leon_w utworzono 17 grudnia 2010 utworzono 17 grudnia 2010 Witam, Od jakiegoś czasu na moich przeglądarkach (mozilla i IE) ustawia się strona startowa "qooqlle". Mimo ustawienia innej, po restarcie kompa zawsze ustawia sie "qooqlle". Prubowałem przeskanowac kompa Malwarebytes' Anti-Malware, nawet cos znalazl i usunął, ale problem pozostał. System windows vista home basic, 32 bitowy Logi: [log]OTL Extras logfile created on: 2010-12-17 17:42:17 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rybcia\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 11,78 Gb Free Space | 19,64% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 41,36 Gb Free Space | 68,94% Space Free | Partition Type: NTFS Drive E: | 28,05 Gb Total Space | 17,73 Gb Free Space | 63,21% Space Free | Partition Type: NTFS Computer Name: RYBCIA-PC | User Name: Rybcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{191E0701-14E1-4283-956D-643D68EF9444}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{26E18894-FF36-42B1-B568-BB326A5EABAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FE29153-67D5-4BDD-9E57-BA9DEE4188B2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3BB71F59-AF2D-4748-8F06-708F6AE66304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{440468FA-A5D7-4C9F-BD53-EACF0EA283F0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{470568E2-66E6-4437-A4E8-AC4C6D861049}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{4A897434-DF60-498A-BF30-286900DD2A79}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{589A2950-A578-4137-B2FA-92C7080AFEA2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{62660398-0F17-4107-9A2D-6998D3047ACB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6BADE3FB-4284-4FC5-B4F0-F94E2349F55C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6EB97094-9E91-4DCB-B05D-978C3BFFE092}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6FC4F9C9-3834-4779-A45E-4F9AA87B16AA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{72848565-3B82-4124-811A-48EA69BCA2C2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{773DB696-6EFE-47F0-9021-B84698CC674C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{77F93525-B9D3-40CC-9A73-331D5E3FC67F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{80F4654F-3D35-4F38-B43F-0CE85392ED11}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{823ED6BE-67E3-465E-A910-62CEC68AE5AD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{82CB1DA8-7E9A-4470-A75D-67FA48D57EAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{880BC97F-F606-47E1-B480-05FFC0693BC1}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{8CCE9039-9F5E-4CEF-918C-C9C8111F8ADF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{944F3894-F224-4BA0-94D3-B241E3552B14}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{ABA1D1F0-1245-49FC-AE69-332D62EE3704}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{AF5D2A18-52EF-4B79-A68E-4538256D2FE2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4A9DA6B-74C9-4C42-AC76-0BD77D85F308}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{B536B7D5-EBEA-40F2-A7B4-0FBB71DD9972}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B6745AD4-1656-4E84-A8D0-CB0777AF1F07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB57A100-B68E-436C-A23D-4693FCF2D7C6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C245BA1E-5F2D-4BA8-BBB8-D4807BA0D5DA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{C2E98927-B850-49F3-BB64-BF74D58CD1EA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C5A2FA85-8703-4E80-A97F-E85363E1C6DD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C65A9E91-BEEF-45B9-A980-F3C2C7DA176F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CC78C95B-67B1-49DD-92BF-A9D6FE597B77}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D0FC839F-CDC8-48C3-A00D-A44FF0C6685D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7D45426-BCE3-457C-9003-330993300579}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{E5459AD7-8706-4A41-881D-B25B0AE49C7F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{E946131A-BF86-445B-9643-0ACA25EFDBC8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EC09BA49-4E1A-44E2-AEA1-9A2CE13AFB65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{ED06CF83-758B-4829-B6C9-4C2D6F1741DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{021E3650-072D-44AB-8518-9EDDB1D29767}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{02239491-CE60-4260-B1AA-0ED6668EA1C3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0A762005-7D44-41CE-8928-4844D2D70E69}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{0C1A69F4-6DC3-45BA-875A-3F6C232288CA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0DEDFB7D-79A5-4981-BCF1-969C94E15275}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{2A8F4048-9A54-495B-880A-37B66307CB73}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2CFEE533-2B0D-45DB-85A3-5510D02D7BB0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{35B1446D-DB98-43F7-A630-BB2C9328004A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{399DA14C-40A2-40CE-8DAA-EA65AE12D186}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{462E05D5-BF52-43E8-AF37-2201CD9B517A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4DDDD3C8-1725-4207-A13B-DE845388BC4F}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{5696790E-C2FA-4A63-BB68-F2B955E41FF9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{57A13F58-F461-4CE6-8EF0-4D4B5AA5AD6E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FA63B2A-0DFC-4D34-A91E-FA970FA6D4AA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{735D747E-CDF7-4713-A23B-B8FD0EC9EFA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{74DAFF3A-9F32-4A5C-9361-FD41030E0C50}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4222704-9A06-4BF2-8F5E-5C26C9295130}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B5F049CD-ADC5-4854-8491-95A22D709F92}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9F5F74B-BDCE-490F-87E9-CAAAFD0960B5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{BAC5F0FE-A1D0-4E28-8099-21108A389471}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C21EE91F-5E01-4528-BA88-D621DE602440}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C48967BC-078C-40DA-8605-93E998525605}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D9920BDE-E053-4AB5-B9A6-D97D52B9B2CB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{E477C1A2-255B-4F67-99AB-054C87FD95B0}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{E78D2D65-8860-49C4-81BB-43B8EA040A83}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED19F409-5163-48A4-9152-60A3402F46E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F2AA3FED-C664-4AEF-97FB-CE55BC3FA5B5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F30247DD-552C-4E49-9424-17B8439D7812}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FEA9B0B4-A0DC-40B8-A238-36B1CBDB9C62}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{117287FE-64CE-4C30-B82F-78A325AE4B28}D:\gry\serious sam\bin\serioussam.exe" = protocol=6 | dir=in | app=d:\gry\serious sam\bin\serioussam.exe | "TCP Query User{12000210-1508-4BA5-944E-617252B8C946}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{5B370856-3305-4FEC-9013-44C49AB2E230}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{95B4CB90-CBC4-437D-8515-4D844F7A66B1}D:\gry\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\counter-strike 1.6\hl.exe | "TCP Query User{A82DD9C1-86CC-4F5F-87B7-F6EC11A2593C}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{B1864BC8-88C7-4C18-908B-4DDF220EF4BB}F:\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=f:\counter-strike 1.6\hl.exe | "TCP Query User{B2EF484A-E7B3-4C38-A527-A37A5DAE42A9}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{C4927CC7-1003-4786-B7C4-A0FB126E64B9}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe | "TCP Query User{EF35CEC8-C3DF-4E7E-9CB2-F5B8F097AE6A}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{F85D55AE-5FD3-4925-BC0F-C6B5681E9315}D:\gry\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\gry\counter-strike 1.6\hl.exe | "UDP Query User{2C81EAB4-7F92-4CAB-A6AB-1D1B52D4E395}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{2D928810-9814-4439-9228-6EA1F8CCDC9B}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{2FDE4721-29E5-4433-B3FB-2711F767F06B}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{3B1E4D77-160D-46C0-AEF3-488D7AEFA148}D:\gry\serious sam\bin\serioussam.exe" = protocol=17 | dir=in | app=d:\gry\serious sam\bin\serioussam.exe | "UDP Query User{3C58EAE8-52C5-45FA-BDA3-342945F9581D}D:\gry\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\counter-strike 1.6\hl.exe | "UDP Query User{863AC858-C565-41CD-8F98-94EE669A782B}D:\gry\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\gry\counter-strike 1.6\hl.exe | "UDP Query User{945D3AB2-156F-46B2-90CA-7D62CC423A8B}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe | "UDP Query User{C9FB773B-CB03-4385-9F92-4DA127295EB0}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{DF0D8D89-4513-4A4C-926A-10A005763F75}F:\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=f:\counter-strike 1.6\hl.exe | "UDP Query User{E63E8399-22DC-4769-81F7-DE4FD8A1E4AC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""SubEdit-Player"" = "SubEdit-Player" "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{45B3A3BD-F90D-48FE-A147-D74878A51045}" = Nero 