010-11-15 18:41:31 ----D---- C:\WINDOWS
2010-11-15 18:41:18 ----D---- C:\WINDOWS\Prefetch
2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer
2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com
2010-11-15 18:38:39 ----SD---- C:\WINDOWS\Tasks
2010-11-15 18:26:07 ----RD---- C:\Program Files
2010-11-15 15:13:25 ----A---- C:\WINDOWS\winamp.ini
2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt
2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype
2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM
2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM
2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia
2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer
2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10
2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-08-24 206256]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 a5qbffcr;a5qbffcr; C:\WINDOWS\system32\drivers\a5qbffcr.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936]
S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-04-16 933720]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\system32\regedt32.exe [2001-08-23 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936]

-----------------EOF-----------------


[/log]



[color="#FF0000"]//Na forum stosujemy polskie znaki i interpunkcję.
//Logi wklejamy w tagi
//Zmieniam
//Tom01[/color]

Tomek01
komentarz
komentarz

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
PRC - [2010-11-14 23:55:00 | 000,564,736 | ---- | M] (Mc AUS) -- C:\Documents and Settings\Kamik\Application Data\hotfix.exe
MOD - [2010-11-15 17:37:33 | 000,081,408 | RHS- | M] () -- C:\Documents and Settings\Kamik\Local Settings\Temp\cvasds0.dll
IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe ()
O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [wsctf.exe] File not found
O32 - AutoRun File - [2010-11-15 18:02:39 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010-11-15 18:02:42 | 000,000,061 | RHS- | M] () - G:\AutoRun.inf -- [ FAT ]
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M]
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\Shell\open\Command - "" = G:\EXPLORER.EXE -- [2006-10-25 07:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not foundO33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\explore\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\Shell\open\Command - "" = C:\WINDOWS\System32\EXPLORER.EXE -- [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation)
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:Files
C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe
C:\Program Files\Free_Lunch_Design
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\Kamik\Application Data\hotfix.exe
C:\Documents and Settings\All Users\Application Data\ConeXware
C:\Program Files\DAEMON Tools Toolbar
C:\autorun.inf
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\Documents and Settings\Kamik\Application Data\completescan
C:\Documents and Settings\Kamik\Application Data\start
C:\Documents and Settings\Kamik\Application Data\install
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At2.job
C:\Documents and Settings\Kamik\Application Data\install
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\System32\Desktop_.ini
C:\chxnxyx.exe
C:\WINDOWS\System32\EXPLORER.EXE






:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}=-
{32099AAC-C132-4136-9E9A-4E364A424E17}=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
"wsctf.exe"=-
"cdoosoft"=-

:Services
.EsetTrialReset

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.

niesia87
komentarz
komentarz (edytowane)

Log z usuwania:

[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
No active process named hotfix.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully.
C:\Program Files\Free_Lunch_Design\tbFre0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found.
File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found.
File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found.
File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found.
File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
C:\Documents and Settings\Kamik\Local Settings\Temp\herss.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
C:\autorun.inf moved successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
G:\AutoRun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670c-c949-11df-b8b2-00197e79db47}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found.
G:\EXPLORER.EXE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found.
File G:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00e0670d-c949-11df-b8b2-00197e79db47}\ not found.
File G:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found.
File G:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found.
File G:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5ae-d09d-11df-b8ca-00197e79db47}\ not found.
File G:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b84c5af-d09d-11df-b8ca-00197e79db47}\ not found.
File E:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dee74ce-c7d3-11df-b8af-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80c7d488-635c-11df-b7e3-00197e79db47}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55792e4-aee7-11df-b867-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55792e4-aee7-11df-b867-00197e79db47}\ not found.
File E:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa1e34ea-5640-11df-b7c0-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9163cf2-de1f-11de-b6e1-00197e79db47}\ not found.
File E:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66fb61e-63f6-11df-b7e4-00197e79db47}\ not found.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
File\Folder C:\DOCUME~1\Kamik\LOCALS~1\Temp\herss.exe not found.
C:\Program Files\Free_Lunch_Design folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Documents and Settings\Kamik\Application Data\hotfix.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver\Skins folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver\Plugins folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ConeXware\PowerArchiver folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ConeXware folder moved successfully.
File\Folder C:\Program Files\DAEMON Tools Toolbar not found.
File\Folder C:\autorun.inf not found.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\WINDOWS\tasks\Automatic troubleshooting.job moved successfully.
C:\Documents and Settings\Kamik\Application Data\completescan moved successfully.
C:\Documents and Settings\Kamik\Application Data\start moved successfully.
C:\Documents and Settings\Kamik\Application Data\install moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
File\Folder C:\Documents and Settings\Kamik\Application Data\install not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\System32\Desktop_.ini moved successfully.
C:\chxnxyx.exe moved successfully.
Item C:\WINDOWS\System32\EXPLORER.EXE is whitelisted and cannot be moved.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found.
========== SERVICES/DRIVERS ==========
Service .EsetTrialReset stopped successfully!
Service .EsetTrialReset deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kamik
->Temp folder emptied: 1193312 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 39124 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_201721

