maciej2123 utworzono 15 listopada 2010 utworzono 15 listopada 2010 (edytowane) Witam, mam problem z windowsem xp, prawdopodobnie załapałem wirusa i nie wiem jak się go jak najbardziej bezboleśnie pozbyć. Nie mogę włączyć zapory windows, cały czas wyskakuje mi że jest wyłączona i nie moge tego zmienić, nie moge też przeskanować komputera bo nie idzie włączyć avasta, a skanowanie przez neta niczego nie znalazło. Komputer się co chwile zawiesza. Co mam robić ? Musze sformatować kompa czy pójdzie to załatwić w łagodniejszy sposób ? [color="#ff0000"] //przenoszę do Bezpieczeństwa //dan[/color]
hannx91 komentarz 16 listopada 2010 komentarz 16 listopada 2010 użyj combofix i napisz czy coś się zmieniło możesz dodać jeszcze log z combofix'a, może się przydać [color="#FF0000"]//Jeszcze jedna taka porada i będzie ban. //Tom01[/color]
Tomek01 komentarz 16 listopada 2010 komentarz 16 listopada 2010 Nie uruchamiaj Combofix'a. Wrzuć zestaw logów OTL i RSIT. Wstaw je w odpowiednim formacie. Info w moim podpisie. 1
maciej2123 komentarz 16 listopada 2010 Autor komentarz 16 listopada 2010 (edytowane) OTL.TXT [log] OTL logfile created on: 2010-11-16 21:35:17 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Maciej\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 125,00 Gb Total Space | 1,35 Gb Free Space | 1,08% Space Free | Partition Type: NTFS Drive D: | 125,00 Gb Total Space | 61,70 Gb Free Space | 49,36% Space Free | Partition Type: NTFS Drive E: | 125,00 Gb Total Space | 93,00 Gb Free Space | 74,40% Space Free | Partition Type: NTFS Drive M: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MACIEJ-PC | User Name: Maciej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-11-16 21:27:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maciej\Downloads\OTL.exe PRC - [2010-11-06 15:18:04 | 001,754,624 | ---- | M] (K2T.eu, Kaworu) -- C:\Program Files\K2T\WTW\wtw.exe PRC - [2010-11-01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010-09-13 20:20:27 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe PRC - [2010-06-28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-03-30 10:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-03-30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-01-08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe PRC - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009-12-11 14:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-08-18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-07-30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2009-07-30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2009-07-14 02:14:50 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2009-07-14 02:14:50 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-07-14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2006-12-23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-12-23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006-12-23 16:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2006-12-14 16:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-11-16 21:27:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maciej\Downloads\OTL.exe MOD - [2010-09-14 15:26:38 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-03-24 07:37:04 | 001,286,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-07 21:28:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-03-30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-08-18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-08-25 08:51:03 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-02-03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009-08-18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-07-24 07:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009-07-14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883) DRV - [2009-07-14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc) DRV - [2009-07-14 00:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV) DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2004-08-13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2002-09-16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.24.201:3128 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df" FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-09 22:12:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-09 22:12:42 | 000,000,000 | ---D | M] [2010-05-08 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Extensions [2010-11-16 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions [2010-08-25 09:02:37 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010-09-29 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\vshare@toolbar [2010-01-20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\conduit.xml [2010-09-29 18:04:52 | 000,001,583 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\web-search.xml [2010-05-08 20:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-11-09 22:12:40 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-11-09 22:12:40 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-11-09 22:12:40 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-11-09 22:12:40 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-11-09 22:12:40 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-11-09 22:12:40 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-04 19:18:17 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SpotmauSecretary] C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe (spotmau) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [AlcoholAutomount] D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000..\Run: [EA Core] D:\Programy\Electronic Arts\EADM\Core.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-08-24 21:51:50 | 000,003,664 | ---- | M] () - D:\Autor WidmonapisyPL [AVI ReComp].log -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O32 - AutoRun File - [2007-06-12 03:27:33 | 000,000,140 | R--- | M] () - M:\autorun.inf -- [ UDF ] O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell - "" = AutoRun O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell\AutoRun\command - "" = M:\Setup\rsrc\AUTORUN.EXE -- [2007-03-23 00:57:09 | 000,051,336 | R--- | M] () O33 - MountPoints2\{08998e41-5866-11df-af38-001fc68dafe7}\Shell\dinstall\command - "" = M:\DirectX\DXSETUP.exe -- [2007-06-01 04:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-11-15 16:36:53 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\XnView [2010-11-09 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Desktop\adam [2010-11-08 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\GoD [2010-10-24 09:16:36 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Media Player Classic [2010-10-24 09:04:51 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative [2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Real [2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\Real [2010-10-24 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010-10-16 18:22:31 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\CrystalSpace [2010-10-14 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\.wtw [2010-10-14 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\K2T [2010-10-01 20:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010-10-01 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\FIFA 11 [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-11-16 21:06:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job [2010-11-16 20:44:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-11-16 20:27:02 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Maciej.job [2010-11-16 19:25:57 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-16 19:25:57 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-16 16:38:48 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-11-16 16:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-11-16 16:38:12 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010-11-16 16:06:01 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job [2010-11-15 16:30:49 | 000,033,280 | ---- | M] () -- C:\Users\Maciej\Documents\Pożary lasów w Rosji.doc [2010-11-14 18:52:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-11-14 13:27:20 | 001,297,977 | ---- | M] () -- C:\Users\Maciej\Desktop\2010-11-14.rar [2010-11-13 21:30:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-11-13 21:30:17 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-11-08 15:35:07 | 000,002,364 | ---- | M] () -- C:\Users\Maciej\Desktop\Google Chrome.lnk [2010-11-07 21:09:58 | 000,030,720 | ---- | M] () -- C:\Users\Maciej\Desktop\Wycieczkaankieta.doc [2010-11-01 12:18:22 | 001,721,267 | ---- | M] () -- C:\Users\Maciej\Desktop\2010-11-01.rar [2010-10-24 20:11:57 | 000,019,968 | ---- | M] () -- C:\Users\Maciej\Desktop\Zapomoga.doc [2010-10-16 18:25:06 | 000,055,968 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\BigfootCompetitionPL.cfg [2010-10-16 17:41:09 | 000,075,776 | ---- | M] () -- C:\Users\Maciej\Desktop\notatka.ppt [2010-10-14 17:56:52 | 000,001,877 | ---- | M] () -- C:\Users\Maciej\Application Data\Microsoft\Internet Explorer\Quick Launch\WTW.lnk [2010-10-12 18:25:16 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Gimnazjum klasa 2 - Śladami przeszłości.lnk [2010-10-09 15:12:20 | 000,362,247 | ---- | M] () -- C:\Users\Maciej\Desktop\chelsea background.jpg [2010-10-02 19:57:41 | 000,000,136 | ---- | M] () -- C:\Users\Maciej\Desktop\FIFA 11 - Shortcut.lnk [2010-09-21 20:26:37 | 000,000,706 | ---- | M] () -- C:\Users\Maciej\Desktop\SGP Baltie 3.lnk [2010-09-21 19:57:44 | 000,024,064 | ---- | M] () -- C:\Users\Maciej\Desktop\Nalewka z aronii.doc [2010-09-20 20:22:02 | 000,126,976 | ---- | M] () -- C:\Users\Maciej\Desktop\Hi.doc [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-14 18:52:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-11-14 13:27:19 | 001,297,977 | ---- | C] () -- C:\Users\Maciej\Desktop\2010-11-14.rar [2010-11-08 21:12:25 | 000,033,280 | ---- | C] () -- C:\Users\Maciej\Documents\Pożary lasów w Rosji.doc [2010-11-07 21:09:56 | 000,030,720 | ---- | C] () -- C:\Users\Maciej\Desktop\Wycieczkaankieta.doc [2010-11-01 12:18:21 | 001,721,267 | ---- | C] () -- C:\Users\Maciej\Desktop\2010-11-01.rar [2010-10-24 20:03:20 | 000,019,968 | ---- | C] () -- C:\Users\Maciej\Desktop\Zapomoga.doc [2010-10-16 18:22:57 | 000,055,968 | ---- | C] () -- C:\Users\Maciej\AppData\Roaming\BigfootCompetitionPL.cfg [2010-10-16 17:38:52 | 000,075,776 | ---- | C] () -- C:\Users\Maciej\Desktop\notatka.ppt [2010-10-14 17:56:52 | 000,001,877 | ---- | C] () -- C:\Users\Maciej\Application Data\Microsoft\Internet Explorer\Quick Launch\WTW.lnk [2010-10-12 18:25:26 | 000,755,588 | ---- | C] () -- C:\Users\Maciej\.fx1666.log [2010-10-12 18:25:16 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Gimnazjum klasa 2 - Śladami przeszłości.lnk [2010-10-09 15:12:20 | 000,362,247 | ---- | C] () -- C:\Users\Maciej\Desktop\chelsea background.jpg [2010-10-02 19:57:41 | 000,000,136 | ---- | C] () -- C:\Users\Maciej\Desktop\FIFA 11 - Shortcut.lnk [2010-09-21 20:26:37 | 000,000,706 | ---- | C] () -- C:\Users\Maciej\Desktop\SGP Baltie 3.lnk [2010-09-21 19:57:43 | 000,024,064 | ---- | C] () -- C:\Users\Maciej\Desktop\Nalewka z aronii.doc [2010-09-20 18:22:42 | 000,126,976 | ---- | C] () -- C:\Users\Maciej\Desktop\Hi.doc [2010-09-12 20:53:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-09-12 20:53:59 | 000,022,328 | ---- | C] () -- C:\Users\Maciej\AppData\Roaming\PnkBstrK.sys [2010-09-12 20:53:21 | 000,000,308 | ---- | C] () -- C:\Windows\game.ini [2010-07-01 12:57:52 | 002,771,968 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_custom.dll [2010-07-01 12:57:52 | 001,163,776 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_custom.dll [2010-07-01 12:57:52 | 000,681,472 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_custom.dll [2010-07-01 12:57:52 | 000,470,528 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_custom.dll [2010-07-01 12:57:52 | 000,119,808 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_custom.dll [2010-07-01 12:57:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_custom.dll [2010-05-07 19:53:08 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010-05-07 17:57:50 | 000,000,017 | ---- | C] () -- C:\Users\Maciej\AppData\Local\resmon.resmoncfg [2010-05-05 17:46:49 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010-05-04 20:47:07 | 000,003,584 | ---- | C] () -- C:\Users\Maciej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-04 12:37:19 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010-05-04 12:15:31 | 000,000,303 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-07 15:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-06-07 15:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-01-28 19:50:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007-01-26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007-01-26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2004-08-13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2010-10-14 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\.wtw [2010-06-06 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\AnvSoft [2010-05-07 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Audacity [2010-08-25 15:13:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\AVI ReComp [2010-10-16 18:22:31 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\CrystalSpace [2010-05-04 11:54:18 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\EurekaLog [2010-05-04 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FLV Extract [2010-05-07 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FreeAudioPack [2010-05-27 17:50:39 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\FreeCDRipper [2010-05-22 22:27:29 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\geany [2010-05-22 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\gtk-2.0 [2010-05-04 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\kikin [2010-05-08 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Leadertech [2010-08-26 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Miranda [2010-05-15 10:08:49 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\ScreeNet iSaver [2010-07-25 19:30:10 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Sports Interactive [2010-07-01 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\WinCare2009 [2010-11-15 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\XnView [2010-10-28 12:12:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-05-04 20:45:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-09-12 10:15:23 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-09-12 11:03:01 | 000,383,592 | RHS- | M] () -- C:\gdrop [2010-09-12 11:03:01 | 000,220,049 | RHS- | M] () -- C:\grldr [2010-11-16 16:38:12 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010-09-12 11:03:01 | 000,000,103 | ---- | M] () -- C:\menu.lst [2010-07-01 12:59:41 | 000,000,046 | ---- | M] () -- C:\os.txt [2010-05-04 11:11:14 | 000,171,136 | RHS- | M] () -- C:\w7ldr [2010-09-12 11:03:01 | 000,571,792 | RHS- | M] () -- C:\wow7.img [2010-09-12 10:59:03 | 000,171,136 | RHS- | M] () -- C:\xeldr [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:agp440.sys [2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:agp440.sys [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:agp440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:atapi.sys [2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:atapi.sys [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp2.cab:cdrom.sys [2008-04-14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\WindaXpSp3.kozii91\Microsoft Windows Xp Professional Sp3\I386\sp3.cab:cdrom.sys [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\Users\Maciej\Downloads\Windows_XP_SP3_PL___Klucze_VLK_Czerwiec_for_www.darkwarez.pl_mazuro26\Windows XP SP3 PL + Klucze VLK Czerwiec for www.darkwarez.pl Mazuro\I386\sp3.cab:cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:15F0C917 < End of report > [/log] log.txt [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Maciej at 2010-11-16 21:41:23 Microsoft Windows 7 Ultimate System drive C: has 1 GB (1%) free of 128 GB Total RAM: 2046 MB (53% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:41:29, on 2010-11-16 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files\K2T\WTW\wtw.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Maciej\Downloads\RSIT.exe C:\Program Files\trend micro\Maciej.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 174.142.24.201:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [SpotmauSecretary] C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [Google Update] "C:\Users\Maciej\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [EA Core] "D:\Programy\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 7422 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job C:\Windows\tasks\Norton Security Scan for Maciej.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2010-01-08 1109504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-08-16 799472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-06 2515552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-06 2515552] {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2010-01-08 974848] "SpotmauSecretary"=C:\Program Files\Spotmau 2009\Partition Genius\Desktop_Secretary\Spotmau_S.exe [2009-09-17 607744] "LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Maciej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 136176] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "AlcoholAutomount"=D:\Programy\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120] "EA Core"=D:\Programy\Electronic Arts\EADM\Core.exe -silent [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-11-16 21:41:23 ----D---- C:\rsit 2010-11-16 21:41:23 ----D---- C:\Program Files\trend micro 2010-11-15 16:36:53 ----D---- C:\Users\Maciej\AppData\Roaming\XnView 2010-10-24 09:16:36 ----D---- C:\Users\Maciej\AppData\Roaming\Media Player Classic 2010-10-24 09:04:51 ----A---- C:\Windows\system32\rmoc3260.dll 2010-10-24 09:04:51 ----A---- C:\Windows\system32\pndx5032.dll 2010-10-24 09:04:51 ----A---- C:\Windows\system32\pndx5016.dll 2010-10-24 09:04:51 ----A---- C:\Windows\system32\pncrt.dll 2010-10-24 09:04:50 ----D---- C:\Users\Maciej\AppData\Roaming\Real 2010-10-24 09:04:50 ----D---- C:\ProgramData\Real 2010-10-24 09:04:50 ----D---- C:\Program Files\Real Alternative ======List of files/folders modified in the last 1 months====== 2010-11-16 21:41:24 ----D---- C:\Windows\Temp 2010-11-16 21:41:23 ----RD---- C:\Program Files 2010-11-16 19:25:57 ----D---- C:\Windows\System32 2010-11-16 19:25:57 ----D---- C:\Windows\inf 2010-11-16 19:25:57 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-16 16:24:01 ----D---- C:\Windows\system32\config 2010-11-15 19:08:28 ----D---- C:\Program Files\kikin 2010-11-14 21:35:14 ----D---- C:\Windows\Prefetch 2010-11-14 18:52:16 ----D---- C:\Windows\system32\drivers 2010-11-14 18:52:08 ----D---- C:\Windows\system32\drivers\UMDF 2010-11-09 22:12:42 ----D---- C:\Program Files\Mozilla Firefox 2010-10-29 19:05:57 ----D---- C:\Windows\system32\catroot2 2010-10-24 09:04:50 ----HD---- C:\ProgramData ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-25 697328] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176] R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264] R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976] S3 a4ki79mt;a4ki79mt; C:\Windows\system32\drivers\a4ki79mt.sys [] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128] R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-09-13 66872] R2 StarWindServiceAE;StarWind AE Service; D:\Programy\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 136176] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400] -----------------EOF----------------- [/log] info.txt [log] info.txt logfile of random's system information tool 1.08 2010-11-16 21:41:31 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Any Video Converter 3.0.5-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe" Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Audacity 1.2.6-->"D:\Programy\Audacity\unins000.exe" avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup AVI ReComp 1.5.1-->C:\Program Files\AVI ReComp\Uninstall.exe AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Bigfoot Competition - Polish Classics 1.0-->"D:\Gry\Bigfoot Competition Polish Classics\unins000.exe" Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51} Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0415 