7 Essentials "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A9087C0-0500-49D6-90CA-5BD512A5BE88}" = Symantec Real Time Storage Protection Component "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update "{819C8257-BEA2-4599-BB00-9C83881CDF12}" = SymNet "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{B52D7A21-03E5-4C0C-82FA-FD8EB4C92149}" = AxessManager "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI "{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Agere Systems Soft Modem" = Agere Systems HDA Modem "avast5" = avast! Free Antivirus "Big Kahuna Reef 2" = Big Kahuna Reef 2 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "EzManual" = EzManual "ffdshow_is1" = ffdshow [rev 2639] [2009-01-27] "HDMI" = Intel(R) Graphics Media Accelerator Driver "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Miranda Chrome" = Miranda Chrome 1.0.3 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Poradnik wędkarza_is1" = Poradnik wędkarza "QuickTime" = QuickTime "RealAlt_is1" = Real Alternative 1.9.0 Lite "SkanerOnline" = Skaner on-line mks_vir "Speed Reader PL_is1" = Speed Reader PL "SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch "SubEdit-Player_is1" = SubEdit-Player "SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tlen.pl" = Tlen.pl "Winamp" = Winamp (remove only) "WinRAR archiver" = Archiwizator WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "Zumas Revenge! - Adventure" = Zumas Revenge! - Adventure [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2009-03-29 13:05:40 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-03-30 06:44:49 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-03-30 16:02:43 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-03-31 08:24:39 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-04-01 09:09:07 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-04-01 21:12:07 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-04-02 08:33:28 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-04-02 12:37:15 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2009-04-03 08:43:40 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = Error - 2010-08-15 14:28:34 | Computer Name = Rybcia-PC | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 2010-12-07 14:57:14 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18975, sygnatura czasowa 0x4c8710a6, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.18975, sygnatura czasowa 0x4c87263d, kod wyjątku 0xc0000005, przesunięcie błędu 0x0042e98d, identyfikator procesu 0xa10, godzina rozpoczęcia aplikacji 0x01cb963162546789. Error - 2010-12-08 13:33:19 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xc90, godzina rozpoczęcia aplikacji 0x01cb96fdff593419. Error - 2010-12-10 06:43:52 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xc58, godzina rozpoczęcia aplikacji 0x01cb985720e1a149. Error - 2010-12-11 05:09:59 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xda4, godzina rozpoczęcia aplikacji 0x01cb99132e9914bb. Error - 2010-12-11 09:27:21 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xd10, godzina rozpoczęcia aplikacji 0x01cb99372126f5be. Error - 2010-12-13 13:29:19 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xd2c, godzina rozpoczęcia aplikacji 0x01cb9aeb45524873. Error - 2010-12-16 12:19:10 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xdb0, godzina rozpoczęcia aplikacji 0x01cb9d3cf642b12f. Error - 2010-12-16 15:19:56 | Computer Name = Rybcia-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2010-12-17 04:20:10 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xdf8, godzina rozpoczęcia aplikacji 0x01cb9dc336a833e7. Error - 2010-12-17 04:46:26 | Computer Name = Rybcia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd AWC.exe, wersja 3.4.0.677, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc000012f, przesunięcie błędu 0x00009eed, identyfikator procesu 0xf80, godzina rozpoczęcia aplikacji 0x01cb9dc6ddf6e580. [ System Events ] Error - 2010-12-17 04:19:23 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 04:43:30 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 04:43:38 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 07:21:26 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 07:21:33 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 09:17:40 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 09:17:47 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 12:16:13 | Computer Name = Rybcia-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:14:36 na 2010-12-17 było nieoczekiwane. Error - 2010-12-17 12:15:58 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2010-12-17 12:16:05 | Computer Name = Rybcia-PC | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! < End of report > [/log] [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Rybcia at 2010-12-17 17:25:20 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 12 GB (20%) free of 61 GB Total RAM: 3063 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:25:41, on 2010-12-17 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\lg_swupdate\GiljabiStart.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\VM303_STI.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\System32\p2phost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Rybcia\Downloads\RSIT.exe C:\Program Files\trend micro\Rybcia.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [GProton] %ALLUSERSPROFILE%\GProton.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11084 bytes ======Scheduled tasks folder====== C:\Windows\tasks\AWC Startup.job C:\Windows\tasks\AWC Update.job C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac607f4664228.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Rybcia.job C:\Windows\tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "LG Intelligent Update"=C:\Program Files\lg_swupdate\giljabistart.exe [2009-04-23 251184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-20 4493312] "Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1021224] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-24 107112] "osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-10-27 22696] "MGSysCtrl"=C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe [2007-07-06 565248] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480] "InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [2006-11-24 112320] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-25 77824] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "BigDog303"=C:\Windows\VM303_STI.EXE [2006-01-24 61440] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912] "GProton"=C:\ProgramData\GProton.exe [2010-12-04 7793152] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520] "Komunikator"=C:\Program Files\Tlen.pl\tlen.exe [2009-01-17 5853672] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-13 319792] "CollaborationHost"=C:\Windows\system32\p2phost.exe [2008-01-19 192000] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-02-11 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-12-17 14:43:31 ----D---- C:\Program Files\trend micro 2010-12-17 14:43:30 ----D---- C:\rsit 2010-12-16 17:35:06 ----A---- C:\Windows\system32\tzres.dll 2010-12-16 17:34:24 ----A---- C:\Windows\system32\win32k.sys 2010-12-16 17:34:13 ----A---- C:\Windows\system32\schedsvc.dll 2010-12-16 17:34:12 ----A---- C:\Windows\system32\taskschd.dll 2010-12-16 17:34:11 ----A---- C:\Windows\system32\wmicmiplugin.dll 2010-12-16 17:34:10 ----A---- C:\Windows\system32\taskeng.exe 2010-12-16 17:34:10 ----A---- C:\Windows\system32\taskcomp.dll 2010-12-16 17:34:04 ----A---- C:\Windows\system32\consent.exe 2010-12-16 17:34:00 ----A---- C:\Windows\system32\fontsub.dll 2010-12-16 17:34:00 ----A---- C:\Windows\system32\atmlib.dll 2010-12-16 17:34:00 ----A---- C:\Windows\system32\atmfd.dll 2010-12-16 17:33:47 ----A---- C:\Windows\system32\iertutil.dll 2010-12-16 17:33:46 ----A---- C:\Windows\system32\mshtml.dll 2010-12-16 17:33:45 ----A---- C:\Windows\system32\mstime.dll 2010-12-16 17:33:45 ----A---- C:\Windows\system32\ieframe.dll 2010-12-16 17:33:38 ----A---- C:\Windows\system32\ie4uinit.exe 2010-12-16 17:33:37 ----A---- C:\Windows\system32\wininet.dll 2010-12-16 17:33:37 ----A---- C:\Windows\system32\urlmon.dll 2010-12-16 17:33:37 ----A---- C:\Windows\system32\msfeeds.dll 2010-12-16 17:33:36 ----A---- C:\Windows\system32\msfeedssync.exe 2010-12-16 17:33:36 ----A---- C:\Windows\system32\iedkcs32.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\occache.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\mshtmled.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\ieUnatt.exe 2010-12-16 17:33:35 ----A---- C:\Windows\system32\ieui.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iesysprep.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iesetup.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iepeers.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\licmgr10.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\jsproxy.