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...[/log]



LOG OTL:

[log]OTL logfile created on: 2010-11-15 20:26:22 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 529,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 69,96 Gb Free Space | 62,58% Space Free | Partition Type: NTFS
Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,89 Gb Total Space | 1,12 Gb Free Space | 59,15% Space Free | Partition Type: FAT

Computer Name: AGA | User Name: Kamik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-15 20:20:54 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
PRC - [2010-10-07 08:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-04-16 10:27:00 | 001,505,168 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe
PRC - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006-10-25 06:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE
PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-03-26 11:04:46 | 000,194,448 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-04-16 10:24:48 | 000,933,720 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc)
SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009-08-24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-02-10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVRec.sys -- (AVRec)
DRV - [2009-02-10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVHook.sys -- (AVHook)
DRV - [2009-02-10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage
IE - HKU\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14357 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [wsctf.exe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKU\S-1-5-21-299502267-1708537768-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PCTAVSvc - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-11-15 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\New Folder (2)
[2010-11-15 19:00:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-15 19:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-11-15 19:00:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-15 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-15 18:55:43 | 007,421,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe
[2010-11-15 18:40:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-11-15 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-11-15 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\rsit
[2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664
[2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
[2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy
[2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-11-15 20:21:51 | 000,035,896 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\log z usuwania
[2010-11-15 20:20:50 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-15 20:19:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-15 19:00:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-15 18:12:12 | 007,421,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe
[2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-15 15:13:25 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-10 10:19:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-15 20:21:50 | 000,035,896 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\log z usuwania
[2010-11-15 19:00:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3
[2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico
[2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-03-30 15:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F2FD
[2010-03-30 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\292AF
[2010-01-29 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010-11-08 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-11-17 17:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-05-28 19:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2010-10-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010-06-08 11:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2010-11-14 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-10-05 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010-11-15 20:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-02-05 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009-11-17 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010-10-06 15:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009-11-17 18:55:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010-03-26 06:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2010-11-09 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\BESTplayer
[2010-01-29 21:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe Limited
[2010-01-29 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe_Limited
[2010-11-10 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
[2010-09-05 19:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Gadu-Gadu 10
[2009-12-16 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenFM
[2009-11-17 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenOffice.org
[2010-01-11 19:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Opera
[2010-10-05 20:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\PC Suite
[2010-02-26 09:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Trusteer
[2009-11-17 18:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\TuneUp Software
[2010-04-26 19:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Vodafone
[2009-11-17 19:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010-04-26 19:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010-02-26 10:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-11-15 20:19:49 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >[/log]





RSIT:

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Kamik at 2010-11-15 20:40:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 72 GB (63%) free of 114 GB
Total RAM: 1014 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-04-16 1505168]
"BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824]
"CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"wsctf.exe"=wsctf.exe []
"EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2006-10-25 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed"
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-15 20:40:48 ----D---- C:\rsit
2010-11-15 19:00:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-15 19:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-11-15 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-15 19:00:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-15 18:40:07 ----D---- C:\_OTL
2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro
2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664
2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite
2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-15 20:39:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-15 20:22:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 20:21:53 ----D---- C:\WINDOWS\Temp
2010-11-15 20:21:01 ----D---- C:\Program Files\PC Tools AntiVirus
2010-11-15 20:20:20 ----D---- C:\WINDOWS\system32\drivers
2010-11-15 20:18:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 20:17:34 ----SD---- C:\WINDOWS\Tasks
2010-11-15 20:17:34 ----RD---- C:\Program Files
2010-11-15 20:17:34 ----D---- C:\WINDOWS\system32
2010-11-15 20:12:20 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc
2010-11-15 18:59:42 ----D---- C:\WINDOWS\Prefetch
2010-11-15 18:41:52 ----SHD---- C:\System Volume Information
2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore
2010-11-15 18:41:31 ----D---- C:\WINDOWS
2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer
2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com
2010-11-15 15:13:25 ----A---- C:\WINDOWS\winamp.ini
2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt
2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype
2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM
2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM
2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia
2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer
2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10
2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-08-24 206256]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 a6c8svd8;a6c8svd8; C:\WINDOWS\system32\drivers\a6c8svd8.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936]
S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-04-16 933720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936]

-----------------EOF-----------------[/log]






[log]info.txt logfile of random's system information tool 1.08 2010-11-15 20:40:53

======Uninstall list======

-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3 USB Modem-->C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems HDA Modem-->agrsmdel
Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly
Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u
Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Chicken Invaders 2 v2.61-->"C:\Program Files\ChickenInvaders2Polish\unins000.exe"
Codec Pack - All In 1 6.0.2.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Free_Lunch_Design Toolbar-->C:\PROGRA~1\FREE_L~1\UNWISE.EXE /U C:\PROGRA~1\FREE_L~1\INSTALL.LOG
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)-->"C:\Program Files\Eltima Software\Manage Registry ActiveX Control DEMO 2.1\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{52675D00-AD10-49F7-B129-BEA9FED1C610}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
PC Connectivity Solution Lite-->MsiExec.exe /I{CC1ACF58-CD2D-4F36-9195-F13D13962E15}
PC Tools AntiVirus 6.1-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: PC Tools AntiVirus 6.1.0.25

======System event log======

Computer Name: AGA
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 60
Source Name: Disk
Time Written: 20101109020320.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 7000
Message: The Eset Trial Reset service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 8
Source Name: Service Control Manager
Time Written: 20101108223127.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Eset Trial Reset service to connect.

Record Number: 7
Source Name: Service Control Manager
Time Written: 20101108223127.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 5
Source Name: Ftdisk
Time Written: 20101108223040.000000+000
Event Type: error
User:

Computer Name: AGA
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 4
Source Name: Ftdisk
Time Written: 20101108223040.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: AGA
Event Code: 0
Message:
Record Number: 14336
Source Name: TuneUp.UtilitiesSvc
Time Written: 20101009135114.000000+060
Event Type:
User:

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14331
Source Name: Userenv
Time Written: 20101009135005.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14330
Source Name: Userenv
Time Written: 20101009135005.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14329
Source Name: Userenv
Time Written: 20101009135005.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AGA
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 14328
Source Name: Userenv
Time Written: 20101009135005.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------[/log]

Tomek01
komentarz
komentarz

1. Do notatnika systemowego wklej taki tekst:
[code]Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"wsctf.exe"=-
"EXPLORER.EXE"=-[/code]



2. Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b]
W polu input script here wklej taki tekst :

[code]Files to delete:
C:\WINDOWS\System32\EXPLORER.EXE
c:\documents and settings\Kamik\Menu Start\Programy\Autostart\wsctf.exe

Folders to delete:
C:\Documents and Settings\All Users\Application Data\1F2FD
C:\Documents and Settings\All Users\Application Data\292AF[/code]



3. W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-1708537768-839522115-1003..\Run: [wsctf.exe] File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKU\S-1-5-21-299502267-1708537768-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found
O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

Files
AUTORUN.INF /alldrives
$RECYCLE.BIN /alldrives
RECYCLER /alldrives

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.

niesia87
komentarz
komentarz

log z usuwania:

[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved.
Registry value HKEY_USERS\S-1-5-21-299502267-1708537768-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Kamik\Application Data\hotfix.exe deleted successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kamik
->Temp folder emptied: 1883960 bytes
->Temporary Internet Files folder emptied: 151405 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_231314

