x-kom hosting

Problem z XP

maciej2123
utworzono
utworzono (edytowane)

Witam, mam problem z windowsem xp, prawdopodobnie załapałem wirusa i nie wiem jak się go jak najbardziej bezboleśnie pozbyć. Nie mogę włączyć zapory windows, cały czas wyskakuje mi że jest wyłączona i nie moge tego zmienić, nie moge też przeskanować komputera bo nie idzie włączyć avasta, a skanowanie przez neta niczego nie znalazło. Komputer się co chwile zawiesza. Co mam robić ? Musze sformatować kompa czy pójdzie to załatwić w łagodniejszy sposób ?
[color="#ff0000"]
//przenoszę do Bezpieczeństwa
//dan[/color]

hannx91
komentarz
komentarz

użyj combofix i napisz czy coś się zmieniło ;]
możesz dodać jeszcze log z combofix'a, może się przydać

[color="#FF0000"]//Jeszcze jedna taka porada i będzie ban.
//Tom01[/color]

Tomek01
komentarz
komentarz

Nie uruchamiaj Combofix'a.
Wrzuć zestaw logów OTL i RSIT. Wstaw je w odpowiednim formacie. Info w moim podpisie. :)

  • Dobra wypowiedź 1
maciej2123
komentarz
komentarz (edytowane)

OTL.TXT

[log]

OTL logfile created on: 2010-11-16 21:35:17 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Maciej\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125,00 Gb Total Space | 1,35 Gb Free Space | 1,08% Space Free | Partition Type: NTFS
Drive D: | 125,00 Gb Total Space | 61,70 Gb Free Space | 49,36% Space Free | Partition Type: NTFS
Drive E: | 125,00 Gb Total Space | 93,00 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive M: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MACIEJ-PC | User Name: Maciej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-11-16 21:27:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maciej\Downloads\OTL.exe
PRC - [2010-11-06 15:18:04 | 001,754,624 | ---- | M] (K2T.eu, Kaworu) -- C:\Program Files\K2T\WTW\wtw.exe
PRC - [2010-11-01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-09-13 20:20:27 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-06-28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-03-30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010-03-30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010-01-08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009-12-11 14:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-08-18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009-07-30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009-07-14 02:14:50 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009-07-14 02:14:50 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2006-12-23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-12-23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006-12-23 16:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2006-12-14 16:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-11-16 21:27:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maciej\Downloads\OTL.exe
MOD - [2010-09-14 15:26:38 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-03-24 07:37:04 | 001,286,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-06-07 21:28:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-03-30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-25 08:51:03 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-02-03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-08-18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009-07-24 07:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009-07-14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009-07-14 00:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004-08-13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002-09-16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.24.201:3128

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-09 22:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-09 22:12:42 | 000,000,000 | ---D | M]

[2010-05-08 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Extensions
[2010-11-16 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions
[2010-08-25 09:02:37 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010-09-29 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\vshare@toolbar
[2010-01-20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\conduit.xml
[2010-09-29 18:04:52 | 000,001,583 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\web-search.xml
[2010-05-08 20:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-11-09 22:12:40 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-11-09 22:12:40 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-11-09 22:12:40 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-11-09 22:12:40 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-11-09 22:12:40 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-11-09 22:12:40 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-05-04 19:18:17 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SpotmauSecretary] C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe (spotmau)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [AlcoholAutomount] D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [EA Core] D:\Programy\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-08-24 21:51:50 | 000,003,664 | ---- | M] () - D:\Autor WidmonapisyPL [AVI ReComp].log -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2007-06-12 03:27:33 | 000,000,140 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell - "" = AutoRun
O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell\AutoRun\command - "" = M:\Setup\rsrc\AUTORUN.EXE -- [2007-03-23 00:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell\dinstall\command - "" = M:\DirectX\DXSETUP.exe -- [2007-06-01 04:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-11-15 16:36:53 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\XnView
[2010-11-09 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Desktop\adam
[2010-11-08 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\GoD
[2010-10-24 09:16:36 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Media Player Classic
[2010-10-24 09:04:51 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Real
[2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\Real
[2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010-10-16 18:22:31 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\CrystalSpace
[2010-10-14 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\.wtw
[2010-10-14 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\K2T
[2010-10-01 20:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010-10-01 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\FIFA 11