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\iernonce.dll 2010-12-07 18:33:56 ----D---- C:\Users\Rybcia\AppData\Roaming\Malwarebytes 2010-12-07 18:28:37 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-12-07 18:28:36 ----D---- C:\ProgramData\Malwarebytes 2010-12-07 18:28:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-12-07 18:28:32 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-12-07 18:07:43 ----D---- C:\Program Files\SkanerOnline 2010-12-04 11:19:17 ----RASH---- C:\ProgramData\GProton.exe 2010-11-26 23:47:03 ----D---- C:\Program Files\Wolfenstein - Enemy Territory 2010-11-20 14:13:21 ----D---- C:\ProgramData\Alwil Software ======List of files/folders modified in the last 1 months====== 2010-12-17 17:25:31 ----D---- C:\Windows\Temp 2010-12-17 17:18:09 ----D---- C:\Users\Rybcia\AppData\Roaming\uTorrent 2010-12-17 15:07:33 ----D---- C:\Windows\Prefetch 2010-12-17 15:07:27 ----D---- C:\Windows\system32\catroot2 2010-12-17 15:07:23 ----SHD---- C:\System Volume Information 2010-12-17 14:43:31 ----RD---- C:\Program Files 2010-12-17 09:55:49 ----D---- C:\Windows\winsxs 2010-12-17 09:42:39 ----D---- C:\Windows\System32 2010-12-17 09:42:39 ----D---- C:\Program Files\Windows Mail 2010-12-17 09:42:38 ----D---- C:\Program Files\Internet Explorer 2010-12-17 09:42:37 ----D---- C:\Windows\system32\migration 2010-12-17 09:36:03 ----D---- C:\Windows\rescache 2010-12-17 09:25:02 ----D---- C:\Windows\system32\pl-PL 2010-12-17 09:24:29 ----D---- C:\Windows\system32\catroot 2010-12-16 17:25:19 ----A---- C:\Windows\system32\mrt.exe 2010-12-07 18:28:37 ----D---- C:\Windows\system32\drivers 2010-12-07 18:28:36 ----HD---- C:\ProgramData 2010-12-07 18:07:44 ----SD---- C:\Windows\Downloaded Program Files 2010-11-25 13:04:20 ----D---- C:\Users\Rybcia\AppData\Roaming\Mozilla 2010-11-25 13:03:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-25 13:03:26 ----D---- C:\Windows\inf 2010-11-20 14:19:11 ----D---- C:\Program Files\Alwil Software 2010-11-20 14:16:06 ----SHD---- C:\Windows\Installer 2010-11-20 14:14:51 ----D---- C:\Windows ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680] R0 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2005-12-05 20640] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-01-23 717296] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-02-27 371248] R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20090415.001\IDSvix86.sys [2009-02-09 272432] R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-11-26 36776] R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-11-26 38440] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-22 1788056] R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-07-03 9088] R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090421.006\NAVENG.SYS [2009-03-16 89104] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090421.006\NAVEX15.SYS [2009-03-16 876144] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-02 124464] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408] R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-11-26 118952] S3 ab639ko2;ab639ko2; C:\Windows\system32\drivers\ab639ko2.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 ZSMC303;VIMICRO USB PC Camera (VC0303); C:\Windows\System32\Drivers\usbVM303.sys [2006-02-23 391300] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-24 194240] R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728] R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 NishService;Evil Driver Daemon; C:\Program Files\LG Software\System Control Manager\edd.exe [2006-03-02 40960] R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024] R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-02-07 1251720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664] S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-13 182768] S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-10-27 80552] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-11-24 2541248] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- [/log] [log] OTL logfile created on: 2010-12-17 17:42:17 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rybcia\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 11,78 Gb Free Space | 19,64% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 41,36 Gb Free Space | 68,94% Space Free | Partition Type: NTFS Drive E: | 28,05 Gb Total Space | 17,73 Gb Free Space | 63,21% Space Free | Partition Type: NTFS Computer Name: RYBCIA-PC | User Name: Rybcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-12-17 14:39:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rybcia\Downloads\OTL.exe PRC - [2010-11-04 17:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-11-02 05:25:18 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-08-17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-07-24 08:56:01 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-24 08:55:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-25 21:08:08 | 000,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2009-04-23 05:26:01 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe PRC - [2009-04-11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 07:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 07:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-04-11 07:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 07:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-02-07 21:54:33 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008-02-11 19:13:12 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2008-02-11 19:13:10 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008-02-11 19:13:08 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008-02-11 19:13:02 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2008-01-19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 08:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-11-26 14:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-11-26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-11-26 14:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-09-15 01:50:54 | 001,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007-07-06 13:44:04 | 000,565,248 | ---- | M] (MSI) -- C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe PRC - [2007-06-20 08:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-05-31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe PRC - [2007-05-14 03:54:36 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-03-14 21:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PRC - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe PRC - [2006-11-24 13:03:34 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006-11-24 13:03:34 | 000,112,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE PRC - [2006-10-24 23:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006-09-20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2006-03-10 18:45:12 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2006-03-02 16:43:24 | 000,040,960 | ---- | M] () -- C:\Program Files\LG Software\System Control Manager\edd.exe PRC - [2006-01-24 22:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-12-17 14:39:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rybcia\Downloads\OTL.exe MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-07-26 16:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-06-28 18:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 17:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-09-24 23:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-17 14:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 15:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 15:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 13:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 07:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 07:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 07:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 07:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 07:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 07:28:24 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-11 07:28:24 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-04-11 07:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 07:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 07:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 07:28:23 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-04-11 07:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 07:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 07:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 07:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 07:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 07:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 07:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 07:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 07:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 07:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 07:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 07:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-11 07:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2008-01-19 08:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 08:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 08:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 08:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-19 08:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 08:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-02-07 