Catalyst Control Center - Branding-->MsiExec.exe /I{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2} CDex - Open Source Digital Audio CD Extractor-->D:\Programy\CDex\uninstall.exe Cenzurka 7.4-->"C:\Program Files\Educat\Cenzurka 7.4\unins000.exe" Creation Master 10 Release 10.3-->"C:\Program Files\Fifa Master\Creation Master 10\unins000.exe" Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91} Ekspert CD-->C:\Windows\unins000.exe FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909} FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C} Football Manager 2010-->"D:\Gry\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Deinstaluj Football Manager 2010.exe" Football Superstars-->"D:\Gry\Fottball\Football Superstars\unins000.exe" Fraps-->"C:\Fraps\uninstall.exe" Free Mp3 Wma Converter V 1.9-->"D:\Programy\Free Audio Pack\unins000.exe" free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG Gimnazjum klasa 2 - Puls życia-->C:\Windows\IsUn0415.exe -f"d:\programy puls życie\Uninst.isu" -c"d:\programy puls życie\UninstallProject.dll" Gimnazjum klasa 2 - Śladami przeszłości-->C:\Windows\IsUn0415.exe -fd:\historia\Uninst.isu -cd:\historia\UninstallProject.dll Google Earth Plug-in-->MsiExec.exe /X{171E6C1E-B5FC-11DF-B115-005056C00008} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hiszpański - Mówisz i rozumiesz-->"C:\Program Files\Edgard\Hiszpanski Mowisz i rozumiesz\unins000.exe" Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} JDownloader-->D:\Programy\JDownloader\uninstall.exe kikin plugin (JDownloader Edition) 2.1-->C:\Program Files\kikin\uninst.exe Komunikator WTW-->C:\Program Files\K2T\WTW\wtw-uninst.exe LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Miranda IM 0.9.1-->C:\Program Files\Miranda IM\Uninstall.exe Mozilla Firefox (3.6.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe" Need For Russia 3-->"D:\Gry\Need For Russia 3\unins000.exe" Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641045} nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe" Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X Partition Genius 4.1.0.1394-->"C:\Program Files\Spotmau 2009\Partition Genius\unins000.exe" Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A} PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Prawo Jazdy 2010 1.1-->"D:\Programy\Prawo Jazdy 2010\unins000.exe" Prawo Jazdy ABCDT - egzamin wewnętrzny -->"D:\Programy\Grupa IMAGE\Prawo Jazdy ABCDT - egzamin wewnetrzny\unins000.exe" Pro Evolution Soccer 2010 DEMO-->MsiExec.exe /X{1F126EDC-DA29-4D5B-80DF-735252475FEE} QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025} Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe" Search Settings v1.2.3-->MsiExec.exe /X{5F05C28D-DEA9-4AD6-A73A-064175988EAB} SGP Baltie 3-->"D:\Programy\SGP Systems\unins000.exe" SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe Spycheck AntiSpyware-->MsiExec.exe /I{691D8246-53FF-46F9-867B-C6D323F3CB6C} Sterownik wideo firmy Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415} SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe" Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe" Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe VLC media player 1.1.0-->D:\Programy\VideoLAN\VLC\uninstall.exe VobSub 2.23-->C:\Program Files\Gabest\VobSub\uninstall.exe Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Xvid 1.2.2-->C:\Program Files\Xvid\unins000.exe ======Hosts File====== 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ======System event log====== Computer Name: Maciej-PC Event Code: 52236 Message: CPLIB :: General - Invalid Parameter Record Number: 765 Source Name: atikmdag Time Written: 20100504103220.328125-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 43029 Message: Display is not active Record Number: 660 Source Name: atikmdag Time Written: 20100504102123.765625-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 52236 Message: CPLIB :: General - Invalid Parameter Record Number: 659 Source Name: atikmdag Time Written: 20100504102123.765625-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 43029 Message: Display is not active Record Number: 605 Source Name: atikmdag Time Written: 20100504101729.035156-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 52236 Message: CPLIB :: General - Invalid Parameter Record Number: 604 Source Name: atikmdag Time Written: 20100504101729.035156-000 Event Type: Error User: =====Application event log===== Computer Name: Maciej-PC Event Code: 1015 Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00 Record Number: 171 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100504101136.000000-000 Event Type: Warning User: Computer Name: Maciej-PC Event Code: 1015 Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00 Record Number: 164 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100504101035.000000-000 Event Type: Warning User: Computer Name: Maciej-PC Event Code: 1017 Message: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=QKWWM ACID=? Detailed Error[?] Record Number: 159 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100504100857.000000-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 1017 Message: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=FKG2C ACID=? Detailed Error[?] Record Number: 153 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100504100436.000000-000 Event Type: Error User: Computer Name: Maciej-PC Event Code: 1017 Message: Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=2TCGW ACID=? Detailed Error[?] Record Number: 150 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100504100251.000000-000 Event Type: Error User: =====Security event log===== Computer Name: 37L4247D28-05 Event Code: 4735 Message: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247D28-05$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100504094616.937500-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4731 Message: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247D28-05$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100504094616.937500-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4902 Message: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x235c4 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100504094616.703125-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100504094615.703125-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100504094615.671875-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=4303 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log]
Tomek01 komentarz 16 listopada 2010 komentarz 16 listopada 2010 Odinstaluj: Dealio Toolbar, free-downloads.net Toolbar. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL PRC - [2010-01-08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe PRC - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe SRV - [2010-01-07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1098640 IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="[2010-09-29 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\extensions\vshare@toolbar [2010-01-20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\conduit.xml [2010-09-29 18:04:52 | 000,001,583 | ---- | M] () -- C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\gjfocit1.default\searchplugins\web-search.xml O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2960879355-3237400500-980202737-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:15F0C917 :Files C:\Program Files\Search Settings C:\Program Files\K2T\WTW\wtw.exe C:\Users\Maciej\AppData\Roaming\EurekaLog C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2960879355-3237400500-980202737-1000UA.job C:\Program Files\Application Updater\ApplicationUpdater.exeC:\Program Files\Search Settings :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ecdee021-0d17-467f-a1ff-c7a115230949}=- {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SearchSettings"=- :Services Application Updater SearchSettings :Commands [emptytemp] [start explorer] [Reboot] [/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć [b]log z usuwania[/b] oraz nowe logi: [b]OTL[/b] i [b]RSIT[/b]. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum. 1
maciej2123 komentarz 20 listopada 2010 Autor komentarz 20 listopada 2010 sorry pomyliłem się, dałem wam skany "zdrowego" kompa na tym właściwym mam problem bo nie idzie go zeskanować ani OTL ani RSIT. Przy OTL wyskakuje błąd "Access violation at address 773E6FES in module "comctl32.dll". Write of adress 0000073A " a przy próbie instalacji RSIT zawiesza się Explorer ( Wystąpił problem z aplikacją EXPLORER.EXE i zostanie ona wyłączona itd. )
Sohei komentarz 20 listopada 2010 komentarz 20 listopada 2010 postaraj się je wykonać z poziomu systemu awaryjnego:) 1