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-11-16 21:06:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job
[2010-11-16 20:44:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-11-16 20:27:02 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Maciej.job
[2010-11-16 19:25:57 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-11-16 19:25:57 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-11-16 16:38:48 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-16 16:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-16 16:38:12 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-16 16:06:01 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job
[2010-11-15 16:30:49 | 000,033,280 | ---- | M] () -- C:\Users\Maciej\Documents\Pożary lasów w Rosji.doc
[2010-11-14 18:52:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-11-14 13:27:20 | 001,297,977 | ---- | M] () -- C:\Users\Maciej\Desktop\2010-11-14.rar
[2010-11-13 21:30:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-11-13 21:30:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-11-08 15:35:07 | 000,002,364 | ---- | M] () -- C:\Users\Maciej\Desktop\Google Chrome.lnk
[2010-11-07 21:09:58 | 000,030,720 | ---- | M] () -- C:\Users\Maciej\Desktop\Wycieczkaankieta.doc
[2010-11-01 12:18:22 | 001,721,267 | ---- | M] () -- C:\Users\Maciej\Desktop\2010-11-01.rar
[2010-10-24 20:11:57 | 000,019,968 | ---- | M] () -- C:\Users\Maciej\Desktop\Zapomoga.doc
[2010-10-16 18:25:06 | 000,055,968 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\BigfootCompetitionPL.cfg
[2010-10-16 17:41:09 | 000,075,776 | ---- | M] () -- C:\Users\Maciej\Desktop\notatka.ppt
[2010-10-14 17:56:52 | 000,001,877 | ---- | M] () -- C:\Users\Maciej\Application Data\Microsoft\Internet Explorer\Quick Launch\WTW.lnk
[2010-10-12 18:25:16 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Gimnazjum klasa 2 - Śladami przeszłości.lnk
[2010-10-09 15:12:20 | 000,362,247 | ---- | M] () -- C:\Users\Maciej\Desktop\chelsea background.jpg
[2010-10-02 19:57:41 | 000,000,136 | ---- | M] () -- C:\Users\Maciej\Desktop\FIFA 11 - Shortcut.lnk
[2010-09-21 20:26:37 | 000,000,706 | ---- | M] () -- C:\Users\Maciej\Desktop\SGP Baltie 3.lnk
[2010-09-21 19:57:44 | 000,024,064 | ---- | M] () -- C:\Users\Maciej\Desktop\Nalewka z aronii.doc
[2010-09-20 20:22:02 | 000,126,976 | ---- | M] () -- C:\Users\Maciej\Desktop\Hi.doc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-14 18:52:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-11-14 13:27:19 | 001,297,977 | ---- | C] () -- C:\Users\Maciej\Desktop\2010-11-14.rar
[2010-11-08 21:12:25 | 000,033,280 | ---- | C] () -- C:\Users\Maciej\Documents\Pożary lasów w Rosji.doc
[2010-11-07 21:09:56 | 000,030,720 | ---- | C] () -- C:\Users\Maciej\Desktop\Wycieczkaankieta.doc
[2010-11-01 12:18:21 | 001,721,267 | ---- | C] () -- C:\Users\Maciej\Desktop\2010-11-01.rar
[2010-10-24 20:03:20 | 000,019,968 | ---- | C] () -- C:\Users\Maciej\Desktop\Zapomoga.doc
[2010-10-16 18:22:57 | 000,055,968 | ---- | C] () -- C:\Users\Maciej\AppData\Roaming\BigfootCompetitionPL.cfg
[2010-10-16 17:38:52 | 000,075,776 | ---- | C] () -- C:\Users\Maciej\Desktop\notatka.ppt
[2010-10-14 17:56:52 | 000,001,877 | ---- | C] () -- C:\Users\Maciej\Application Data\Microsoft\Internet Explorer\Quick Launch\WTW.lnk
[2010-10-12 18:25:26 | 000,755,588 | ---- | C] () -- C:\Users\Maciej\.fx1666.log
[2010-10-12 18:25:16 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Gimnazjum klasa 2 - Śladami przeszłości.lnk
[2010-10-09 15:12:20 | 000,362,247 | ---- | C] () -- C:\Users\Maciej\Desktop\chelsea background.jpg
[2010-10-02 19:57:41 | 000,000,136 | ---- | C] () -- C:\Users\Maciej\Desktop\FIFA 11 - Shortcut.lnk
[2010-09-21 20:26:37 | 000,000,706 | ---- | C] () -- C:\Users\Maciej\Desktop\SGP Baltie 3.lnk
[2010-09-21 19:57:43 | 000,024,064 | ---- | C] () -- C:\Users\Maciej\Desktop\Nalewka z aronii.doc
[2010-09-20 18:22:42 | 000,126,976 | ---- | C] () -- C:\Users\Maciej\Desktop\Hi.doc
[2010-09-12 20:53:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-09-12 20:53:59 | 000,022,328 | ---- | C] () -- C:\Users\Maciej\AppData\Roaming\PnkBstrK.sys
[2010-09-12 20:53:21 | 000,000,308 | ---- | C] () -- C:\Windows\game.ini
[2010-07-01 12:57:52 | 002,771,968 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_custom.dll
[2010-07-01 12:57:52 | 001,163,776 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_custom.dll
[2010-07-01 12:57:52 | 000,681,472 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_custom.dll
[2010-07-01 12:57:52 | 000,470,528 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_custom.dll
[2010-07-01 12:57:52 | 000,119,808 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_custom.dll
[2010-07-01 12:57:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_custom.dll
[2010-05-07 19:53:08 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010-05-07 17:57:50 | 000,000,017 | ---- | C] () -- C:\Users\Maciej\AppData\Local\resmon.resmoncfg
[2010-05-05 17:46:49 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-05-04 20:47:07 | 000,003,584 | ---- | C] () -- C:\Users\Maciej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-04 12:37:19 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-05-04 12:15:31 | 000,000,303 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-07 15:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-06-07 15:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-01-28 19:50:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007-01-26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007-01-26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2004-08-13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2010-10-14 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\.wtw
[2010-06-06 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\AnvSoft
[2010-05-07 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Audacity
[2010-08-25 15:13:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\AVI ReComp
[2010-10-16 18:22:31 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\CrystalSpace
[2010-05-04 11:54:18 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\EurekaLog
[2010-05-04 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FLV Extract
[2010-05-07 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FreeAudioPack
[2010-05-27 17:50:39 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FreeCDRipper
[2010-05-22 22:27:29 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\geany
[2010-05-22 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\gtk-2.0
[2010-05-04 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\kikin
[2010-05-08 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Leadertech
[2010-08-26 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Miranda
[2010-05-15 10:08:49 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\ScreeNet iSaver
[2010-07-25 19:30:10 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Sports Interactive
[2010-07-01 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\WinCare2009
[2010-11-15 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\XnView
[2010-10-28 12:12:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-05-04 20:45:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-09-12 10:15:23 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-09-12 11:03:01 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010-09-12 11:03:01 | 000,220,049 | RHS- | M] () -- C:\grldr
[2010-11-16 16:38:12 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-12 11:03:01 | 000,000,103 | ---- | M] () -- C:\menu.lst
[2010-07-01 12:59:41 | 000,000,046 | ---- | M] () -- C:\os.txt
[2010-05-04 11:11:14 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010-09-12 11:03:01 | 000,571,792 | RHS- | M] () -- C:\wow7.img
[2010-09-12 10:59:03 | 000,171,136 | RHS- | M] () -- C:\xeldr


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:agp440.sys
[2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:agp440.sys
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:agp440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:atapi.sys
[2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:atapi.sys
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:cdrom.sys
[2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:cdrom.sys
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:15F0C917

< End of report >
[/log]

log.txt

[log]