21:54:33 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-11-26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash) SRV - [2006-11-24 13:03:34 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006-11-24 13:03:34 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2006-10-27 00:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-09-20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006-03-02 16:43:24 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\LG Software\System Control Manager\edd.exe -- (NishService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-04-11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-04-02 17:07:56 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009-03-16 09:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090421.006\NAVEX15.SYS -- (NAVEX15) DRV - [2009-03-16 09:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090421.006\NAVENG.SYS -- (NAVENG) DRV - [2009-02-27 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009-02-27 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009-02-09 23:59:20 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ids-diskless\20090415.001\IDSvix86.sys -- (IDSvix86) DRV - [2009-01-23 14:35:40 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-01-13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-10-03 13:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2008-10-03 13:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2008-10-03 13:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2008-10-03 13:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2008-10-03 13:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2008-10-03 13:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2008-02-11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007-11-30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007-11-30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007-11-30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007-11-26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-11-26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-11-26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-09-15 01:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007-06-22 09:34:12 | 001,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-04-03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2007-04-02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2007-03-05 20:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-11-28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006-11-02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-10-06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006-07-03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-02-23 00:30:00 | 000,391,300 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303) VIMICRO USB PC Camera (VC0303) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-24 08:56:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-24 08:56:46 | 000,000,000 | ---D | M] [2010-04-08 10:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\mozilla\Extensions [2010-12-17 17:43:02 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\mozilla\Firefox\Profiles\ii3x6mel.default\extensions [2010-07-04 19:09:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rybcia\AppData\Roaming\mozilla\Firefox\Profiles\ii3x6mel.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-17 17:17:41 | 000,001,860 | ---- | M] () -- C:\Users\Rybcia\AppData\Roaming\Mozilla\FireFox\Profiles\ii3x6mel.default\searchplugins\search.xml [2010-04-08 10:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-24 08:56:09 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-24 08:56:09 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-24 08:56:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-24 08:56:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-24 08:56:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-24 08:56:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [GProton] C:\ProgramData\GProton.exe () O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Rybcia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Rybcia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6882f5d7-f879-11df-ba69-001d924bb02a}\Shell\AutoRun\command - "" = K:\urDrive.exe -- File not found O33 - MountPoints2\{7e99e2c1-feb4-11dd-81a2-001d924bb02a}\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-12-17 17:14:20 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\logi [2010-12-17 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-12-17 14:43:30 | 000,000,000 | ---D | C] -- C:\rsit [2010-12-16 17:35:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-12-16 17:34:24 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010-12-16 17:34:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010-12-16 17:34:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010-12-16 17:34:10 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010-12-16 17:34:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010-12-16 17:34:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010-12-16 17:33:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-12-16 17:33:38 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-12-16 17:33:37 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-12-16 17:33:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-12-16 17:33:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-12-16 17:33:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010-12-16 17:33:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-12-16 17:33:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-12-16 17:33:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-12-16 17:33:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-12-16 17:33:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-12-16 17:33:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-12-16 17:33:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-12-16 17:33:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-12-16 17:33:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010-12-16 17:33:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010-12-16 17:33:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-12-11 14:36:23 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\et [2010-12-07 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\AppData\Roaming\Malwarebytes [2010-12-07 18:28:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-12-07 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-12-07 18:28:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-12-07 18:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-12-07 18:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-27 09:05:45 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\etpro [2010-11-26 23:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory [2010-11-20 14:14:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010-11-20 14:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-11-17 18:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-11-12 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive [2010-11-12 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Zumas Revenge! - Adventure [2010-10-27 18:19:44 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010-10-27 18:19:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010-10-27 18:19:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010-10-19 16:51:35 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Documents\Nowy folder [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-12-17 17:42:34 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job [2010-12-17 17:40:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-12-17 17:18:24 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010-12-17 17:16:45 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac607f4664228.job [2010-12-17 17:16:30 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AWC Update.job [2010-12-17 17:16:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-12-17 17:16:27 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-12-17 17:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-12-17 12:43:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-12-17 09:44:47 | 000,228,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-12-07 18:28:38 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-12-06 16:28:39 | 000,144,384 | ---- | M] () -- C:\Users\Rybcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-04 12:26:55 | 000,000,224 | ---- | M] () -- C:\Users\Rybcia\Documents\PDVD_MediaDisc.PlayList [2010-12-04 11:19:15 | 007,793,152 | RHS- | M] () -- C:\ProgramData\GProton.exe [2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-11-26 23:47:35 | 000,000,869 | ---- | M] () -- C:\Users\Rybcia\Desktop\Wolfenstein - Enemy Territory.lnk [2010-11-25 13:03:27 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-11-25 13:03:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-25 13:03:27 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-11-25 13:03:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-20 14:16:27 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010-11-20 14:16:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010-11-13 13:10:31 