maciej2123 komentarz 21 listopada 2010 Autor komentarz 21 listopada 2010 (edytowane) ok zaraz to zrobię a w międzyczasie przeskanowałem kompa mkswirem i znalazło mi trojana Psw.SBoy.a w pliku C:\Windows\system32\EXPLOREREXE(1).VIR OTL.txt [log] OTL logfile created on: 2010-11-21 12:42:00 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 68,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,55 Gb Total Space | 59,31 Gb Free Space | 79,55% Space Free | Partition Type: NTFS Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-11-03 21:21:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-11-03 21:21:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-06-10 00:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-06-10 00:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-06-10 00:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-06-10 00:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 09:43:34 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-27 07:29:09 | 008,492,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-07-16 13:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-06-25 09:42:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-06-10 00:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-06-10 00:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-06-10 00:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-06-10 00:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-06-10 00:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-06-10 00:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-06-10 00:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-06-10 00:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-06-10 00:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-10 00:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-06-10 00:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-06-10 00:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-06-10 00:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-06-10 00:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-06-10 00:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-06-10 00:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-06-10 00:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-06-10 00:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-06-10 00:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-06-10 00:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-06-10 00:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-06-10 00:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-10-27 10:16:00 | 000,088,960 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM) DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008-09-24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-08-17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [2002-12-27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-03 21:21:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-18 19:39:21 | 000,000,000 | ---D | M] [2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5f55aqjj.default\extensions [2010-08-04 11:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-19 21:21:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-19 21:21:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-19 21:21:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-19 21:21:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-19 21:21:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-19 21:21:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 00:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-527237240-861567501-1606980848-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe () O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [wsctf.exe] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\AutoRun\command - "" = i9bwjpqc.exe O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\open\Command - "" = i9bwjpqc.exe O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\AutoRun\command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\open\Command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\AutoRun\command - "" = K:\i00dvoym.exe -- File not found O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\open\Command - "" = K:\i00dvoym.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-11-21 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\skany [2010-11-21 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-11-21 12:35:56 | 000,000,000 | ---D | C] -- C:\rsit [2010-11-21 12:35:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010-11-21 12:28:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010-11-21 11:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010-11-20 21:16:16 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010-11-20 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010-11-18 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zabawa Ruchocice 2010 [2010-11-18 22:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\SZklarska 2010 [2010-11-18 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Konkurs fiz 2010 [2010-11-18 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-11-18 19:38:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-11-14 20:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help [2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Help [2010-11-03 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Educat [2010-10-27 10:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2010-10-27 10:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010-10-27 10:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\VIA Technologies, INC [2010-10-27 10:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-10-22 18:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp [2010-10-20 20:57:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010-10-20 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\konkurs fizyczny 2010 [2010-10-19 17:36:55 | 000,000,000 | ---D | C] -- C:\Aplikacja ANT [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-11-21 12:39:25 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-11-21 12:33:52 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc [2010-11-21 12:28:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-21 12:27:05 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-11-21 12:27:03 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-11-21 12:23:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2010-11-21 12:00:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-11-21 10:39:27 | 000,115,712 | RHS- | M] () -- C:\WINDOWS\System32\mgking0.dll [2010-11-20 20:00:01 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-11-20 17:22:06 | 000,115,712 | RHS- | M] () -- C:\WINDOWS\System32\mgking1.dll [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\WINDOWS\System32\mgking.exe [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\i00dvoym.exe [2010-11-19 18:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-18 22:33:39 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc [2010-11-18 19:39:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-11-17 08:08:58 | 000,177,664 | RHS- | M] () -- C:\et3ypes.exe [2010-11-15 18:53:53 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls [2010-11-15 18:53:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-11-14 20:26:46 | 000,017,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010-11-03 22:10:41 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk [2010-11-03 19:11:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-11-02 18:26:31 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-11-02 18:26:31 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-11-02 18:26:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-02 18:26:31 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-11-02 18:26:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-10-27 10:41:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini [2010-10-27 10:13:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk [2010-10-25 18:24:42 | 001,136,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc [2010-10-21 21:00:29 | 000,325,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc [2010-10-19 17:36:57 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk [2010-10-17 17:45:52 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-10-13 21:04:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-10-13 20:53:47 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-13 20:52:27 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-21 12:33:52 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc [2010-11-20 17:08:14 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\mgking0.dll [2010-11-20 09:44:43 | 000,178,688 | RHS- | C] () -- C:\i00dvoym.exe [2010-11-20 09:44:17 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\mgking1.dll [2010-11-20 09:44:03 | 000,177,664 | RHS- | C] () -- C:\et3ypes.exe [2010-11-20 09:43:37 | 000,178,688 | RHS- | C] () -- C:\WINDOWS\System32\mgking.exe [2010-11-18 22:31:00 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc [2010-11-18 19:38:55 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-11-04 18:39:45 | 000,000,063 | RHS- | C] () -- C:\autorun.inf [2010-11-03 22:10:41 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk [2010-11-03 19:11:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-10-27 10:41:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2010-10-27 10:32:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-10-27 10:32:06 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav [2010-10-27 10:32:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-10-27 10:16:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2010-10-27 10:13:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk [2010-10-25 18:24:41 | 001,136,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc [2010-10-21 20:59:43 | 000,325,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc [2010-10-19 17:36:56 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk [2010-10-06 20:32:00 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc [2010-09-02 16:25:42 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-02 15:06:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\mistrz.ini [2010-09-01 15:00:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-08-05 13:51:33 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-08-02 20:32:55 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-02 20:32:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-08-02 20:32:16 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2010-08-02 19:20:15 | 003,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-02 19:15:03 | 000,017,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-02 18:51:28 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini [2010-08-02 18:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-08-02 18:42:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-08-02 18:42:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-08-02 18:39:24 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-08-02 18:39:23 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-06-10 00:45:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2009-06-10 00:45:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2009-06-10 00:45:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2009-06-10 00:45:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2009-06-10 00:45:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2009-06-10 00:45:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2009-06-10 00:45:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2009-06-10 00:45:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2009-06-10 00:45:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2009-06-10 