Logfile of random's system information tool 1.08 (written by random/random)
Run by Maciej at 2010-11-16 21:41:23
Microsoft Windows 7 Ultimate
System drive C: has 1 GB (1%) free of 128 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:41:29, on 2010-11-16
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\K2T\WTW\wtw.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maciej\Downloads\RSIT.exe
C:\Program Files\trend micro\Maciej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 174.142.24.201:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SpotmauSecretary] C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Maciej\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [EA Core] "D:\Programy\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7422 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job
C:\Windows\tasks\Norton Security Scan for Maciej.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-08-16 799472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-06 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-06 2515552]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2010-01-08 974848]
"SpotmauSecretary"=C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe [2009-09-17 607744]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Maciej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"AlcoholAutomount"=D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120]
"EA Core"=D:\Programy\Electronic Arts\EADM\Core.exe -silent []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-16 21:41:23 ----D---- C:\rsit
2010-11-16 21:41:23 ----D---- C:\Program Files\trend micro
2010-11-15 16:36:53 ----D---- C:\Users\Maciej\AppData\Roaming\XnView
2010-10-24 09:16:36 ----D---- C:\Users\Maciej\AppData\Roaming\Media Player Classic
2010-10-24 09:04:51 ----A---- C:\Windows\system32\rmoc3260.dll
2010-10-24 09:04:51 ----A---- C:\Windows\system32\pndx5032.dll
2010-10-24 09:04:51 ----A---- C:\Windows\system32\pndx5016.dll
2010-10-24 09:04:51 ----A---- C:\Windows\system32\pncrt.dll
2010-10-24 09:04:50 ----D---- C:\Users\Maciej\AppData\Roaming\Real
2010-10-24 09:04:50 ----D---- C:\ProgramData\Real
2010-10-24 09:04:50 ----D---- C:\Program Files\Real Alternative

======List of files/folders modified in the last 1 months======

2010-11-16 21:41:24 ----D---- C:\Windows\Temp
2010-11-16 21:41:23 ----RD---- C:\Program Files
2010-11-16 19:25:57 ----D---- C:\Windows\System32
2010-11-16 19:25:57 ----D---- C:\Windows\inf
2010-11-16 19:25:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-16 16:24:01 ----D---- C:\Windows\system32\config
2010-11-15 19:08:28 ----D---- C:\Program Files\kikin
2010-11-14 21:35:14 ----D---- C:\Windows\Prefetch
2010-11-14 18:52:16 ----D---- C:\Windows\system32\drivers
2010-11-14 18:52:08 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-09 22:12:42 ----D---- C:\Program Files\Mozilla Firefox
2010-10-29 19:05:57 ----D---- C:\Windows\system32\catroot2
2010-10-24 09:04:50 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-25 697328]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 a4ki79mt;a4ki79mt; C:\Windows\system32\drivers\a4ki79mt.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-09-13 66872]
R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]

-----------------EOF-----------------


[/log]

info.txt

[log]

info.txt logfile of random's system information tool 1.08 2010-11-16 21:41:31

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Any Video Converter 3.0.5-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.6-->"D:\Programy\Audacity\unins000.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AVI ReComp 1.5.1-->C:\Program Files\AVI ReComp\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bigfoot Competition - Polish Classics 1.0-->"D:\Gry\Bigfoot Competition Polish Classics\unins000.exe"
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0415
Catalyst Control Center - Branding-->MsiExec.exe /I{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}
CDex - Open Source Digital Audio CD Extractor-->D:\Programy\CDex\uninstall.exe
Cenzurka 7.4-->"C:\Program Files\Educat\Cenzurka 7.4\unins000.exe"
Creation Master 10 Release 10.3-->"C:\Program Files\Fifa Master\Creation Master 10\unins000.exe"
Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91}
Ekspert CD-->C:\Windows\unins000.exe
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
Football Manager 2010-->"D:\Gry\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Deinstaluj Football Manager 2010.exe"
Football Superstars-->"D:\Gry\Fottball\Football Superstars\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.9-->"D:\Programy\Free Audio Pack\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Gimnazjum klasa 2 - Puls życia-->C:\Windows\IsUn0415.exe -f"d:\programy puls życie\Uninst.isu" -c"d:\programy puls życie\UninstallProject.dll"
Gimnazjum klasa 2 - Śladami przeszłości-->C:\Windows\IsUn0415.exe -fd:\historia\Uninst.isu -cd:\historia\UninstallProject.dll
Google Earth Plug-in-->MsiExec.exe /X{171E6C1E-B5FC-11DF-B115-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hiszpański - Mówisz i rozumiesz-->"C:\Program Files\Edgard\Hiszpanski Mowisz i rozumiesz\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JDownloader-->D:\Programy\JDownloader\uninstall.exe
kikin plugin (JDownloader Edition) 2.1-->C:\Program Files\kikin\uninst.exe
Komunikator WTW-->C:\Program Files\K2T\WTW\wtw-uninst.exe
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Miranda IM 0.9.1-->C:\Program Files\Miranda IM\Uninstall.exe
Mozilla Firefox (3.6.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need For Russia 3-->"D:\Gry\Need For Russia 3\unins000.exe"
Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641045}
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
Partition Genius 4.1.0.1394-->"C:\Program Files\Spotmau 2009\Partition Genius\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prawo Jazdy 2010 1.1-->"D:\Programy\Prawo Jazdy 2010\unins000.exe"
Prawo Jazdy ABCDT - egzamin wewnętrzny -->"D:\Programy\Grupa IMAGE\Prawo Jazdy ABCDT - egzamin wewnetrzny\unins000.exe"
Pro Evolution Soccer 2010 DEMO-->MsiExec.exe /X{1F126EDC-DA29-4D5B-80DF-735252475FEE}
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Search Settings v1.2.3-->MsiExec.exe /X{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
SGP Baltie 3-->"D:\Programy\SGP Systems\unins000.exe"
SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe
Spycheck AntiSpyware-->MsiExec.exe /I{691D8246-53FF-46F9-867B-C6D323F3CB6C}
Sterownik wideo firmy Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.1.0-->D:\Programy\VideoLAN\VLC\uninstall.exe
VobSub 2.23-->C:\Program Files\Gabest\VobSub\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xvid 1.2.2-->C:\Program Files\Xvid\unins000.exe

======Hosts File======

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

======System event log======

Computer Name: Maciej-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 765
Source Name: atikmdag
Time Written: 20100504103220.328125-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 43029
Message: Display is not active
Record Number: 660
Source Name: atikmdag
Time Written: 20100504102123.765625-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 659
Source Name: atikmdag
Time Written: 20100504102123.765625-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 43029
Message: Display is not active
Record Number: 605
Source Name: atikmdag
Time Written: 20100504101729.035156-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 604
Source Name: atikmdag
Time Written: 20100504101729.035156-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Maciej-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 171
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100504101136.000000-000
Event Type: Warning
User:

Computer Name: Maciej-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 164
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100504101035.000000-000
Event Type: Warning
User:

Computer Name: Maciej-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=QKWWM
ACID=?
Detailed Error[?]