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Zumas Revenge! - Adventure.lnk [2010-11-13 13:10:30 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Download Free Full Mini Games.lnk [2010-11-12 20:00:45 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Rybcia.job [2010-11-04 19:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010-11-04 19:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010-11-04 19:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010-11-02 06:58:38 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-11-02 06:58:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-11-02 06:58:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-11-02 06:57:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010-11-02 06:57:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-11-02 06:57:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-11-02 06:57:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-11-02 06:57:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-11-02 06:57:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-11-02 06:57:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-11-02 06:57:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010-11-02 06:57:04 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-11-02 06:01:31 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010-11-02 05:26:10 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-11-02 05:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-11-02 05:25:18 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-11-02 05:24:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-10-28 14:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-10-23 16:36:04 | 109,384,614 | ---- | M] () -- C:\Users\Rybcia\Documents\LO.10.2010.pdf [2010-10-19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-07 18:28:38 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-12-04 12:26:55 | 000,000,224 | ---- | C] () -- C:\Users\Rybcia\Documents\PDVD_MediaDisc.PlayList [2010-12-04 11:19:17 | 007,793,152 | RHS- | C] () -- C:\ProgramData\GProton.exe [2010-11-26 23:47:35 | 000,000,869 | ---- | C] () -- C:\Users\Rybcia\Desktop\Wolfenstein - Enemy Territory.lnk [2010-11-20 14:16:27 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010-11-12 18:44:00 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Zumas Revenge! - Adventure.lnk [2010-11-12 18:43:59 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Download Free Full Mini Games.lnk [2010-10-23 16:19:55 | 109,384,614 | ---- | C] () -- C:\Users\Rybcia\Documents\LO.10.2010.pdf [2009-10-22 08:55:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-18 18:39:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-04-25 21:05:30 | 000,000,163 | ---- | C] () -- C:\Windows\disney.ini [2009-02-19 19:43:37 | 000,026,340 | ---- | C] () -- C:\Users\Rybcia\AppData\Roaming\UserTile.png [2009-02-07 19:16:07 | 000,477,696 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-02-03 09:35:24 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI [2009-01-23 14:35:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-01-17 16:42:33 | 000,144,384 | ---- | C] () -- C:\Users\Rybcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-11 18:51:30 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009-01-05 12:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2009-01-05 12:35:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2009-01-05 12:35:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2009-01-05 12:26:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009-01-05 12:19:51 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2009-01-05 12:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2009-01-05 12:13:53 | 000,010,511 | ---- | C] () -- C:\Windows\lg_up.ini [2009-01-05 12:13:17 | 000,000,979 | ---- | C] () -- C:\Windows\lgcenter.ini [2009-01-05 12:10:21 | 000,001,356 | ---- | C] () -- C:\Users\Rybcia\AppData\Local\d3d9caps.dat [2008-02-11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2006-11-02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004-06-09 21:38:01 | 000,184,320 | ---- | C] () -- C:\Windows\System32\JPeg32.dll [color=#E56717]========== LOP Check ==========[/color] [2009-09-24 11:02:19 | 000,000,000 | -HSD | M] -- C:\Users\Rybcia\AppData\Roaming\.# [2009-01-23 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools [2009-01-23 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools Lite [2009-11-12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools Pro [2010-05-14 14:01:46 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\GameHouse [2009-11-18 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\IObit [2009-02-19 19:43:25 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\PeerNetworking [2010-05-30 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\Tlen.pl [2010-12-17 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\uTorrent [2010-12-17 17:18:24 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job [2010-12-17 17:16:30 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job [2010-12-17 12:43:20 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-12-17 17:42:34 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-04-11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007-02-03 11:26:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010-05-30 12:24:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-12-07 19:57:25 | 000,007,568 | ---- | M] () -- C:\mksbasel.cpp.log [2010-05-30 12:24:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-12-17 17:16:05 | 3525,914,624 | -HS- | M] () -- C:\pagefile.sys [2009-01-05 12:24:02 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2009-01-05 12:39:37 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2009-01-05 12:39:37 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2009-01-05 12:39:37 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009-01-05 12:43:19 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2009-01-05 12:43:19 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2009-02-08 00:29:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009-02-08 00:29:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2009-02-08 00:29:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2009-02-08 00:29:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 09:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2009-01-05 12:46:16 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=4297773D4D54B2D309DE85233E5B82EE -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20504_none_a66e8748380286ff\ndis.sys [2008-01-19 08:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Rybcia\Desktop\Joga dla poczÄ…tkujacych_xvid.avi:TOC.WMV < End of report > [/log] Mam nadzieje że wszystko zrobiłem jak należy. Prosze o pomoc w usunięciu tego problemu.
Tomek01 komentarz 17 grudnia 2010 komentarz 17 grudnia 2010 Zmień Avasta na innego antywirusa. Ja używam Aviry, zresztą nie tylko ja W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/" O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [GProton] C:\ProgramData\GProton.exe () :Files C:\ProgramData\GProton.exe C:\Users\Rybcia\AppData\Roaming\.# C:\Windows\tasks\AWC Startup.job C:\Windows\tasks\AWC Update.job :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17}=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "GProton"=- :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT
leon_w komentarz 18 grudnia 2010 Autor komentarz 18 grudnia 2010 Po wykonaniu skryptu program się zwiesił, więc wykonałem go drugi raz. Tym razem wszystko poszło jak należy. Ze stroną startową już jest wszystko ok. [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-1486510819-589907670-3929606539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GProton not found. File C:\ProgramData\GProton.exe not found. ========== FILES ========== File\Folder C:\ProgramData\GProton.exe not found. File\Folder C:\Users\Rybcia\AppData\Roaming\.# not found. File\Folder C:\Windows\tasks\AWC Startup.job not found. File\Folder C:\Windows\tasks\AWC Update.job not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GProton not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Public User: Rybcia ->Temp folder emptied: 484245 bytes ->Temporary Internet Files folder emptied: 51252254 bytes ->Java cache emptied: 48295381 bytes ->FireFox cache emptied: 54796578 bytes ->Flash cache emptied: 6576 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1326240 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24543788 bytes RecycleBin emptied: 202082 bytes Total Files Cleaned = 173,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12182010_100515 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Rybcia at 2010-12-18 20:08:24 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 15 GB (24%) free of 61 GB Total RAM: 3063 MB (61% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:08:51, on 2010-12-18 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\lg_swupdate\GiljabiStart.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Winamp\winampa.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\VM303_STI.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\p2phost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Rybcia\Downloads\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\trend micro\Rybcia.