00:45:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2009-06-10 00:45:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2009-06-10 00:45:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2009-06-10 00:45:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2009-06-10 00:45:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2009-06-10 00:45:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2009-06-10 00:45:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2009-06-10 00:45:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2009-06-10 00:45:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2009-06-10 00:45:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2009-06-10 00:45:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2009-06-10 00:45:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2009-06-10 00:45:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2009-06-10 00:45:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2009-06-10 00:45:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2009-06-10 00:45:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2009-06-10 00:45:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2009-06-10 00:45:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2009-06-10 00:45:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2009-06-10 00:45:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2009-06-10 00:45:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2009-06-10 00:45:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2009-06-10 00:45:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2009-06-10 00:45:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2009-06-10 00:45:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2009-06-10 00:45:00 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2009-06-10 00:45:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2009-06-10 00:45:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2010-08-02 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-09-09 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-11-21 12:22:43 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2010-08-02 18:37:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2009-06-10 00:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-11-17 08:08:58 | 000,177,664 | RHS- | M] () -- C:\et3ypes.exe [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () -- C:\i00dvoym.exe [2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-11-21 12:14:09 | 000,166,482 | ---- | M] () -- C:\mksbasel.cpp.log [2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-06-10 00:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-06-10 00:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-11-21 12:27:56 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-06-10 00:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Extras.txt [log] OTL Extras logfile created on: 2010-11-21 12:42:00 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 68,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,55 Gb Total Space | 59,31 Gb Free Space | 79,55% Space Free | Partition Type: NTFS Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{B28B351F-1232-46EA-85EF-B8EA91641045}" = Nero 7 Essentials "{D928C220-0A77-11D4-A090-0050049D1C2E}" = TI'99-U "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast5" = avast! Free Antivirus "Cenzurka 7.4_is1" = Cenzurka 7.4 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Moja Droga Do Szkoły" = Moja Droga Do Szkoły "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "SkanerOnline" = Skaner on-line mks_vir "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-11-15 15:43:20 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-15 15:43:26 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-15 15:43:33 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-15 15:47:35 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-19 14:24:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:34:10 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:34:27 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:34:40 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:34:51 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:37:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2010-11-21 07:21:50 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7034 Description = Usługa avast! Antivirus niespodziewanie zakończyła pracę. Wystąpiło to razy: 22. Error - 2010-11-21 07:25:06 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2010-11-21 07:26:13 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss Tcpip Error - 2010-11-21 07:27:04 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-21 07:28:28 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-21 07:29:52 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot < End of report > [/log] log.txt [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-11-21 12:35:56 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 61 GB (80%) free of 76 GB Total RAM: 767 MB (70% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-06-10 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-02 39408] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "king_mg"=C:\WINDOWS\system32\mgking.exe [2010-11-20 178688] "wsctf.exe"=wsctf.exe [] "EXPLORER.EXE"=C:\WINDOWS\EXPLORER.EXE [2009-06-10 1035264] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-10 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-11-21 12:35:57 ----D---- C:\Program Files\trend micro 2010-11-21 12:35:56 ----D---- C:\rsit 2010-11-21 12:35:21 ----D---- C:\_OTL 2010-11-21 12:28:05 ----D---- C:\WINDOWS\CSC 2010-11-21 12:24:26 ----A---- C:\WINDOWS\ntbtlog.txt 2010-11-21 11:01:55 ----D---- C:\WINDOWS\LastGood 2010-11-20 21:16:16 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys 2010-11-20 21:15:03 ----D---- C:\Program Files\Panda Security 2010-11-20 17:08:14 ----RSH---- C:\WINDOWS\system32\mgking0.dll 2010-11-20 09:44:43 ----RSH---- C:\i00dvoym.exe 2010-11-20 09:44:17 ----RSH---- C:\WINDOWS\system32\mgking1.dll 2010-11-20 09:44:03 ----RSH---- C:\et3ypes.exe 2010-11-20 09:43:37 ----RSH---- C:\WINDOWS\system32\mgking.exe 2010-11-20 09:43:37 ----ASH---- C:\WINDOWS\system32\EXPLORER.EXE(1).VIR 2010-11-18 19:38:35 ----D---- C:\Program Files\Adobe 2010-11-18 19:38:16 ----SHD---- C:\Config.Msi 2010-11-14 20:51:37 ----D---- C:\Program Files\SkanerOnline 2010-11-04 17:03:11 ----D---- C:\Documents and Settings\Administrator\Dane aplikacji\Help 2010-11-03 22:10:40 ----D---- C:\Program Files\Educat 2010-11-03 19:11:27 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2010-10-27 10:41:22 ----A---- C:\WINDOWS\_delis32.ini 2010-10-27 10:39:55 ----RA---- C:\WINDOWS\system32\drivers\fetnd5b.sys 2010-10-27 10:39:49 ----RA---- C:\WINDOWS\system32\ntsim.sys 2010-10-27 10:32:35 ----A---- C:\WINDOWS\system32\ChCfg.exe 2010-10-27 10:32:22 ----RA---- C:\WINDOWS\system32\drivers\alcxwdm.sys 2010-10-27 10:32:06 ----D---- C:\Program Files\Realtek AC97 2010-10-27 10:32:06 ----A---- C:\WINDOWS\system32\RTLCPL.exe 2010-10-27 10:32:04 ----A---- C:\WINDOWS\soundman.exe 2010-10-27 10:32:03 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll 2010-10-27 10:32:02 ----A---- C:\WINDOWS\alcupd.exe 2010-10-27 10:32:02 ----A---- C:\WINDOWS\Alcrmv.exe 2010-10-27 10:24:47 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys 2010-10-27 10:24:40 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys 2010-10-27 10:24:38 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys 2010-10-27 10:24:35 ----A---- C:\WINDOWS\system32\drivers\aec.sys 2010-10-27 10:24:32 ----A---- C:\WINDOWS\system32\drivers\splitter.sys 2010-10-27 10:22:50 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys 2010-10-27 10:20:43 ----A---- C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2010-10-27 10:20:40 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-10-27 10:20:25 ----A---- C:\WINDOWS\IsUninst.exe 2010-10-27 10:18:42 ----A---- C:\WINDOWS\system32\drivers\SET5.tmp 2010-10-27 10:16:52 ----A---- C:\WINDOWS\system32\drivers\SET3C.tmp 2010-10-27 10:16:51 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys 2010-10-27 10:16:44 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys 2010-10-27 10:16:42 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010-10-27 10:16:39 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys 2010-10-27 10:16:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\ksuser.dll 2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\drivers\portcls.sys 2010-10-27 10:16:16 ----A---- C:\WINDOWS\system32\drivers\drmk.sys 2010-10-27 10:16:14 ----D---- C:\Program Files\VIA Technologies, INC 2010-10-27 10:16:14 ----A---- C:\WINDOWS\system32\UnAudioNT.dll 2010-10-27 10:16:11 ----A---- C:\WINDOWS\IsUn0415.exe 2010-10-27 10:13:55 ----D---- C:\Program Files\Lavalys ======List of files/folders modified in the last 1 months====== 2010-11-21 12:35:57 ----RD---- C:\Program Files 2010-11-21 12:28:05 ----D---- C:\WINDOWS 2010-11-21 12:23:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-21 12:14:42 ----D---- C:\WINDOWS\Prefetch 2010-11-21 11:01:56 ----HD---- C:\WINDOWS\inf 2010-11-21 11:01:53 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-21 10:52:53 ----D---- C:\WINDOWS\Temp 2010-11-21 10:39:27 ----D---- C:\WINDOWS\system32 2010-11-20 21:16:16 ----D---- C:\WINDOWS\system32\drivers 2010-11-20 21:14:49 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-11-18 19:39:34 ----SHD---- C:\WINDOWS\Installer 2010-11-18 19:38:49 ----D---- C:\Program Files\Common Files\Adobe 2010-11-18 19:38:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-11-15 18:53:49 ----A---- C:\WINDOWS\NeroDigital.ini 2010-11-14 18:01:44 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-03 21:21:28 ----D---- C:\Program Files\Mozilla Firefox 2010-11-02 18:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-10-27 17:53:46 ----D---- C:\WINDOWS\system32\CatRoot 2010-10-27 10:32:02 ----HD---- C:\Program Files\InstallShield Installation Information 2010-10-27 10:31:50 ----D---- C:\Program Files\Common Files\InstallShield 2010-10-27 10:07:04 ----SD---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-06-10 61696] R0 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880] R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-07-05 40448] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2009-06-10 20608] S0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-06-10 41856] S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-06-10 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [] S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-06-10 61824] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408] S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2010-10-27 88960] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-10 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-10 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-02 182768] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-06-10 14336] -----------------EOF----------------- [/log]