Record Number: 159
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100504100857.000000-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=FKG2C
ACID=?
Detailed Error[?]

Record Number: 153
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100504100436.000000-000
Event Type: Error
User:

Computer Name: Maciej-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=2TCGW
ACID=?
Detailed Error[?]

Record Number: 150
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100504100251.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100504094616.937500-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100504094616.937500-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x235c4
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100504094616.703125-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100504094615.703125-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100504094615.671875-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[/log]

Tomek01
komentarz
komentarz

Odinstaluj: Dealio Toolbar, free-downloads.net Toolbar.


W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
PRC - [2010-01-08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1098640
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="[2010-09-29 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\vshare@toolbar
[2010-01-20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\conduit.xml
[2010-09-29 18:04:52 | 000,001,583 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\web-search.xml
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:15F0C917

:Files
C:\Program Files\Search Settings
C:\Program Files\K2T\WTW\wtw.exe
C:\Users\Maciej\AppData\Roaming\EurekaLog
C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job
C:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Search Settings

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949}=-
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

:Services
Application Updater
SearchSettings

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć [b]log z usuwania[/b] oraz nowe logi: [b]OTL[/b] i [b]RSIT[/b].

Wykonaj pełny skan
[url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.

  • Dobra wypowiedź 1
maciej2123
komentarz
komentarz

sorry pomyliłem się, dałem wam skany "zdrowego" kompa :) na tym właściwym mam problem bo nie idzie go zeskanować ani OTL ani RSIT. Przy OTL wyskakuje błąd

"Access violation at address 773E6FES in module "comctl32.dll". Write of adress 0000073A "

a przy próbie instalacji RSIT zawiesza się Explorer ( Wystąpił problem z aplikacją EXPLORER.EXE i zostanie ona wyłączona itd. )

Sohei
komentarz
komentarz

postaraj się je wykonać z poziomu systemu awaryjnego:)

  • Dobra wypowiedź 1
maciej2123
komentarz
komentarz (edytowane)

ok zaraz to zrobię :) a w międzyczasie przeskanowałem kompa mkswirem i znalazło mi trojana Psw.SBoy.a w pliku C:\Windows\system32\EXPLOREREXE(1).VIR

OTL.txt

[log]
OTL logfile created on: 2010-11-21 12:42:00 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 59,31 Gb Free Space | 79,55% Space Free | Partition Type: NTFS

Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-11-03 21:21:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-11-03 21:21:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009-06-10 00:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-06-10 00:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-06-10 00:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2009-06-10 00:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 09:43:34 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-27 07:29:09 | 008,492,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-07-16 13:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-06-25 09:42:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-06-10 00:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-06-10 00:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2009-06-10 00:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2009-06-10 00:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-06-10 00:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-06-10 00:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-06-10 00:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-06-10 00:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2009-06-10 00:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-10 00:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-06-10 00:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-06-10 00:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-06-10 00:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-06-10 00:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-06-10 00:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-06-10 00:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2009-06-10 00:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2009-06-10 00:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2009-06-10 00:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2009-06-10 00:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2009-06-10 00:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2009-06-10 00:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-10-27 10:16:00 | 000,088,960 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-09-24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-08-17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002-12-27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-03 21:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-18 19:39:21 | 000,000,000 | ---D | M]

[2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5f55aqjj.default\extensions
[2010-08-04 11:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-19 21:21:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-19 21:21:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-19 21:21:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-19 21:21:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-19 21:21:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-19 21:21:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 00:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-527237240-861567501-1606980848-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [wsctf.exe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\AutoRun\command - "" = i9bwjpqc.exe
O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\open\Command - "" = i9bwjpqc.exe
O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\AutoRun\command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] ()
O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\open\Command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] ()
O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\AutoRun\command - "" = K:\i00dvoym.exe -- File not found
O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\open\Command - "" = K:\i00dvoym.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-11-21 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\skany
[2010-11-21 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-11-21 12:35:56 | 000,000,000 | ---D | C] -- C:\rsit
[2010-11-21 12:35:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-11-21 12:28:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-11-21 11:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-11-20 21:16:16 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-11-20 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-11-18 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zabawa Ruchocice 2010
[2010-11-18 22:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\SZklarska 2010
[2010-11-18 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Konkurs fiz 2010
[2010-11-18 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-11-18 19:38:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-14 20:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help
[2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Help
[2010-11-03 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Educat
[2010-10-27 10:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-10-27 10:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010-10-27 10:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\VIA Technologies, INC
[2010-10-27 10:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-10-22 18:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp
[2010-10-20 20:57:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010-10-20 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\konkurs fizyczny 2010
[2010-10-19 17:36:55 | 000,000,000 | ---D | C] -- C:\Aplikacja ANT
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-11-21 12:39:25 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-11-21 12:33:52 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc
[2010-11-21 12:28:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-21 12:27:05 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-11-21 12:27:03 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-11-21 12:23:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () -- C:\autorun.inf
[2010-11-21 12:00:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-11-21 10:39:27 | 000,115,712 | RHS- | M] () -- C:\WINDOWS\System32\mgking0.dll
[2010-11-20 20:00:01 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-20 17:22:06 | 000,115,712 | RHS- | M] () -- C:\WINDOWS\System32\mgking1.dll
[2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\WINDOWS\System32\mgking.exe
[2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\i00dvoym.exe
[2010-11-19 18:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-18 22:33:39 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2010-11-18 19:39:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-11-17 08:08:58 | 000,177,664 | RHS- | M] () -- C:\et3ypes.exe
[2010-11-15 18:53:53 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010-11-15 18:53:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-11-14 20:26:46 | 000,017,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-11-03 22:10:41 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk
[2010-11-03 19:11:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-11-02 18:26:31 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-11-02 18:26:31 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-02 18:26:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-02 18:26:31 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-02 18:26:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-10-27 10:41:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010-10-27 10:13:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk
[2010-10-25 18:24:42 | 001,136,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc
[2010-10-21 21:00:29 | 000,325,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc
[2010-10-19 17:36:57 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk
[2010-10-17 17:45:52 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-13 21:04:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-13 20:53:47 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-13 20:52:27 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-21 12:33:52 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc
[2010-11-20 17:08:14 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\mgking0.dll
[2010-11-20 09:44:43 | 000,178,688 | RHS- | C] () -- C:\i00dvoym.exe
[2010-11-20 09:44:17 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\mgking1.dll
[2010-11-20 09:44:03 | 000,177,664 | RHS- | C] () -- C:\et3ypes.exe
[2010-11-20 09:43:37 | 000,178,688 | RHS- | C] () -- C:\WINDOWS\System32\mgking.exe
[2010-11-18 22:31:00 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2010-11-18 19:38:55 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-11-04 18:39:45 | 000,000,063 | RHS- | C] () -- C:\autorun.inf
[2010-11-03 22:10:41 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk
[2010-11-03 19:11:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-10-27 10:41:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010-10-27 10:32:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-10-27 10:32:06 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010-10-27 10:32:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-10-27 10:16:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010-10-27 10:13:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk
[2010-10-25 18:24:41 | 001,136,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc
[2010-10-21 20:59:43 | 000,325,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc
[2010-10-19 17:36:56 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk
[2010-10-06 20:32:00 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc
[2010-09-02 16:25:42 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-02 15:06:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\mistrz.ini
[2010-09-01 15:00:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-08-05 13:51:33 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-08-02 20:32:55 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-02 20:32:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-02 20:32:16 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2010-08-02 19:20:15 | 003,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-02 19:15:03 | 000,017,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-08-02 18:51:28 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini
[2010-08-02 18:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-08-02 18:42:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-08-02 18:42:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-08-02 18:39:24 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-08-02 18:39:23 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-06-10 00:45:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2009-06-10 00:45:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2009-06-10 00:45:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2009-06-10 00:45:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2009-06-10 00:45:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2009-06-10 00:45:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2009-06-10 00:45:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2009-06-10 00:45:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2009-06-10 00:45:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2009-06-10 00:45:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2009-06-10 00:45:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2009-06-10 00:45:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2009-06-10 00:45:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2009-06-10 00:45:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2009-06-10 00:45:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2009-06-10 00:45:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2009-06-10 00:45:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2009-06-10 00:45:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2009-06-10 00:45:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2009-06-10 00:45:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2009-06-10 00:45:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2009-06-10 00:45:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2009-06-10 00:45:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2009-06-10 00:45:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2009-06-10 00:45:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2009-06-10 00:45:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2009-06-10 00:45:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2009-06-10 00:45:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2009-06-10 00:45:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2009-06-10 00:45:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2009-06-10 00:45:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2009-06-10 00:45:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2009-06-10 00:45:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2009-06-10 00:45:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2009-06-10 00:45:00 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2009-06-10 00:45:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2009-06-10 00:45:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2010-08-02 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-09-09 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () -- C:\autorun.inf
[2010-08-02 18:37:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009-06-10 00:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-11-17 08:08:58 | 000,177,664 | RHS- | M] () -- C:\et3ypes.exe
[2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\i00dvoym.exe
[2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-11-21 12:14:09 | 000,166,482 | ---- | M] () -- C:\mksbasel.cpp.log
[2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-06-10 00:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-06-10 00:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-11-21 12:27:56 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009-06-10 00:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >
[/log]