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10795 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac607f4664228.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Rybcia.job C:\Windows\tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "LG Intelligent Update"=C:\Program Files\lg_swupdate\giljabistart.exe [2009-04-23 251184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-20 4493312] "Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1021224] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-24 107112] "osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-10-27 22696] "MGSysCtrl"=C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe [2007-07-06 565248] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480] "InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [2006-11-24 112320] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-25 77824] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "BigDog303"=C:\Windows\VM303_STI.EXE [2006-01-24 61440] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520] "Komunikator"=C:\Program Files\Tlen.pl\tlen.exe [2009-01-17 5853672] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-13 319792] "CollaborationHost"=C:\Windows\system32\p2phost.exe [2008-01-19 192000] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-02-11 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-12-18 09:36:05 ----D---- C:\_OTL 2010-12-17 14:43:31 ----D---- C:\Program Files\trend micro 2010-12-17 14:43:30 ----D---- C:\rsit 2010-12-16 17:35:06 ----A---- C:\Windows\system32\tzres.dll 2010-12-16 17:34:24 ----A---- C:\Windows\system32\win32k.sys 2010-12-16 17:34:13 ----A---- C:\Windows\system32\schedsvc.dll 2010-12-16 17:34:12 ----A---- C:\Windows\system32\taskschd.dll 2010-12-16 17:34:11 ----A---- C:\Windows\system32\wmicmiplugin.dll 2010-12-16 17:34:10 ----A---- C:\Windows\system32\taskeng.exe 2010-12-16 17:34:10 ----A---- C:\Windows\system32\taskcomp.dll 2010-12-16 17:34:04 ----A---- C:\Windows\system32\consent.exe 2010-12-16 17:34:00 ----A---- C:\Windows\system32\fontsub.dll 2010-12-16 17:34:00 ----A---- C:\Windows\system32\atmlib.dll 2010-12-16 17:34:00 ----A---- C:\Windows\system32\atmfd.dll 2010-12-16 17:33:47 ----A---- C:\Windows\system32\iertutil.dll 2010-12-16 17:33:46 ----A---- C:\Windows\system32\mshtml.dll 2010-12-16 17:33:45 ----A---- C:\Windows\system32\mstime.dll 2010-12-16 17:33:45 ----A---- C:\Windows\system32\ieframe.dll 2010-12-16 17:33:38 ----A---- C:\Windows\system32\ie4uinit.exe 2010-12-16 17:33:37 ----A---- C:\Windows\system32\wininet.dll 2010-12-16 17:33:37 ----A---- C:\Windows\system32\urlmon.dll 2010-12-16 17:33:37 ----A---- C:\Windows\system32\msfeeds.dll 2010-12-16 17:33:36 ----A---- C:\Windows\system32\msfeedssync.exe 2010-12-16 17:33:36 ----A---- C:\Windows\system32\iedkcs32.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\occache.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\mshtmled.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\ieUnatt.exe 2010-12-16 17:33:35 ----A---- C:\Windows\system32\ieui.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iesysprep.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iesetup.dll 2010-12-16 17:33:35 ----A---- C:\Windows\system32\iepeers.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\licmgr10.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\jsproxy.dll 2010-12-16 17:33:34 ----A---- C:\Windows\system32\iernonce.dll 2010-12-07 18:33:56 ----D---- C:\Users\Rybcia\AppData\Roaming\Malwarebytes 2010-12-07 18:28:37 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-12-07 18:28:36 ----D---- C:\ProgramData\Malwarebytes 2010-12-07 18:28:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-12-07 18:28:32 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-12-07 18:07:43 ----D---- C:\Program Files\SkanerOnline 2010-11-26 23:47:03 ----D---- C:\Program Files\Wolfenstein - Enemy Territory 2010-11-20 14:13:21 ----D---- C:\ProgramData\Alwil Software ======List of files/folders modified in the last 1 months====== 2010-12-18 20:08:01 ----D---- C:\Windows\Temp 2010-12-18 20:00:44 ----D---- C:\Users\Rybcia\AppData\Roaming\uTorrent 2010-12-18 10:08:31 ----D---- C:\Windows\System32 2010-12-18 09:36:14 ----D---- C:\Windows\Tasks 2010-12-18 09:36:12 ----HD---- C:\ProgramData 2010-12-18 09:36:12 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-12-17 15:07:33 ----D---- C:\Windows\Prefetch 2010-12-17 15:07:27 ----D---- C:\Windows\system32\catroot2 2010-12-17 15:07:23 ----SHD---- C:\System Volume Information 2010-12-17 14:43:31 ----RD---- C:\Program Files 2010-12-17 09:55:49 ----D---- C:\Windows\winsxs 2010-12-17 09:42:39 ----D---- C:\Program Files\Windows Mail 2010-12-17 09:42:38 ----D---- C:\Program Files\Internet Explorer 2010-12-17 09:42:37 ----D---- C:\Windows\system32\migration 2010-12-17 09:36:03 ----D---- C:\Windows\rescache 2010-12-17 09:25:02 ----D---- C:\Windows\system32\pl-PL 2010-12-17 09:24:29 ----D---- C:\Windows\system32\catroot 2010-12-16 17:25:19 ----A---- C:\Windows\system32\mrt.exe 2010-12-07 18:28:37 ----D---- C:\Windows\system32\drivers 2010-12-07 18:07:44 ----SD---- C:\Windows\Downloaded Program Files 2010-11-25 13:04:20 ----D---- C:\Users\Rybcia\AppData\Roaming\Mozilla 2010-11-25 13:03:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-25 13:03:26 ----D---- C:\Windows\inf 2010-11-20 14:19:11 ----D---- C:\Program Files\Alwil Software 2010-11-20 14:16:06 ----SHD---- C:\Windows\Installer 2010-11-20 14:14:51 ----D---- C:\Windows ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680] R0 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2005-12-05 20640] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-01-23 717296] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-02-27 371248] R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20090415.001\IDSvix86.sys [2009-02-09 272432] R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-11-26 36776] R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-11-26 38440] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-22 1788056] R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-07-03 9088] R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090421.006\NAVENG.SYS [2009-03-16 89104] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090421.006\NAVEX15.SYS [2009-03-16 876144] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-02 124464] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408] R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-11-26 118952] S3 a7zzkj7p;a7zzkj7p; C:\Windows\system32\drivers\a7zzkj7p.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 ZSMC303;VIMICRO USB PC Camera (VC0303); C:\Windows\System32\Drivers\usbVM303.sys [2006-02-23 391300] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-24 194240] R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728] R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 NishService;Evil Driver Daemon; C:\Program Files\LG Software\System Control Manager\edd.exe [2006-03-02 40960] R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024] R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-02-07 1251720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664] S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-13 182768] S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-10-27 80552] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-11-24 2541248] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- [/log] [log]OTL logfile created on: 2010-12-18 10:23:06 - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Rybcia\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 14,29 Gb Free Space | 23,82% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 41,36 Gb Free Space | 68,94% Space Free | Partition Type: NTFS Drive E: | 28,05 Gb Total Space | 17,73 Gb Free Space | 63,21% Space Free | Partition Type: NTFS Computer Name: RYBCIA-PC | User Name: Rybcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-12-17 14:39:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rybcia\Downloads\OTL.exe PRC - [2010-11-04 17:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-08-17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-10-11 04:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-15 13:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-25 21:08:08 | 000,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2009-04-23 05:26:01 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe PRC - [2009-04-11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 07:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 07:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe PRC - [2009-04-11 07:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-04-11 07:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 07:27:59 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe PRC - [2009-04-11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 07:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-02-11 19:13:12 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2008-02-11 19:13:10 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008-02-11 19:13:08 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008-02-11 19:13:02 