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...[/log]



OTL:

[log]OTL logfile created on: 2010-11-15 23:18:44 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kamik\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 594,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 69,95 Gb Free Space | 62,58% Space Free | Partition Type: NTFS
Drive D: | 620,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 59,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,89 Gb Total Space | 1,13 Gb Free Space | 59,52% Space Free | Partition Type: FAT

Computer Name: AGA | User Name: Kamik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-15 23:15:07 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kamik\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
PRC - [2010-04-01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-11-13 08:51:16 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008-09-25 09:29:21 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-13 18:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006-07-14 12:13:00 | 000,471,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006-06-13 09:57:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2004-12-20 18:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-06-07 17:07:02 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009-11-17 18:59:46 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-11-13 08:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009-11-13 08:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-10-24 18:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008-09-23 07:20:16 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-03-13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2007-03-14 10:12:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-11-08 22:42:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-07 17:07:10 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010-06-07 17:07:10 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009-09-30 07:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-01 14:30:28 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2008-06-26 21:02:10 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008-04-19 10:05:22 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-13 11:20:26 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2008-03-13 11:20:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2008-03-13 11:20:20 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007-12-06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007-08-08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-05-02 11:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007-03-14 10:12:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-07-14 12:13:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2006-06-13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: ([2010-08-07 17:52:56 | 000,415,879 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14357 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258479600593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Kamik\Application Data\hotfix.exe) - C:\Documents and Settings\Kamik\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-17 15:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-03-13 20:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21dc04c2-c67a-11df-b8a9-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c975e08-7fce-11df-b818-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e6-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dd49e7-c722-11df-b8ad-00197e79db47}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a96-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f58a97-516c-11df-b7b9-00197e79db47}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c88e1fa8-ec1e-11de-b6fc-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell - "" = AutoRun
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f241da53-605d-11df-b7dd-00197e79db47}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008-03-13 18:33:06 | 000,323,584 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-11-15 23:11:11 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-11-15 23:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\avenger
[2010-11-15 20:40:48 | 000,000,000 | ---D | C] -- C:\rsit
[2010-11-15 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\New Folder (2)
[2010-11-15 19:00:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-15 19:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-11-15 19:00:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-15 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-15 18:55:43 | 007,421,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe
[2010-11-15 18:40:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-11-15 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-11-15 17:55:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-10 12:23:21 | 000,000,000 | ---D | C] -- C:\dbb8e87bf2e3780b33237664
[2010-11-08 22:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-11-08 22:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
[2010-11-08 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-11-02 08:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\filmy
[2010-11-02 08:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamik\Desktop\muza