Extras.txt

[log]

OTL Extras logfile created on: 2010-11-21 12:42:00 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 59,31 Gb Free Space | 79,55% Space Free | Partition Type: NTFS

Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{B28B351F-1232-46EA-85EF-B8EA91641045}" = Nero 7 Essentials
"{D928C220-0A77-11D4-A090-0050049D1C2E}" = TI'99-U
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Cenzurka 7.4_is1" = Cenzurka 7.4
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Moja Droga Do Szkoły" = Moja Droga Do Szkoły
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"SkanerOnline" = Skaner on-line mks_vir
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-15 15:43:20 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-15 15:43:26 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-15 15:43:33 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-15 15:47:35 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-19 14:24:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:34:10 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:34:27 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:34:40 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:34:51 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:37:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-11-21 07:21:50 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7034
Description = Usługa avast! Antivirus niespodziewanie zakończyła pracę. Wystąpiło
to razy: 22.

Error - 2010-11-21 07:25:06 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%31

Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu: %%31

Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd
Rdbss
Tcpip

Error - 2010-11-21 07:27:04 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-21 07:28:28 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-21 07:29:52 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot


< End of report >

[/log]

log.txt

[log]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-21 12:35:56
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 767 MB (70% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-06-10 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-02 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"king_mg"=C:\WINDOWS\system32\mgking.exe [2010-11-20 178688]
"wsctf.exe"=wsctf.exe []
"EXPLORER.EXE"=C:\WINDOWS\EXPLORER.EXE [2009-06-10 1035264]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-10 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-21 12:35:57 ----D---- C:\Program Files\trend micro
2010-11-21 12:35:56 ----D---- C:\rsit
2010-11-21 12:35:21 ----D---- C:\_OTL
2010-11-21 12:28:05 ----D---- C:\WINDOWS\CSC
2010-11-21 12:24:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-21 11:01:55 ----D---- C:\WINDOWS\LastGood
2010-11-20 21:16:16 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys
2010-11-20 21:15:03 ----D---- C:\Program Files\Panda Security
2010-11-20 17:08:14 ----RSH---- C:\WINDOWS\system32\mgking0.dll
2010-11-20 09:44:43 ----RSH---- C:\i00dvoym.exe
2010-11-20 09:44:17 ----RSH---- C:\WINDOWS\system32\mgking1.dll
2010-11-20 09:44:03 ----RSH---- C:\et3ypes.exe
2010-11-20 09:43:37 ----RSH---- C:\WINDOWS\system32\mgking.exe
2010-11-20 09:43:37 ----ASH---- C:\WINDOWS\system32\EXPLORER.EXE(1).VIR
2010-11-18 19:38:35 ----D---- C:\Program Files\Adobe
2010-11-18 19:38:16 ----SHD---- C:\Config.Msi
2010-11-14 20:51:37 ----D---- C:\Program Files\SkanerOnline
2010-11-04 17:03:11 ----D---- C:\Documents and Settings\Administrator\Dane aplikacji\Help
2010-11-03 22:10:40 ----D---- C:\Program Files\Educat
2010-11-03 19:11:27 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-10-27 10:41:22 ----A---- C:\WINDOWS\_delis32.ini
2010-10-27 10:39:55 ----RA---- C:\WINDOWS\system32\drivers\fetnd5b.sys
2010-10-27 10:39:49 ----RA---- C:\WINDOWS\system32\ntsim.sys
2010-10-27 10:32:35 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-10-27 10:32:22 ----RA---- C:\WINDOWS\system32\drivers\alcxwdm.sys
2010-10-27 10:32:06 ----D---- C:\Program Files\Realtek AC97
2010-10-27 10:32:06 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2010-10-27 10:32:04 ----A---- C:\WINDOWS\soundman.exe
2010-10-27 10:32:03 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2010-10-27 10:32:02 ----A---- C:\WINDOWS\alcupd.exe
2010-10-27 10:32:02 ----A---- C:\WINDOWS\Alcrmv.exe
2010-10-27 10:24:47 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-10-27 10:24:40 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-10-27 10:24:38 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-10-27 10:24:35 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-10-27 10:24:32 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-10-27 10:22:50 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-10-27 10:20:43 ----A---- C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2010-10-27 10:20:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-10-27 10:20:25 ----A---- C:\WINDOWS\IsUninst.exe
2010-10-27 10:18:42 ----A---- C:\WINDOWS\system32\drivers\SET5.tmp
2010-10-27 10:16:52 ----A---- C:\WINDOWS\system32\drivers\SET3C.tmp
2010-10-27 10:16:51 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-10-27 10:16:44 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-10-27 10:16:42 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-10-27 10:16:39 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-10-27 10:16:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-10-27 10:16:16 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-10-27 10:16:14 ----D---- C:\Program Files\VIA Technologies, INC
2010-10-27 10:16:14 ----A---- C:\WINDOWS\system32\UnAudioNT.dll
2010-10-27 10:16:11 ----A---- C:\WINDOWS\IsUn0415.exe
2010-10-27 10:13:55 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-11-21 12:35:57 ----RD---- C:\Program Files
2010-11-21 12:28:05 ----D---- C:\WINDOWS
2010-11-21 12:23:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-21 12:14:42 ----D---- C:\WINDOWS\Prefetch
2010-11-21 11:01:56 ----HD---- C:\WINDOWS\inf
2010-11-21 11:01:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-21 10:52:53 ----D---- C:\WINDOWS\Temp
2010-11-21 10:39:27 ----D---- C:\WINDOWS\system32
2010-11-20 21:16:16 ----D---- C:\WINDOWS\system32\drivers
2010-11-20 21:14:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-18 19:39:34 ----SHD---- C:\WINDOWS\Installer
2010-11-18 19:38:49 ----D---- C:\Program Files\Common Files\Adobe
2010-11-18 19:38:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-11-15 18:53:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-14 18:01:44 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-03 21:21:28 ----D---- C:\Program Files\Mozilla Firefox
2010-11-02 18:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-27 17:53:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-27 10:32:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-27 10:31:50 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-27 10:07:04 ----SD---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-06-10 61696]