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2008-01-19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 08:33:19 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe PRC - [2008-01-19 08:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 08:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-11-26 14:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-11-26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-11-26 14:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-09-15 01:50:54 | 001,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007-07-06 13:44:04 | 000,565,248 | ---- | M] (MSI) -- C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe PRC - [2007-06-20 08:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-05-31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe PRC - [2007-05-14 03:54:36 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-03-14 21:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PRC - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe PRC - [2006-11-24 13:03:34 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006-11-24 13:03:34 | 000,112,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE PRC - [2006-10-24 23:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006-09-20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2006-03-10 18:45:12 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2006-03-02 16:43:24 | 000,040,960 | ---- | M] () -- C:\Program Files\LG Software\System Control Manager\edd.exe PRC - [2006-01-24 22:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-12-17 14:39:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Rybcia\Downloads\OTL.exe MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-07-26 16:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-06-28 18:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 17:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-09-24 23:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-17 14:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 15:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 15:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 13:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 07:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 07:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 07:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 07:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 07:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 07:28:24 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-11 07:28:24 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-04-11 07:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 07:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 07:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 07:28:23 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-04-11 07:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 07:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 07:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 07:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 07:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 07:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 07:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 07:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 07:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 07:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 07:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 07:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-11 07:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2008-01-19 08:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 08:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 08:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 08:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-19 08:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 08:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-02-07 21:54:33 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-11-26 14:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007-05-31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash) SRV - [2006-11-24 13:03:34 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006-11-24 13:03:34 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2006-10-27 00:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006-10-24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006-09-20 18:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006-03-02 16:43:24 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\LG Software\System Control Manager\edd.exe -- (NishService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-04-11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-04-02 17:07:56 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009-03-16 09:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090421.006\NAVEX15.SYS -- (NAVEX15) DRV - [2009-03-16 09:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090421.006\NAVENG.SYS -- (NAVENG) DRV - [2009-02-27 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009-02-27 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009-02-09 23:59:20 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ids-diskless\20090415.001\IDSvix86.sys -- (IDSvix86) DRV - [2009-01-23 14:35:40 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-01-13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-10-03 13:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2008-10-03 13:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2008-10-03 13:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2008-10-03 13:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2008-10-03 13:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2008-10-03 13:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2008-02-11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007-11-30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007-11-30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007-11-30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007-11-26 14:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-11-26 14:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-11-26 14:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-09-15 01:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007-06-22 09:34:12 | 001,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-04-03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2007-04-02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2007-03-05 20:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-11-28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006-11-02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-10-06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006-07-03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-02-23 00:30:00 | 000,391,300 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303) VIMICRO USB PC Camera (VC0303) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-24 08:56:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-24 08:56:46 | 000,000,000 | ---D | M] [2010-04-08 10:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\mozilla\Extensions [2010-12-17 17:43:02 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\mozilla\Firefox\Profiles\ii3x6mel.default\extensions [2010-07-04 19:09:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rybcia\AppData\Roaming\mozilla\Firefox\Profiles\ii3x6mel.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-18 09:29:23 | 000,001,860 | ---- | M] () -- C:\Users\Rybcia\AppData\Roaming\Mozilla\FireFox\Profiles\ii3x6mel.default\searchplugins\search.xml [2010-04-08 10:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-24 08:56:09 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-24 08:56:09 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-24 08:56:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-24 08:56:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-24 08:56:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-24 08:56:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKU\S-1-5-21-1486510819-589907670-3929606539-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Rybcia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Rybcia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6882f5d7-f879-11df-ba69-001d924bb02a}\Shell\AutoRun\command - "" = K:\urDrive.exe -- File not found O33 - MountPoints2\{7e99e2c1-feb4-11dd-81a2-001d924bb02a}\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-12-18 09:36:05 | 000,000,000 | ---D | C] -- C:\_OTL [2010-12-17 17:14:20 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\logi [2010-12-17 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-12-17 14:43:30 | 000,000,000 | ---D | C] -- C:\rsit [2010-12-16 17:35:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-12-16 17:34:24 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010-12-16 17:34:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010-12-16 17:34:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010-12-16 17:34:10 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010-12-16 17:34:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010-12-16 17:34:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010-12-16 17:33:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-12-16 