Tomek01 komentarz 21 listopada 2010 komentarz 21 listopada 2010 Tym razem infekcja z pendrive'a. Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe () O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [wsctf.exe] File not foundO33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\AutoRun\command - "" = i9bwjpqc.exe O33 - MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\Shell\open\Command - "" = i9bwjpqc.exe O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\AutoRun\command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () O33 - MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\Shell\open\Command - "" = C:\i00dvoym.exe -- [2010-11-20 17:22:05 | 000,178,688 | RHS- | M] () O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\AutoRun\command - "" = K:\i00dvoym.exe -- File not found O33 - MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\Shell\open\Command - "" = K:\i00dvoym.exe -- File not found :Files C:\autorun.inf C:\WINDOWS\System32\mgking0.dll C:\WINDOWS\System32\mgking1.dll C:\WINDOWS\System32\mgking.exe C:\i00dvoym.exe C:\et3ypes.exe i00dvoym.exe\alldrivers et3ypes.exe\alldrivers i9bwjpqc.exe\alldrivers :Reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "king_mg"=- "wsctf.exe"=- "EXPLORER.EXE"=- :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT. 1
maciej2123 komentarz 22 listopada 2010 Autor komentarz 22 listopada 2010 otl.txt [log] OTL logfile created on: 2010-11-22 16:43:47 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 580,00 Mb Available Physical Memory | 76,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,55 Gb Total Space | 60,26 Gb Free Space | 80,82% Space Free | Partition Type: NTFS Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-11-03 21:21:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-11-03 21:21:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2009-06-10 00:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-06-10 00:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2009-06-10 00:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2009-06-10 00:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2009-06-10 00:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-11-20 17:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 09:43:34 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-27 07:29:09 | 008,492,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-07-16 13:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-06-25 09:42:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-06-10 00:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-06-10 00:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2009-06-10 00:45:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2009-06-10 00:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-06-10 00:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-06-10 00:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-06-10 00:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2009-06-10 00:45:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2009-06-10 00:45:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-10 00:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2009-06-10 00:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-06-10 00:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2009-06-10 00:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-06-10 00:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2009-06-10 00:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2009-06-10 00:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2009-06-10 00:45:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2009-06-10 00:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2009-06-10 00:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2009-06-10 00:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2009-06-10 00:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2009-06-10 00:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-10-27 10:16:00 | 000,088,960 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM) DRV - [2010-06-28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008-09-24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008-04-13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 21:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-08-17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [2002-12-27 03:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-03 21:21:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-18 19:39:21 | 000,000,000 | ---D | M] [2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-08-04 11:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5f55aqjj.default\extensions [2010-08-04 11:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-19 21:21:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-19 21:21:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-19 21:21:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-19 21:21:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-19 21:21:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-19 21:21:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 00:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-527237240-861567501-1606980848-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-527237240-861567501-1606980848-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-11-21 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\skany [2010-11-21 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-11-21 12:35:56 | 000,000,000 | ---D | C] -- C:\rsit [2010-11-21 12:35:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010-11-21 12:28:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010-11-20 21:16:16 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010-11-20 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010-11-18 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Zabawa Ruchocice 2010 [2010-11-18 22:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\SZklarska 2010 [2010-11-18 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Konkurs fiz 2010 [2010-11-18 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-11-18 19:38:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-11-14 20:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help [2010-11-04 17:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Help [2010-11-03 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Educat [2010-10-27 10:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2010-10-27 10:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010-10-27 10:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\VIA Technologies, INC [2010-10-27 10:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-10-22 18:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp [2010-10-20 20:57:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010-10-20 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\konkurs fizyczny 2010 [2010-10-19 17:36:55 | 000,000,000 | ---D | C] -- C:\Aplikacja ANT [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-11-22 16:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-22 16:09:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-11-22 16:04:28 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-11-22 16:04:28 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-11-21 19:27:49 | 003,757,924 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-11-21 19:00:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-11-21 16:40:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-11-21 16:39:19 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-21 12:33:52 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc [2010-11-20 20:00:01 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-11-19 18:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-18 22:33:39 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc [2010-11-18 19:39:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-11-15 18:53:53 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls [2010-11-14 20:26:46 | 000,017,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010-11-03 22:10:41 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk [2010-11-03 19:11:36 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-11-02 18:26:31 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-11-02 18:26:31 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-11-02 18:26:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-02 18:26:31 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-11-02 18:26:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-10-27 10:41:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini [2010-10-27 10:13:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk [2010-10-25 18:24:42 | 001,136,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc [2010-10-21 21:00:29 | 000,325,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc [2010-10-19 17:36:57 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk [2010-10-17 17:45:52 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-10-13 21:04:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-10-13 20:52:27 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-21 12:33:52 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Nowy Dokument programu Microsoft Word .doc [2010-11-18 22:31:00 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Word .doc [2010-11-18 19:38:55 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-11-03 22:10:41 