R0 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-07-05 40448]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2009-06-10 20608]
S0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-06-10 41856]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-06-10 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-06-10 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2010-10-27 88960]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-10 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-10 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-02 182768]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-06-10 14336]

-----------------EOF-----------------

[/log]

Tomek01
komentarz
komentarz

Tym razem infekcja z pendrive'a.


Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.


W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe


:OTL
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [wsctf.exe] File not foundO33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\AutoRun\command - "" = i9bwjpqc.exe
O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\open\Command - "" = i9bwjpqc.exe
O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\AutoRun\command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] ()
O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\open\Command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] ()
O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\AutoRun\command - "" = K:\i00dvoym.exe -- File not found
O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\open\Command - "" = K:\i00dvoym.exe -- File not found

:Files
C:\autorun.inf
C:\WINDOWS\System32\mgking0.dll
C:\WINDOWS\System32\mgking1.dll
C:\WINDOWS\System32\mgking.exe
C:\i00dvoym.exe
C:\et3ypes.exe
i00dvoym.exe\alldrivers
et3ypes.exe\alldrivers
i9bwjpqc.exe\alldrivers

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"king_mg"=-
"wsctf.exe"=-
"EXPLORER.EXE"=-

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT.

  • Dobra wypowiedź 1
maciej2123
komentarz
komentarz

otl.txt

[log]

OTL logfile created on: 2010-11-22 16:43:47 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 580,00 Mb Available Physical Memory | 76,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 60,26 Gb Free Space | 80,82% Space Free | Partition Type: NTFS

Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-11-03 21:21:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-11-03 21:21:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009-06-10 00:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-06-10 00:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-06-10 00:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2009-06-10 00:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 09:43:34 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-27 07:29:09 | 008,492,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-07-16 13:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-06-25 09:42:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-06-10 00:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-06-10 00:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2009-06-10 00:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2009-06-10 00:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-06-10 00:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-06-10 00:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-06-10 00:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-06-10 00:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2009-06-10 00:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-10 00:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-06-10 00:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-06-10 00:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-06-10 00:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-06-10 00:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-06-10 00:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-06-10 00:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2009-06-10 00:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2009-06-10 00:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2009-06-10 00:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2009-06-10 00:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2009-06-10 00:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2009-06-10 00:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-10-27 10:16:00 | 000,088,960 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-09-24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-08-17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002-12-27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-03 21:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-18 19:39:21 | 000,000,000 | ---D | M]

[2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5f55aqjj.default\extensions
[2010-08-04 11:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-19 21:21:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-19 21:21:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-19 21:21:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-19 21:21:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-19 21:21:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-19 21:21:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 00:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-527237240-861567501-1606980848-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-11-21 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\skany
[2010-11-21 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010-11-21 12:35:56 | 000,000,000 | ---D | C] -- C:\rsit
[2010-11-21 12:35:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-11-21 12:28:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-11-20 21:16:16 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-11-20 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-11-18 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zabawa Ruchocice 2010
[2010-11-18 22:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\SZklarska 2010
[2010-11-18 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Konkurs fiz 2010
[2010-11-18 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-11-18 19:38:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-11-14 20:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help
[2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Help
[2010-11-03 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Educat
[2010-10-27 10:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2010-10-27 10:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010-10-27 10:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\VIA Technologies, INC
[2010-10-27 10:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-10-22 18:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp
[2010-10-20 20:57:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010-10-20 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\konkurs fizyczny 2010
[2010-10-19 17:36:55 | 000,000,000 | ---D | C] -- C:\Aplikacja ANT