17:33:38 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-12-16 17:33:37 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-12-16 17:33:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-12-16 17:33:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-12-16 17:33:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010-12-16 17:33:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-12-16 17:33:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-12-16 17:33:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-12-16 17:33:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-12-16 17:33:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-12-16 17:33:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-12-16 17:33:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-12-16 17:33:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-12-16 17:33:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010-12-16 17:33:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010-12-16 17:33:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-12-11 14:36:23 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\et [2010-12-07 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\AppData\Roaming\Malwarebytes [2010-12-07 18:28:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-12-07 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-12-07 18:28:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-12-07 18:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-12-07 18:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-11-27 09:05:45 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Desktop\etpro [2010-11-26 23:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory [2010-11-20 14:14:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010-11-20 14:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-11-17 18:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-11-12 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive [2010-11-12 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Zumas Revenge! - Adventure [2010-10-27 18:19:44 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010-10-27 18:19:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010-10-27 18:19:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010-10-19 16:51:35 | 000,000,000 | ---D | C] -- C:\Users\Rybcia\Documents\Nowy folder [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-12-18 10:15:42 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job [2010-12-18 10:10:16 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac607f4664228.job [2010-12-18 10:10:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-12-18 10:10:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-12-18 10:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-12-18 10:09:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-12-18 09:40:14 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-12-17 21:20:22 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Rybcia.job [2010-12-17 09:44:47 | 000,228,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-12-07 18:28:38 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-12-06 16:28:39 | 000,144,384 | ---- | M] () -- C:\Users\Rybcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-04 12:26:55 | 000,000,224 | ---- | M] () -- C:\Users\Rybcia\Documents\PDVD_MediaDisc.PlayList [2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-11-26 23:47:35 | 000,000,869 | ---- | M] () -- C:\Users\Rybcia\Desktop\Wolfenstein - Enemy Territory.lnk [2010-11-25 13:03:27 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-11-25 13:03:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-25 13:03:27 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-11-25 13:03:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-20 14:16:27 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010-11-20 14:16:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010-11-13 13:10:31 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Zumas Revenge! - Adventure.lnk [2010-11-13 13:10:30 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Download Free Full Mini Games.lnk [2010-11-04 19:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010-11-04 19:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010-11-04 19:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010-11-02 06:58:38 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010-11-02 06:58:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010-11-02 06:58:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010-11-02 06:57:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010-11-02 06:57:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010-11-02 06:57:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010-11-02 06:57:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010-11-02 06:57:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010-11-02 06:57:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010-11-02 06:57:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010-11-02 06:57:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010-11-02 06:57:04 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010-11-02 06:01:31 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010-11-02 05:26:10 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010-11-02 05:25:52 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010-11-02 05:25:18 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010-11-02 05:24:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010-10-28 14:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-10-23 16:36:04 | 109,384,614 | ---- | M] () -- C:\Users\Rybcia\Documents\LO.10.2010.pdf [2010-10-19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-07 18:28:38 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-12-04 12:26:55 | 000,000,224 | ---- | C] () -- C:\Users\Rybcia\Documents\PDVD_MediaDisc.PlayList [2010-11-26 23:47:35 | 000,000,869 | ---- | C] () -- C:\Users\Rybcia\Desktop\Wolfenstein - Enemy Territory.lnk [2010-11-20 14:16:27 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010-11-12 18:44:00 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Zumas Revenge! - Adventure.lnk [2010-11-12 18:43:59 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Download Free Full Mini Games.lnk [2010-10-23 16:19:55 | 109,384,614 | ---- | C] () -- C:\Users\Rybcia\Documents\LO.10.2010.pdf [2009-10-22 08:55:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-18 18:39:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-04-25 21:05:30 | 000,000,163 | ---- | C] () -- C:\Windows\disney.ini [2009-02-19 19:43:37 | 000,026,340 | ---- | C] () -- C:\Users\Rybcia\AppData\Roaming\UserTile.png [2009-02-07 19:16:07 | 000,477,696 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-02-03 09:35:24 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI [2009-01-23 14:35:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-01-17 16:42:33 | 000,144,384 | ---- | C] () -- C:\Users\Rybcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-11 18:51:30 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009-01-05 12:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2009-01-05 12:35:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2009-01-05 12:35:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2009-01-05 12:26:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009-01-05 12:19:51 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2009-01-05 12:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2009-01-05 12:13:53 | 000,010,511 | ---- | C] () -- C:\Windows\lg_up.ini [2009-01-05 12:13:17 | 000,000,979 | ---- | C] () -- C:\Windows\lgcenter.ini [2009-01-05 12:10:21 | 000,001,356 | ---- | C] () -- C:\Users\Rybcia\AppData\Local\d3d9caps.dat [2008-02-11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2006-11-02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004-06-09 21:38:01 | 000,184,320 | ---- | C] () -- C:\Windows\System32\JPeg32.dll [color=#E56717]========== LOP Check ==========[/color] [2009-01-23 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools [2009-01-23 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools Lite [2009-11-12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\DAEMON Tools Pro [2010-05-14 14:01:46 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\GameHouse [2009-11-18 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\IObit [2009-02-19 19:43:25 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\PeerNetworking [2010-05-30 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\Tlen.pl [2010-12-18 10:14:17 | 000,000,000 | ---D | M] -- C:\Users\Rybcia\AppData\Roaming\uTorrent [2010-12-18 10:09:05 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-12-18 10:15:42 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E54434B2-2155-4FA7-A0F1-D8891CE248BA}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Rybcia\Desktop\Joga dla poczÄ…tkujacych_xvid.avi:TOC.WMV < End of report > [/log] Dziękuje za pomoc.
Tomek01 komentarz 18 grudnia 2010 komentarz 18 grudnia 2010 Jeszcze wklej do OTL: [code]:OTL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ [Emptytemp][/code] RunFix... Teraz już czysto. W OTL użyj funkcji CleanUp.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.