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Cenzurka 7.4.lnk [2010-11-03 19:11:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-10-27 10:41:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2010-10-27 10:32:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-10-27 10:32:06 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav [2010-10-27 10:32:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-10-27 10:16:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2010-10-27 10:13:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\EVEREST Home Edition.lnk [2010-10-25 18:24:41 | 001,136,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Rozkład materiału nauczania i wychowania.doc [2010-10-21 20:59:43 | 000,325,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wymagania na oceny z fizyki.doc [2010-10-19 17:36:56 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Aplikacja ANT.lnk [2010-10-06 20:32:00 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Plan napr.2010-11.doc [2010-09-02 16:25:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-02 15:06:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\mistrz.ini [2010-09-01 15:00:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-08-05 13:51:33 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-08-02 20:32:55 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-02 20:32:54 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-08-02 20:32:16 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2010-08-02 19:20:15 | 003,757,924 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-02 19:15:03 | 000,017,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-02 18:51:28 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini [2010-08-02 18:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-08-02 18:42:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-08-02 18:42:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-08-02 18:39:24 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-08-02 18:39:23 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-06-10 00:45:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2009-06-10 00:45:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2009-06-10 00:45:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2009-06-10 00:45:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2009-06-10 00:45:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2009-06-10 00:45:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2009-06-10 00:45:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2009-06-10 00:45:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2009-06-10 00:45:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2009-06-10 00:45:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2009-06-10 00:45:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2009-06-10 00:45:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2009-06-10 00:45:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2009-06-10 00:45:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2009-06-10 00:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2009-06-10 00:45:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2009-06-10 00:45:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2009-06-10 00:45:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2009-06-10 00:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2009-06-10 00:45:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2009-06-10 00:45:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2009-06-10 00:45:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2009-06-10 00:45:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2009-06-10 00:45:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2009-06-10 00:45:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2009-06-10 00:45:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2009-06-10 00:45:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2009-06-10 00:45:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2009-06-10 00:45:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2009-06-10 00:45:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2009-06-10 00:45:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2009-06-10 00:45:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2009-06-10 00:45:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2009-06-10 00:45:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2009-06-10 00:45:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2009-06-10 00:45:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2009-06-10 00:45:00 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2009-06-10 00:45:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2009-06-10 00:45:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [1999-01-22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2010-08-02 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-09-09 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-11-14 16:35:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-08-02 18:37:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2009-06-10 00:45:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-08-02 18:46:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-11-21 12:14:09 | 000,166,482 | ---- | M] () -- C:\mksbasel.cpp.log [2010-08-02 18:46:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-06-10 00:45:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-06-10 00:45:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-11-22 16:42:25 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2009-06-10 00:45:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-06-10 00:45:00 | 017,821,884 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009-06-10 00:45:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2009-06-10 00:45:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2009-06-10 00:45:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009-06-10 00:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] extras.txt [log] OTL Extras logfile created on: 2010-11-22 16:43:47 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 580,00 Mb Available Physical Memory | 76,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,55 Gb Total Space | 60,26 Gb Free Space | 80,82% Space Free | Partition Type: NTFS Computer Name: PCRUBCZYNSKICH | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{B28B351F-1232-46EA-85EF-B8EA91641045}" = Nero 7 Essentials "{D928C220-0A77-11D4-A090-0050049D1C2E}" = TI'99-U "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast5" = avast! Free Antivirus "Cenzurka 7.4_is1" = Cenzurka 7.4 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Moja Droga Do Szkoły" = Moja Droga Do Szkoły "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "SkanerOnline" = Skaner on-line mks_vir "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-11-20 05:34:51 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 05:37:45 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 9.0.0.2823, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 12:38:34 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.2.3951, moduł powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5. Error - 2010-11-20 12:38:39 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący błąd dbghelp.dll, wersja 5.1.2600.5512, adres błędu 0x0001295d. Error - 2010-11-20 12:38:50 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca crashreporter.exe, wersja 1.9.2.3951, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 12:39:03 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.2.3951, moduł powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5. Error - 2010-11-20 12:39:17 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5. Error - 2010-11-20 12:39:41 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 12:39:44 | Computer Name = PCRUBCZYNSKICH | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca crashreporter.exe, wersja 1.9.2.3951, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-20 12:44:34 | Computer Name = PCRUBCZYNSKICH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł powodujący błąd comctl32.dll, wersja 6.0.2900.6028, adres błędu 0x00026fe5. [ System Events ] Error - 2010-11-22 09:47:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot Error - 2010-11-22 11:04:27 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-22 11:09:59 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7022 Description = Usługa avast! Antivirus zawiesiła się podczas uruchamiania. Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7022 Description = Usługa avast! Antivirus zawiesiła się podczas uruchamiania. Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7001 Description = Usługa avast! Mail Scanner zależy od usługi avast! Antivirus, której nie można uruchomić z powodu następującego błędu: %%1070 Error - 2010-11-22 11:13:57 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7031 Description = Usługa avast! Antivirus niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-11-22 11:17:53 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-22 11:19:17 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot Error - 2010-11-22 11:42:56 | Computer Name = PCRUBCZYNSKICH | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010-11-22 11:44:22 | Computer Name = PCRUBCZYNSKICH | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 AmdK7 aswSP aswTdi Fips pavboot < End of report > [/log] log.txt [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-11-22 17:24:02 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 62 GB (81%) free of 76 GB Total RAM: 767 MB (80% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:24:08, on 2010-11-22 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 5797 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-06-10 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-02 39408] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-10 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=0xFFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-11-21 12:35:57 ----D---- C:\Program Files\trend micro 2010-11-21 12:35:56 ----D---- C:\rsit 2010-11-21 12:35:21 ----D---- C:\_OTL 2010-11-21 12:28:05 ----SHD---- C:\WINDOWS\CSC 2010-11-21 12:24:26 ----A---- C:\WINDOWS\ntbtlog.txt 2010-11-20 21:16:16 