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-11-15 23:14:46 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-15 23:14:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-15 23:09:39 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\fix.reg
[2010-11-15 23:02:52 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\avenger.zip
[2010-11-15 22:12:46 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-11-15 19:00:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-15 18:12:12 | 007,421,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kamik\Desktop\mbam-setup-1.50-beta_[www.programosy.pl].exe
[2010-11-15 17:53:44 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-15 17:52:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamik\Desktop\OTL.exe
[2010-11-14 23:08:23 | 003,858,631 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-14 22:51:35 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010-11-13 07:04:55 | 005,224,103 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:43 | 003,684,760 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:08:10 | 006,494,294 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:32 | 003,241,723 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-10 23:04:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-10 23:04:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-10 10:19:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-10 10:19:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-09 00:19:09 | 006,952,585 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:21 | 004,407,411 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:41 | 004,942,817 | ---- | M] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-15 23:09:39 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\fix.reg
[2010-11-15 23:07:45 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\avenger.zip
[2010-11-15 19:00:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-15 17:55:17 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\RSIT.exe
[2010-11-14 23:08:09 | 003,858,631 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Firma - Jeden buch z fajki wodnej odmula... _q .mp3
[2010-11-13 07:04:32 | 005,224,103 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Tede - Opowie-- O Tym Co Tu Sie Dzieje Na Wolno.mp3
[2010-11-13 07:00:28 | 003,684,760 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\TeDe- Fenomen - Dwulicowi ludzie .mp3
[2010-11-13 06:07:58 | 006,494,294 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\WW - Dome -M6 Remix- [www.clubhits.pl].mp3
[2010-11-11 21:15:20 | 003,241,723 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Avicii amp- Sebastien Drums - My Feelings For You.mp3
[2010-11-09 00:19:09 | 006,952,585 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\05 - Fugees - Killing Me Softly With His Son.mp3
[2010-11-09 00:09:05 | 004,407,411 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\Dr.Dre amp- Snoop Dogg- Still Dre .mp3
[2010-11-08 22:43:03 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-11-08 22:42:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-11-07 14:55:16 | 004,942,817 | ---- | C] () -- C:\Documents and Settings\Kamik\Desktop\The Black Eyed Peas - The Time -The Dirty Bit-.mp3
[2010-05-14 00:13:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-03-30 15:35:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Kamik\Application Data\Smiley.ico
[2010-01-29 21:45:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-12-20 18:18:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009-12-07 09:26:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-12-07 09:26:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-07 09:26:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-07 09:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2009-12-07 09:26:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-07 09:26:18 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-07 09:26:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-02 01:23:28 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-11-17 19:49:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kamik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-17 16:11:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-11-17 15:28:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-03-07 15:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008-03-07 12:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2006-06-13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005-02-17 11:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-02-17 11:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-02-17 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-02-17 11:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-02-17 11:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-02-17 11:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2000-10-03 14:28:22 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-01-29 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010-11-08 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-11-17 17:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-05-28 19:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2010-10-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010-06-08 11:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2010-11-14 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-10-05 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010-11-15 21:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-02-05 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009-11-17 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010-10-06 15:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009-11-17 18:55:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010-11-09 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\BESTplayer
[2010-01-29 21:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe Limited
[2010-01-29 21:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Canneverbe_Limited
[2010-11-10 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
[2010-09-05 19:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Gadu-Gadu 10
[2009-12-16 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenFM
[2009-11-17 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\OpenOffice.org
[2010-01-11 19:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Opera
[2010-10-05 20:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\PC Suite
[2010-02-26 09:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Trusteer
[2009-11-17 18:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\TuneUp Software
[2010-04-26 19:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamik\Application Data\Vodafone

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-11-15 23:11:11 | 000,002,000 | ---- | M] () -- C:\avenger.txt
[2010-07-18 17:31:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009-11-17 15:39:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-17 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-11-17 15:58:06 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-11-17 15:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-11-15 23:14:31 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002-08-29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-23 21:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2002-08-29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002-08-29 01:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002-08-29 03:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002-08-29 02:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2002-08-29 03:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|ö°pctlsp.log

< End of report >[/log]


RSIT:

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Kamik at 2010-11-15 23:22:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 72 GB (63%) free of 114 GB
Total RAM: 1014 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-19 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-13 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-07-14 471040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824]
"CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-10-07 12661344]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\games\nfs u\Speed.exe"="C:\games\nfs u\Speed.exe:*:Enabled:Speed"
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-15 23:12:32 ----RSH---- C:\WINDOWS\system32\EXPLORER.EXE
2010-11-15 23:11:11 ----D---- C:\Avenger
2010-11-15 23:11:11 ----A---- C:\avenger.txt
2010-11-15 20:40:48 ----D---- C:\rsit
2010-11-15 19:00:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-15 19:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-11-15 19:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-15 19:00:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-15 18:40:07 ----D---- C:\_OTL
2010-11-15 18:26:07 ----D---- C:\Program Files\trend micro
2010-11-10 12:23:21 ----D---- C:\dbb8e87bf2e3780b33237664
2010-11-08 22:42:58 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-11-08 22:42:42 ----D---- C:\Program Files\DAEMON Tools Lite
2010-11-08 22:42:29 ----D---- C:\Documents and Settings\Kamik\Application Data\DAEMON Tools Lite
2010-11-08 22:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-15 23:15:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 23:15:02 ----D---- C:\WINDOWS\Temp
2010-11-15 23:13:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 23:12:32 ----AD---- C:\WINDOWS\system32
2010-11-15 23:11:11 ----D---- C:\WINDOWS\system32\drivers
2010-11-15 23:11:11 ----D---- C:\WINDOWS
2010-11-15 23:08:17 ----D---- C:\WINDOWS\Prefetch
2010-11-15 22:54:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-11-15 22:12:46 ----A---- C:\WINDOWS\winamp.ini
2010-11-15 21:51:22 ----RD---- C:\Program Files
2010-11-15 21:51:22 ----D---- C:\Program Files\Common Files
2010-11-15 21:46:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-15 20:17:34 ----SD---- C:\WINDOWS\Tasks
2010-11-15 20:12:20 ----D---- C:\Documents and Settings\Kamik\Application Data\vlc
2010-11-15 18:41:52 ----SHD---- C:\System Volume Information
2010-11-15 18:41:52 ----D---- C:\WINDOWS\system32\Restore
2010-11-15 18:38:42 ----SHD---- C:\WINDOWS\Installer
2010-11-15 18:38:40 ----D---- C:\Program Files\Ask.com
2010-11-15 00:18:39 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt
2010-11-14 23:23:46 ----D---- C:\Documents and Settings\Kamik\Application Data\Skype
2010-11-14 22:52:20 ----D---- C:\Documents and Settings\Kamik\Application Data\skypePM
2010-11-14 16:20:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-14 08:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM
2010-11-13 18:23:09 ----D---- C:\Program Files\Nokia
2010-11-13 18:22:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-11 03:00:35 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 23:04:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-09 22:50:06 ----D---- C:\Documents and Settings\Kamik\Application Data\BESTplayer
2010-10-31 11:22:11 ----D---- C:\Program Files\Gadu-Gadu 10
2010-10-30 17:04:39 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-10-16 09:56:29 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-14 1161888]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 a6sx930l;a6sx930l; C:\WINDOWS\system32\drivers\a6sx930l.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2008-03-13 138112]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2008-03-13 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2008-03-13 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2008-03-13 12288]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936]
S3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-03-14 9216]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-17 435016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936]

-----------------EOF-----------------[/log]

Tomek01
komentarz
komentarz

Z pewnością możesz narzekać na powolność systemu. Widać tutaj gigantyczny plik HOSTS.

Otwórz notatnik, wklep: C:\windows\System32\drivers\etc\Hosts - enter.
Usuwasz wszystko poza prawidłowym wpisem 127.0.0.1 localhost. Zapisujesz zmiany.
Pamiętaj aby nie skojarzyć go na stałe z Notatnikiem !



To jest jeden z opornych explorerów w nieodpowiednie lokalizacji.
OTL uważa go za prawidłowy.
Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b]
W polu input script here wklej taki tekst :

[code]Files to delete:
C:\WINDOWS\system32\EXPLORER.EXE
[/code]
Klikasz execute, komputer uruchamia się ponownie i generuje raport, który pokaż na forum.




Do OTL wklej:

[code]:Processes
Explorer.exe

:OTL
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\system32:,|ö°pctlsp.log

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.



Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.

niesia87
komentarz
komentarz

C:\windows\System32\drivers\etc\Hosts - jakim programem to otworzyc?

Tomek01
komentarz
komentarz

[quote name='Tomek01' date='17 listopad 2010 - 19:58' timestamp='1290016816' post='1123725']
[b]Otwórz notatnik[/b], wklep: C:\windows\System32\drivers\etc\Hosts - enter
[/quote]

Znajdziesz go w Menu start.

niesia87
komentarz
komentarz

robie tak jak napisales, ale po wcisnieciu enter wyskakuje okno "otwórz w". (przepraszam ze bez polskich znakow ale ich nie mam)

Tomek01
komentarz
komentarz

W takim razie dopisz mu rozszerzenie.txt czyli hosts.txt
Po modyfikacji, czyli usunięciu tych wpisów musisz usunąć to rozszerzenie.

Sohei
komentarz
komentarz

z okna otworz w wybierz notatnik i nim zmodyfikuj plik:)
Przed modyfikacja kliknij na plik prawym wlasciwosci i odznacz opacje tylko do odczytu. Po modyfikacji pliku opcja ta ma być zaznaczona ponownie

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.