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-11-22 16:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-22 16:09:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-11-22 16:04:28 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-11-22 16:04:28 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-11-21 19:27:49 | 003,757,924 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-11-21 19:00:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-11-21 16:40:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-11-21 16:39:19 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-21 12:33:52 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc
[2010-11-20 20:00:01 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-19 18:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-18 22:33:39 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2010-11-18 19:39:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-11-15 18:53:53 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010-11-14 20:26:46 | 000,017,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-11-03 22:10:41 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk
[2010-11-03 19:11:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-11-02 18:26:31 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-11-02 18:26:31 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-02 18:26:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-02 18:26:31 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-02 18:26:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-10-27 10:41:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010-10-27 10:13:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk
[2010-10-25 18:24:42 | 001,136,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc
[2010-10-21 21:00:29 | 000,325,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc
[2010-10-19 17:36:57 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk
[2010-10-17 17:45:52 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-13 21:04:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-13 20:52:27 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-11-21 12:33:52 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc
[2010-11-18 22:31:00 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc
[2010-11-18 19:38:55 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-11-03 22:10:41 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk
[2010-11-03 19:11:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-10-27 10:41:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010-10-27 10:32:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-10-27 10:32:06 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010-10-27 10:32:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-10-27 10:16:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2010-10-27 10:13:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk
[2010-10-25 18:24:41 | 001,136,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc
[2010-10-21 20:59:43 | 000,325,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc
[2010-10-19 17:36:56 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk
[2010-10-06 20:32:00 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc
[2010-09-02 16:25:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-02 15:06:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\mistrz.ini
[2010-09-01 15:00:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-08-05 13:51:33 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-08-02 20:32:55 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-02 20:32:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-02 20:32:16 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2010-08-02 19:20:15 | 003,757,924 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-02 19:15:03 | 000,017,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-08-02 18:51:28 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini
[2010-08-02 18:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-08-02 18:42:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-08-02 18:42:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-08-02 18:39:24 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-08-02 18:39:23 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-06-10 00:45:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2009-06-10 00:45:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2009-06-10 00:45:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2009-06-10 00:45:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2009-06-10 00:45:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2009-06-10 00:45:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2009-06-10 00:45:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2009-06-10 00:45:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2009-06-10 00:45:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2009-06-10 00:45:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2009-06-10 00:45:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2009-06-10 00:45:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2009-06-10 00:45:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2009-06-10 00:45:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2009-06-10 00:45:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2009-06-10 00:45:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2009-06-10 00:45:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2009-06-10 00:45:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2009-06-10 00:45:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2009-06-10 00:45:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2009-06-10 00:45:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2009-06-10 00:45:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2009-06-10 00:45:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2009-06-10 00:45:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2009-06-10 00:45:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2009-06-10 00:45:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2009-06-10 00:45:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2009-06-10 00:45:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2009-06-10 00:45:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2009-06-10 00:45:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2009-06-10 00:45:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2009-06-10 00:45:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2009-06-10 00:45:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2009-06-10 00:45:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2009-06-10 00:45:00 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2009-06-10 00:45:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2009-06-10 00:45:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2010-08-02 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-09-09 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-08-02 18:37:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009-06-10 00:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-11-21 12:14:09 | 000,166,482 | ---- | M] () -- C:\mksbasel.cpp.log
[2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-06-10 00:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-06-10 00:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-11-22 16:42:25 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009-06-10 00:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >

[/log]

extras.txt

[log]
OTL Extras logfile created on: 2010-11-22 16:43:47 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 580,00 Mb Available Physical Memory | 76,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 60,26 Gb Free Space | 80,82% Space Free | Partition Type: NTFS

Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{B28B351F-1232-46EA-85EF-B8EA91641045}" = Nero 7 Essentials
"{D928C220-0A77-11D4-A090-0050049D1C2E}" = TI'99-U
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Cenzurka 7.4_is1" = Cenzurka 7.4
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Moja Droga Do Szkoły" = Moja Droga Do Szkoły
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"SkanerOnline" = Skaner on-line mks_vir
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-20 05:34:51 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 05:37:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 12:38:34 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.2.3951, moduł
powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5.

Error - 2010-11-20 12:38:39 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący
błąd dbghelp.dll, wersja 5.1.2600.5512, adres błędu 0x0001295d.

Error - 2010-11-20 12:38:50 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca crashreporter.exe, wersja 1.9.2.3951, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 12:39:03 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.2.3951, moduł
powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5.

Error - 2010-11-20 12:39:17 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5.

Error - 2010-11-20 12:39:41 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 12:39:44 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca crashreporter.exe, wersja 1.9.2.3951, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-11-20 12:44:34 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5.

[ System Events ]
Error - 2010-11-22 09:47:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot

Error - 2010-11-22 11:04:27 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-22 11:09:59 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7022
Description = Usługa avast! Antivirus zawiesiła się podczas uruchamiania.

Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7022
Description = Usługa avast! Antivirus zawiesiła się podczas uruchamiania.

Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001
Description = Usługa avast! Mail Scanner zależy od usługi avast! Antivirus, której
nie można uruchomić z powodu następującego błędu: %%1070

Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7031
Description = Usługa avast! Antivirus niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2010-11-22 11:17:53 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-22 11:19:17 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot

Error - 2010-11-22 11:42:56 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-11-22 11:44:22 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot


< End of report >

[/log]