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys 2010-11-20 21:15:03 ----D---- C:\Program Files\Panda Security 2010-11-20 09:43:37 ----ASH---- C:\WINDOWS\system32\EXPLORER.EXE(1).VIR 2010-11-18 19:38:35 ----D---- C:\Program Files\Adobe 2010-11-18 19:38:16 ----SHD---- C:\Config.Msi 2010-11-14 20:51:37 ----D---- C:\Program Files\SkanerOnline 2010-11-04 17:03:11 ----D---- C:\Documents and Settings\Administrator\Dane aplikacji\Help 2010-11-03 22:10:40 ----D---- C:\Program Files\Educat 2010-11-03 19:11:27 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2010-10-27 10:41:22 ----A---- C:\WINDOWS\_delis32.ini 2010-10-27 10:39:55 ----RA---- C:\WINDOWS\system32\drivers\fetnd5b.sys 2010-10-27 10:39:49 ----RA---- C:\WINDOWS\system32\ntsim.sys 2010-10-27 10:32:35 ----A---- C:\WINDOWS\system32\ChCfg.exe 2010-10-27 10:32:22 ----RA---- C:\WINDOWS\system32\drivers\alcxwdm.sys 2010-10-27 10:32:06 ----D---- C:\Program Files\Realtek AC97 2010-10-27 10:32:06 ----A---- C:\WINDOWS\system32\RTLCPL.exe 2010-10-27 10:32:04 ----A---- C:\WINDOWS\soundman.exe 2010-10-27 10:32:03 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll 2010-10-27 10:32:02 ----A---- C:\WINDOWS\alcupd.exe 2010-10-27 10:32:02 ----A---- C:\WINDOWS\Alcrmv.exe 2010-10-27 10:24:47 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys 2010-10-27 10:24:40 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys 2010-10-27 10:24:38 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys 2010-10-27 10:24:35 ----A---- C:\WINDOWS\system32\drivers\aec.sys 2010-10-27 10:24:32 ----A---- C:\WINDOWS\system32\drivers\splitter.sys 2010-10-27 10:22:50 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys 2010-10-27 10:20:43 ----A---- C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2010-10-27 10:20:40 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-10-27 10:20:25 ----A---- C:\WINDOWS\IsUninst.exe 2010-10-27 10:16:51 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys 2010-10-27 10:16:44 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys 2010-10-27 10:16:42 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010-10-27 10:16:39 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys 2010-10-27 10:16:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\ksuser.dll 2010-10-27 10:16:23 ----A---- C:\WINDOWS\system32\drivers\portcls.sys 2010-10-27 10:16:16 ----A---- C:\WINDOWS\system32\drivers\drmk.sys 2010-10-27 10:16:14 ----D---- C:\Program Files\VIA Technologies, INC 2010-10-27 10:16:14 ----A---- C:\WINDOWS\system32\UnAudioNT.dll 2010-10-27 10:16:11 ----A---- C:\WINDOWS\IsUn0415.exe 2010-10-27 10:13:55 ----D---- C:\Program Files\Lavalys ======List of files/folders modified in the last 1 months====== 2010-11-22 16:09:58 ----D---- C:\WINDOWS 2010-11-22 16:09:50 ----D---- C:\WINDOWS\Temp 2010-11-22 16:02:53 ----D---- C:\WINDOWS\system32\drivers 2010-11-22 16:02:53 ----D---- C:\WINDOWS\system32 2010-11-22 14:42:00 ----D---- C:\WINDOWS\Prefetch 2010-11-22 14:37:39 ----HD---- C:\WINDOWS\inf 2010-11-22 14:37:39 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-21 19:27:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-21 16:40:46 ----A---- C:\WINDOWS\NeroDigital.ini 2010-11-21 12:35:57 ----RD---- C:\Program Files 2010-11-20 21:14:49 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-11-18 19:39:34 ----SHD---- C:\WINDOWS\Installer 2010-11-18 19:38:49 ----D---- C:\Program Files\Common Files\Adobe 2010-11-18 19:38:48 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-11-14 18:01:44 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-03 21:21:28 ----D---- C:\Program Files\Mozilla Firefox 2010-11-02 18:26:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-10-27 17:53:46 ----D---- C:\WINDOWS\system32\CatRoot 2010-10-27 10:32:02 ----HD---- C:\Program Files\InstallShield Installation Information 2010-10-27 10:31:50 ----D---- C:\Program Files\Common Files\InstallShield 2010-10-27 10:07:04 ----SD---- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-06-10 61696] R0 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880] R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-07-05 40448] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2009-06-10 20608] S0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2009-06-10 41856] S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-06-10 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [] S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-06-10 61824] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408] S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2010-10-27 88960] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-10 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-10 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-02 182768] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-06-10 14336] -----------------EOF----------------- [/log] wynik usuwania [log] All processes killed ========== PROCESSES ========== Process Explorer.exe killed successfully! ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully. Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved. Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg deleted successfully. C:\WINDOWS\system32\mgking.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-527237240-861567501-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54fe311c-a858-11df-a730-000c6e5ddb5f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54fe311c-a858-11df-a730-000c6e5ddb5f}\ not found. File i9bwjpqc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found. C:\i00dvoym.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75ad0e67-9e67-11df-83d3-806d6172696f}\ not found. File C:\i00dvoym.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found. K:\i00dvoym.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3806ec-b5d1-11df-a73e-000c6e5ddb5f}\ not found. File K:\i00dvoym.exe not found. ========== FILES ========== C:\autorun.inf moved successfully. C:\WINDOWS\System32\mgking0.dll moved successfully. C:\WINDOWS\System32\mgking1.dll moved successfully. File\Folder C:\WINDOWS\System32\mgking.exe not found. File\Folder C:\i00dvoym.exe not found. C:\et3ypes.exe moved successfully. Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved. File\Folder i00dvoym.exe\alldrivers not found. File\Folder et3ypes.exe\alldrivers not found. File\Folder i9bwjpqc.exe\alldrivers not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 766139294 bytes ->Temporary Internet Files folder emptied: 15176581 bytes ->FireFox cache emptied: 58010409 bytes ->Flash cache emptied: 2828268 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66351 bytes ->Temporary Internet Files folder emptied: 129598 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 255488 bytes Windows Temp folder emptied: 38081031 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 840,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11222010_160232 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log]
Tomek01 komentarz 22 listopada 2010 komentarz 22 listopada 2010 To znalazł mks, śmiało usunąć ręcznie. W OTL użyj opcji CleanUp. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum. 1
maciej2123 komentarz 24 listopada 2010 Autor komentarz 24 listopada 2010 Anti-Malvare [log] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 5177 Windows 5.1.2600 Dodatek Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2010-11-23 21:55:56 Anti-Malware Typ skanowania: Pełne skanowanie (C:\|) Przeskanowano obiektów: 168559 Upłynęło: 21 minut(y), 4 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 1 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 6 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP68\A0021715.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0034005.exe (Spyware.PWS) -> No action taken. C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0035030.exe (Spyware.PWS) -> No action taken. C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0035034.exe (Spyware.PWS) -> No action taken. C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73\A0036051.EXE (Password.Stealer) -> No action taken. C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76\A0040195.exe (Spyware.PWS) -> No action taken. [/log] Dr Web [log] A0021715.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP68;Win32.HLLW.Autoruner.34791;Niewyleczalny.Usunięty.; A0034005.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.; A0035030.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.; A0035034.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.; A0035035.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.; A0035044.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.; A0036044.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.; A0036051.EXE;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;BackDoor.Generic.1451;Usunięty.; A0036056.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.; A0036065.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP73;Trojan.AVKill.3058;Usunięty.; A0036111.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.; A0036122.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.; A0036134.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.; A0036149.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Trojan.AVKill.3058;Usunięty.; A0036150.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP74;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.; A0040195.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.35438;Niewyleczalny.Przeniesiony.; A0040196.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.; A0040197.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Trojan.AVKill.3058;Usunięty.; A0040198.dll;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Trojan.AVKill.3058;Usunięty.; A0040200.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.35339;Niewyleczalny.Przeniesiony.; A0040201.exe;C:\System Volume Information\_restore{B1221700-AE9A-4673-A8B2-9C51297B77C3}\RP76;Win32.HLLW.Autoruner.36214;Niewyleczalny.Przeniesiony.; [/log]
Tomek01 komentarz 24 listopada 2010 komentarz 24 listopada 2010 Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach. Usuń klucz, który wykrył Mbam ( w trybie skanu). To byłoby wszystko. System jest czysty. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.