log.txt

[log]
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-22 17:24:02
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 62 GB (81%) free of 76 GB
Total RAM: 767 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:24:08, on 2010-11-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5797 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-06-10 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-02 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-10 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-21 12:35:57 ----D---- C:\Program Files\trend micro
2010-11-21 12:35:56 ----D---- C:\rsit
2010-11-21 12:35:21 ----D---- C:\_OTL
2010-11-21 12:28:05 ----SHD---- C:\WINDOWS\CSC
2010-11-21 12:24:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-20 21:16:16 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys
2010-11-20 21:15:03 ----D---- C:\Program Files\Panda Security
2010-11-20 09:43:37 ----ASH---- C:\WINDOWS\system32\EXPLORER.EXE(1).VIR
2010-11-18 19:38:35 ----D---- C:\Program Files\Adobe
2010-11-18 19:38:16 ----SHD---- C:\Config.Msi
2010-11-14 20:51:37 ----D---- C:\Program Files\SkanerOnline
2010-11-04 17:03:11 ----D---- C:\Documents and Settings\Administrator\Dane aplikacji\Help
2010-11-03 22:10:40 ----D---- C:\Program Files\Educat
2010-11-03 19:11:27 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-10-27 10:41:22 ----A---- C:\WINDOWS\_delis32.ini
2010-10-27 10:39:55 ----RA---- C:\WINDOWS\system32\drivers\fetnd5b.sys
2010-10-27 10:39:49 ----RA---- C:\WINDOWS\system32\ntsim.sys
2010-10-27 10:32:35 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-10-27 10:32:22 ----RA---- C:\WINDOWS\system32\drivers\alcxwdm.sys
2010-10-27 10:32:06 ----D---- C:\Program Files\Realtek AC97
2010-10-27 10:32:06 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2010-10-27 10:32:04 ----A---- C:\WINDOWS\soundman.exe
2010-10-27 10:32:03 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2010-10-27 10:32:02 ----A---- C:\WINDOWS\alcupd.exe
2010-10-27 10:32:02 ----A---- C:\WINDOWS\Alcrmv.exe
2010-10-27 10:24:47 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-10-27 10:24:40 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-10-27 10:24:38 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-10-27 10:24:35 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-10-27 10:24:32 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-10-27 10:22:50 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-10-27 10:20:43 ----A---- C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2010-10-27 10:20:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-10-27 10:20:25 ----A---- C:\WINDOWS\IsUninst.exe
2010-10-27 10:16:51 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-10-27 10:16:44 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-10-27 10:16:42 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-10-27 10:16:39 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-10-27 10:16:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-10-27 10:16:16 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-10-27 10:16:14 ----D---- C:\Program Files\VIA Technologies, INC
2010-10-27 10:16:14 ----A---- C:\WINDOWS\system32\UnAudioNT.dll
2010-10-27 10:16:11 ----A---- C:\WINDOWS\IsUn0415.exe
2010-10-27 10:13:55 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-11-22 16:09:58 ----D---- C:\WINDOWS
2010-11-22 16:09:50 ----D---- C:\WINDOWS\Temp
2010-11-22 16:02:53 ----D---- C:\WINDOWS\system32\drivers
2010-11-22 16:02:53 ----D---- C:\WINDOWS\system32
2010-11-22 14:42:00 ----D---- C:\WINDOWS\Prefetch
2010-11-22 14:37:39 ----HD---- C:\WINDOWS\inf
2010-11-22 14:37:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-21 19:27:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-21 16:40:46 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-21 12:35:57 ----RD---- C:\Program Files
2010-11-20 21:14:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-18 19:39:34 ----SHD---- C:\WINDOWS\Installer
2010-11-18 19:38:49 ----D---- C:\Program Files\Common Files\Adobe
2010-11-18 19:38:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-11-14 18:01:44 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-03 21:21:28 ----D---- C:\Program Files\Mozilla Firefox
2010-11-02 18:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-27 17:53:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-27 10:32:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-27 10:31:50 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-27 10:07:04 ----SD---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-06-10 61696]
R0 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-07-05 40448]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2009-06-10 20608]
S0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-06-10 41856]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-06-10 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-06-10 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2010-10-27 88960]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-10 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-10 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-02 182768]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-06-10 14336]

-----------------EOF-----------------

[/log]

wynik usuwania

[log]
All processes killed
========== PROCESSES ==========
Process Explorer.exe killed successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg deleted successfully.
C:\WINDOWS\system32\mgking.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54fe311c-a858-11df-a730-000c6e5ddb5f}\ not found.
File i9bwjpqc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found.
C:\i00dvoym.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found.
File C:\i00dvoym.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found.
K:\i00dvoym.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found.
File K:\i00dvoym.exe not found.
========== FILES ==========
C:\autorun.inf moved successfully.
C:\WINDOWS\System32\mgking0.dll moved successfully.
C:\WINDOWS\System32\mgking1.dll moved successfully.
File\Folder C:\WINDOWS\System32\mgking.exe not found.
File\Folder C:\i00dvoym.exe not found.
C:\et3ypes.exe moved successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
File\Folder i00dvoym.exe\alldrivers not found.
File\Folder et3ypes.exe\alldrivers not found.
File\Folder i9bwjpqc.exe\alldrivers not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 766139294 bytes
->Temporary Internet Files folder emptied: 15176581 bytes
->FireFox cache emptied: 58010409 bytes
->Flash cache emptied: 2828268 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66351 bytes
->Temporary Internet Files folder emptied: 129598 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 255488 bytes
Windows Temp folder emptied: 38081031 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 840,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11222010_160232

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[/log]

Tomek01
komentarz
komentarz

To znalazł mks, śmiało usunąć ręcznie.
W OTL użyj opcji CleanUp.

Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.

  • Dobra wypowiedź 1
maciej2123
komentarz
komentarz

Anti-Malvare
[log]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 5177

Windows 5.1.2600 Dodatek Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010-11-23 21:55:56
Anti-Malware

Typ skanowania: Pełne skanowanie (C:\|)
Przeskanowano obiektów: 168559
Upłynęło: 21 minut(y), 4 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 1
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 6

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP68\A0021715.exe (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0034005.exe (Spyware.PWS) -> No action taken.
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0035030.exe (Spyware.PWS) -> No action taken.
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0035034.exe (Spyware.PWS) -> No action taken.
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0036051.EXE (Password.Stealer) -> No action taken.
C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76\A0040195.exe (Spyware.PWS) -> No action taken.

[/log]

Dr Web

[log]

A0021715.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP68;Win32.HLLW.Autoruner.34791;Niewyleczalny.Usunięty.;
A0034005.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.;
A0035030.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.;
A0035034.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.;
A0035035.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.;
A0035044.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.;
A0036044.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.;
A0036051.EXE;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;BackDoor.Generic.1451;Usunięty.;
A0036056.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.;
A0036065.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.;
A0036111.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.;
A0036122.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.;
A0036134.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.;
A0036149.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.;
A0036150.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.;
A0040195.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.;
A0040196.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.;
A0040197.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Trojan.AVKill.3058;Usunięty.;
A0040198.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Trojan.AVKill.3058;Usunięty.;
A0040200.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.35339;Niewyleczalny.Przeniesiony.;
A0040201.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.;

[/log]

Tomek01
komentarz
komentarz

Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach.


Usuń klucz, który wykrył Mbam ( w trybie skanu).

To byłoby wszystko. System jest czysty.

  • Dobra wypowiedź 1

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.